alainj77

Bonsoir Plus personne pour me dire ce que je dois faire suite à cette analyse? Merci d'avance

Bonjour à vous deux Je vois que certains sont encore plus matinaux que moi. Pour Microsoft Windows OneCare Live ce n'est pas la version d'essai mais la payante. J'ai donc suprimé Antivir puisque je ne peux arrêter ni l'un ni l'autre sans passer par la suppression. Pour Panda c'est une ancienne version de l'antivirus, mais je ne sais plus laquelle. Pour BTFix voici le rapport obtenu en mode sans echec puisqu'en normal il ne marchait pas : BTFix 1.064 (par bibi26) - 04/12/2007 05:44:48 - Analyse Lancé depuis C:\Documents and Settings\CFA\Bureau\BTFix\BTFix\BTFix.exe ---> Fichiers/Dossiers trouvés - C:\Program Files\GamesBar - C:\Documents and Settings\CFA\Application Data\HbTools - C:\Documents and Settings\All Users\Application Data\GamesBar - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SmartShopper - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GamesBar ---> Analyse terminée Merci de votre aide

Bonsoir J'ai fait toutes les manips recommandées sauf pour http://secunia.com/software_inspector/ Le micro n'a plus accès à Internet donc je ne peux pas exécuter de programme en ligne. Mais bon pour les logs non sécurisés côté version je vais laisser tomber. Par contre il y a bien un antivirus (peut-être pas très bon j'en conviens puique celui de Microsoft) : C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe et un firewall de même : C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe Je n'ai pas désinstallé Antivir pour l'instant mais ça ne pose pas trop de problème puisque je ne vais pas sur Internet. Je poste un nouveau raport Hijackthis réalisé après toutes mes manips : Logfile of HijackThis v1.99.1 Scan saved at 19:53:07, on 03/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\PROGRA~1\MESSAG~1\Demon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SYSTEM32\taskmgr.exe C:\Program Files\Hijachthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NAV_Update] C:\NAV_Update.exe O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.2.1\HbtOEAddOn.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll (file missing) O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sabrina8121988.spaces.live.com//Pho...ad/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://ssl.tele2.com/inc/accounthelper.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Blink Service - Unknown owner - C:\Program Files\Blink\blink.exe" "C:\Program Files\Blink\blink.dll" Service (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing) O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe Si je dois virer tout ce qui est Microsoft dis le moi Merci d'avance

Bonjour à tous J'ai un petit problème : mon PC se bloque au bout d'un temps d'utilisation variable (ça va de 10 min à 1 heure). J'ai analysé avec S&D Search and Destroy et avec AdAware. Cependant j'aimerais être sûr que cela ne vient pas d'un autre outil malveillant. Je vous joint un rapport HijackThis. Pouvez-vous me dire si vous voyez quelque chose de bizarre? Logfile of HijackThis v1.99.1 Scan saved at 12:47:38, on 03/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe C:\Program Files\Microsoft Windows OneCare Live\winss.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\MESSAG~1\Demon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Documents and Settings\CATHERINE FERREIRA\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NAV_Update] C:\NAV_Update.exe O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.7.2.1\HbtOEAddOn.exe O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll (file missing) O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.0.20\SmrtShpr.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Go to Blink - {95F6242A-62E4-4756-892F-F5D5D399CA25} - C:\Program Files\Blink\home.js O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://sabrina8121988.spaces.live.com//Pho...ad/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - https://ssl.tele2.com/inc/accounthelper.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Blink Service - Unknown owner - C:\Program Files\Blink\blink.exe" "C:\Program Files\Blink\blink.dll" Service (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing) O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe Merci d'avance de votre réponse Alain

Re 1 - Tous les progs sont suprimés 2 - Restauration système vidée 3 - Recommandations : je les lui donne pour qu'il puisse s'en servir 4 - Je le fais demain (pas trop le temps aujourd'hui) 5 - Je le fais de suite 6 - je lui ai créé un point de restauration au cas où Merci de toute ton aide. J'espère que je ne me ferais pas moi infecter, j'essaye de bien me protéger mais on ne sait jamais. Si tel était le cas, je n'hésiterai pas à revenir te demander ton aide si efficace.

Re Bon vous l'avez bien mérité tous les 2 et ce soir Pour la désisntallation si j'avais su je me serai pas tapé ça manuellement, mais j'ai quand même passé ToolsCleaner et je joins le rapport : ********ToolsCleaner! (A.Rothstein)******** Nettoyage commence le 21/08/2007 a 14:50:03,96 *************************************** Aucuns Programmes trouves! *************************************** Fin le 21/08/2007 a 14:50:04,14 Merci d'avoir utilise ToolsCleaner! Je ne dirai qu'un mot BRAVO Merci à WawaSeb et à S!Ri pour leur patience et leur intervention plus qu'efficace. Je souhaite que ce forum continue d'exister pour pouvoir aider tous ceux qui se retrouvent avec toutes ces 4bêtes' récupérées sur Internet.

Re Bon cette fois ci j'ai pris le bon et apparemment ça marche mieux effectivement. Rapport de SmitFraudFix SmitFraudFix v2.214 Rapport fait à 13:51:06,17, 21/08/2007 Executé à partir de D:\Documents and Settings\GEORGES.115179860314\Bureau\desinfection\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés Problème suppression C:\WINDOWS\system32\Delete_Me_Dummy_hanonvt.ini »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E4A506F-FCEC-4550-802D-675337D637F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Reboot C:\WINDOWS\system32\Delete_Me_Dummy_hanonvt.ini supprimé »»»»»»»»»»»»»»»»»»»»»»»» Fin Rapport Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 13:55:39, on 21/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\Documents and Settings\GEORGES.115179860314\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [E06FXLRD_7674218] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Je crois que cette fois vous l'avez eu

Re bonjour Et le revoilou, il est toujours là. Mais SmitFraudFix ne m'a pas demandé d'enlever de fichier infecté. Rapport SmitFraudFix SmitFraudFix v2.212 Rapport fait à 12:46:27,93, 21/08/2007 Executé à partir de D:\Documents and Settings\GEORGES.115179860314\Bureau\desinfection\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E4A506F-FCEC-4550-802D-675337D637F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Rapport Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 12:53:10, on 21/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe D:\Documents and Settings\GEORGES.115179860314\Bureau\HijackThis.exe C:\WINDOWS\system32\WgaTray.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [E06FXLRD_7674218] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Re bonjour J'ai dans le doute quand même fait l'étape5 dont voici le rapport ComboFix 07-08-17.2 - "GEORGES" 2007-08-21 9:07:21.2 - NTFSx86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.508 [GMT 2:00] Command switches used :: D:\Documents and Settings\GEORGES.115179860314\Bureau\desinfection\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\vtr114.dll C:\WINDOWS\system32\hanonvt.ini C:\WINDOWS\Tasks\Norton Security Scan.job C:\Program Files\Norton Security Scan\Nss.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Norton Security Scan\Nss.exe C:\WINDOWS\system32\hanonvt.ini C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\vtr114.dll C:\WINDOWS\Tasks\Norton Security Scan.job ((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 ))))))))))))))))))))))))))))))) 2007-08-20 14:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-19 17:28 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-19 16:57 <REP> d-------- C:\19-08-2007 2007-08-19 14:30 <REP> d-------- C:\Program Files\Navilog1 2007-08-17 10:15 786,432 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Mes documents 2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Favoris 2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Bureau 2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\ModŠles 2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver 2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec 2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Real 2007-08-17 09:52 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-17 09:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-07-24 13:59 <REP> d-------- C:\CH_ROCKS 2007-07-21 18:00 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom 2007-07-21 12:02 <REP> d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\InstallShield (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-21 09:09 --------- d-------- C:\Program Files\Norton Security Scan 2007-08-18 09:47 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\Skype 2007-08-18 05:44 --------- d-------- C:\Program Files\Microsoft Digital Image 10 2007-08-18 05:44 --------- d-------- C:\Program Files\Messenger 2007-08-18 05:44 --------- d-------- C:\Program Files\DesignPro 2007-08-18 05:44 --------- d-------- C:\Program Files\AOL 9.0 2007-08-17 09:52 --------- d-------- C:\Program Files\Lavasoft 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-22 19:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-17 10:28 --------- d-------- C:\Program Files\MSXML 6.0 2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-10 10:34 745547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr 2007-07-09 22:53 --------- d-------- C:\Program Files\IEFavorisExport10 2007-07-07 22:27 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\OpenOffice.org2 2007-07-06 18:09 --------- d-------- C:\Program Files\Google 2007-07-06 13:09 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\Talkback 2007-06-27 15:24 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 15:24 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 15:24 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 15:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 15:24 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 15:24 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 15:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 15:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 15:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 15:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 15:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 15:23 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 15:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 15:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 15:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 15:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 15:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 15:22 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 15:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:09 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-23 19:51 4 --a------ C:\WINDOWS\info147.sys 2007-06-23 19:51 --------- d-------- C:\Program Files\Vg 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe 2007-06-13 15:22 1037312 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll 2006-12-12 22:43 770048 --a------ C:\Program Files\autostitch.exe 2005-05-11 23:36 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00] "VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 21:04 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "adiras"="adiras.exe" [] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-14 13:40] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-14 13:35] "Picasa Media Detector"="D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-14 18:39] "E06FXLRD_7674218"="D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.exe" [2005-06-04 18:03] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 12:56] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59] D:\Documents and Settings\GEORGES.115179860314\Menu D‚marrer\Programmes\D‚marrage\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys S3 Via4in1;Via4in1;\??\C:\Via4in1.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b30941-d389-11da-bbb5-4d6564696130}] AutoRun\command- K:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b30942-d389-11da-bbb5-4d6564696130}] AutoRun\command- L:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fb4fe34-3768-11dc-80b4-00038a000015}] AutoRun\command- J:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ed867b-eb6a-11db-bfa4-00038a000015}] AutoRun\command- J:\InstallTomTomHOME.exe Contents of the 'Scheduled Tasks' folder 2007-08-21 07:00:00 C:\WINDOWS\Tasks\Configurer mon PC.job - C:\Apps\SMP\PCSETUP.EXE 2007-08-21 07:00:00 C:\WINDOWS\Tasks\Extension de garantie.job - C:\APPS\SMP\PBCARNOT.EXE 2007-08-21 07:00:00 C:\WINDOWS\Tasks\Master CD_DVD Creator.job 2007-08-21 05:58:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-21 09:11:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-21 9:15:02 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-21 09:14 C:\ComboFix2.txt ... 2007-08-20 14:18 --- E O F --- plus le rapport Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 09:17:27, on 21/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\GEORGES.115179860314\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [E06FXLRD_7674218] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8B691143-A3DE-4145-9A7A-D6247DE1E3EB}: NameServer = 80.10.246.130 80.10.246.3 O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Re bonjour J'ai dans le doute quand même fait l'étape5 dont voici le rapport ComboFix 07-08-17.2 - "GEORGES" 2007-08-21 9:07:21.2 - NTFSx86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.1.1036.18.508 [GMT 2:00] Command switches used :: D:\Documents and Settings\GEORGES.115179860314\Bureau\desinfection\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\vtr114.dll C:\WINDOWS\system32\hanonvt.ini C:\WINDOWS\Tasks\Norton Security Scan.job C:\Program Files\Norton Security Scan\Nss.exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Norton Security Scan\Nss.exe C:\WINDOWS\system32\hanonvt.ini C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\vtr114.dll C:\WINDOWS\Tasks\Norton Security Scan.job ((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 ))))))))))))))))))))))))))))))) 2007-08-20 14:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-19 17:28 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-19 16:57 <REP> d-------- C:\19-08-2007 2007-08-19 14:30 <REP> d-------- C:\Program Files\Navilog1 2007-08-17 10:15 786,432 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Mes documents 2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Favoris 2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Bureau 2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\ModŠles 2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver 2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec 2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Real 2007-08-17 09:52 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-17 09:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-07-24 13:59 <REP> d-------- C:\CH_ROCKS 2007-07-21 18:00 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom 2007-07-21 12:02 <REP> d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\InstallShield (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-21 09:09 --------- d-------- C:\Program Files\Norton Security Scan 2007-08-18 09:47 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\Skype 2007-08-18 05:44 --------- d-------- C:\Program Files\Microsoft Digital Image 10 2007-08-18 05:44 --------- d-------- C:\Program Files\Messenger 2007-08-18 05:44 --------- d-------- C:\Program Files\DesignPro 2007-08-18 05:44 --------- d-------- C:\Program Files\AOL 9.0 2007-08-17 09:52 --------- d-------- C:\Program Files\Lavasoft 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-22 19:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-17 10:28 --------- d-------- C:\Program Files\MSXML 6.0 2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-10 10:34 745547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr 2007-07-09 22:53 --------- d-------- C:\Program Files\IEFavorisExport10 2007-07-07 22:27 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\OpenOffice.org2 2007-07-06 18:09 --------- d-------- C:\Program Files\Google 2007-07-06 13:09 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\Talkback 2007-06-27 15:24 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 15:24 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 15:24 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 15:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 15:24 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 15:24 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 15:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 15:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 15:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 15:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 15:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 15:23 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 15:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 15:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 15:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 15:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 15:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 15:22 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 15:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:09 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-23 19:51 4 --a------ C:\WINDOWS\info147.sys 2007-06-23 19:51 --------- d-------- C:\Program Files\Vg 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe 2007-06-13 15:22 1037312 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll 2006-12-12 22:43 770048 --a------ C:\Program Files\autostitch.exe 2005-05-11 23:36 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00] "VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 21:04 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "adiras"="adiras.exe" [] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-14 13:40] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-14 13:35] "Picasa Media Detector"="D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-14 18:39] "E06FXLRD_7674218"="D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.exe" [2005-06-04 18:03] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 12:56] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59] D:\Documents and Settings\GEORGES.115179860314\Menu D‚marrer\Programmes\D‚marrage\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys S3 Via4in1;Via4in1;\??\C:\Via4in1.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b30941-d389-11da-bbb5-4d6564696130}] AutoRun\command- K:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b30942-d389-11da-bbb5-4d6564696130}] AutoRun\command- L:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fb4fe34-3768-11dc-80b4-00038a000015}] AutoRun\command- J:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ed867b-eb6a-11db-bfa4-00038a000015}] AutoRun\command- J:\InstallTomTomHOME.exe Contents of the 'Scheduled Tasks' folder 2007-08-21 07:00:00 C:\WINDOWS\Tasks\Configurer mon PC.job - C:\Apps\SMP\PCSETUP.EXE 2007-08-21 07:00:00 C:\WINDOWS\Tasks\Extension de garantie.job - C:\APPS\SMP\PBCARNOT.EXE 2007-08-21 07:00:00 C:\WINDOWS\Tasks\Master CD_DVD Creator.job 2007-08-21 05:58:09 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-21 09:11:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-21 9:15:02 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-08-21 09:14 C:\ComboFix2.txt ... 2007-08-20 14:18 --- E O F --- plus le rapport Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 09:17:27, on 21/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\GEORGES.115179860314\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [E06FXLRD_7674218] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8B691143-A3DE-4145-9A7A-D6247DE1E3EB}: NameServer = 80.10.246.130 80.10.246.3 O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Bonjour Etapes 1,2,3 pas de problème mais pour l'étape 4, je ne trouve pas de dossier magentic, ni de magentic.exe sur C ni sur D d'ailleurs. Je pense que l'étape 5 devient inutile dans ce cas?

Re Ok pour le changement du premier. Excuse moi de ne pas répondre très vite, mais je ne peux faire les manips qu'à la maison et aujourd'hui je n'y suis pas en permanence. Tenace je vais l'être tant que tu m'aides pas de pb. Mais j'espère que ça va servir de leçon au voisin (et peut être à d'autres) de ne pas aller sur Internet sans une protection fiable (anti virus, firewall, anti spyware). Rapport de Combofix ComboFix 07-08-17.2 - "GEORGES" 2007-08-20 14:13:24.1 - NTFSx86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1252.33.1036.18.550 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 ))))))))))))))))))))))))))))))) 2007-08-20 14:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-19 17:28 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-19 16:57 <REP> d-------- C:\19-08-2007 2007-08-19 14:30 <REP> d-------- C:\Program Files\Navilog1 2007-08-19 14:28 3,344 --a------ C:\WINDOWS\system32\tmp.reg 2007-08-17 10:15 786,432 --ah----- D:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Mes documents 2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Menu D‚marrer 2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Favoris 2007-08-17 10:15 <REP> dr------- D:\DOCUME~1\ADMINI~1\Bureau 2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage r‚seau 2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\Voisinage d'impression 2007-08-17 10:15 <REP> d--h----- D:\DOCUME~1\ADMINI~1\ModŠles 2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver 2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec 2007-08-17 10:15 <REP> d-------- D:\DOCUME~1\ADMINI~1\APPLIC~1\Real 2007-08-17 09:52 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-17 09:51 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-08-15 11:49 37,376 --a------ C:\WINDOWS\system32\vtr114.dll 2007-07-24 13:59 <REP> d-------- C:\CH_ROCKS 2007-07-21 18:00 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom 2007-07-21 12:02 <REP> d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\InstallShield (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-18 09:47 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\Skype 2007-08-18 05:44 --------- d-------- C:\Program Files\Microsoft Digital Image 10 2007-08-18 05:44 --------- d-------- C:\Program Files\Messenger 2007-08-18 05:44 --------- d-------- C:\Program Files\DesignPro 2007-08-18 05:44 --------- d-------- C:\Program Files\AOL 9.0 2007-08-17 09:52 --------- d-------- C:\Program Files\Lavasoft 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-22 19:13 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-07-19 08:58 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll 2007-07-17 10:28 --------- d-------- C:\Program Files\MSXML 6.0 2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll 2007-07-10 10:34 745547 --a------ C:\WINDOWS\system32\Magentic Screensaver.scr 2007-07-09 22:53 --------- d-------- C:\Program Files\IEFavorisExport10 2007-07-07 22:27 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\OpenOffice.org2 2007-07-06 18:09 --------- d-------- C:\Program Files\Google 2007-07-06 18:02 --------- d-------- C:\Program Files\Norton Security Scan 2007-07-06 13:09 --------- d-------- D:\DOCUME~1\GEORGE~1.115\APPLIC~1\Talkback 2007-06-27 15:24 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll 2007-06-27 15:24 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll 2007-06-27 15:24 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-06-27 15:24 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll 2007-06-27 15:24 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll 2007-06-27 15:24 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll 2007-06-27 15:24 105984 --------- C:\WINDOWS\system32\dllcache\url.dll 2007-06-27 15:24 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll 2007-06-27 15:23 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-06-27 15:23 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-06-27 15:23 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-06-27 15:23 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll 2007-06-27 15:23 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-06-27 15:23 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-06-27 15:22 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-06-27 15:22 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-06-27 15:22 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-06-27 15:22 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-06-27 15:22 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll 2007-06-27 15:22 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll 2007-06-27 10:28 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe 2007-06-27 10:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-06-27 09:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll 2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-26 08:09 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll 2007-06-23 19:51 4 --a------ C:\WINDOWS\info147.sys 2007-06-23 19:51 --------- d-------- C:\Program Files\Vg 2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 15:32 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll 2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe 2007-06-13 15:22 1037312 --------- C:\WINDOWS\system32\dllcache\explorer.exe 2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll 2006-12-12 22:43 770048 --a------ C:\Program Files\autostitch.exe 2005-05-11 23:36 12288 --a--c--- C:\WINDOWS\Fonts.\RandFont.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00] "VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe] "SoundMan"="SOUNDMAN.EXE" [2005-01-20 21:04 C:\WINDOWS\SOUNDMAN.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "adiras"="adiras.exe" [] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-14 13:40] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-14 13:35] "Picasa Media Detector"="D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe" [] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-14 18:39] "E06FXLRD_7674218"="D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.exe" [2005-06-04 18:03] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 12:56] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59] D:\Documents and Settings\GEORGES.115179860314\Menu D‚marrer\Programmes\D‚marrage\ ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\WINDOWS\system32\hanonvt.ini [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys S3 Via4in1;Via4in1;\??\C:\Via4in1.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b30941-d389-11da-bbb5-4d6564696130}] AutoRun\command- K:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10b30942-d389-11da-bbb5-4d6564696130}] AutoRun\command- L:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fb4fe34-3768-11dc-80b4-00038a000015}] AutoRun\command- J:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ed867b-eb6a-11db-bfa4-00038a000015}] AutoRun\command- J:\InstallTomTomHOME.exe Contents of the 'Scheduled Tasks' folder 2007-08-20 12:00:00 C:\WINDOWS\Tasks\Configurer mon PC.job - C:\Apps\SMP\PCSETUP.EXE 2007-08-20 12:00:00 C:\WINDOWS\Tasks\Extension de garantie.job - C:\APPS\SMP\PBCARNOT.EXE 2007-08-20 12:00:00 C:\WINDOWS\Tasks\Master CD_DVD Creator.job 2007-08-20 12:14:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe 2007-07-06 10:57:26 C:\WINDOWS\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-20 14:16:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-20 14:18:37 --- E O F --- Rapport de gmer : GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-08-20 14:56:31 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile ---- Kernel code sections - GMER 1.0.13 ---- PAGENDSM NDIS.sys!NdisMIndicateStatus F7350A5F 6 Bytes JMP F5A7361C \SystemRoot\system32\drivers\fwdrv.sys ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. ? D:\DOCUME~1\GEORGE~1.115\LOCALS~1\Temp\catchme.sys Le fichier spécifié est introuvable. ---- User code sections - GMER 1.0.13 ---- .text C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe[136] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00990429 .text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe[164] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00890429 .text C:\Program Files\QuickTime\qttask.exe[180] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00980429 .text C:\Program Files\Skype\Phone\Skype.exe[252] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003A0429 .text C:\Program Files\Skype\Phone\Skype.exe[252] WS2_32.dll!connect 719F406A 5 Bytes JMP 003A0526 .text C:\Program Files\Skype\Phone\Skype.exe[252] WS2_32.dll!send 719F428A 5 Bytes JMP 003A05D0 .text C:\Program Files\Skype\Phone\Skype.exe[252] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003A0543 .text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[312] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00390429 .text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[312] WS2_32.dll!connect 719F406A 5 Bytes JMP 00390526 .text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[312] WS2_32.dll!send 719F428A 5 Bytes JMP 003905D0 .text C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe[312] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00390543 .text D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE[340] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003A0429 .text D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE[340] ws2_32.dll!connect 719F406A 5 Bytes JMP 003A0526 .text D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE[340] ws2_32.dll!send 719F428A 5 Bytes JMP 003A05D0 .text D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE[340] ws2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003A0543 .text c:\APPS\HIDSERVICE\HIDSERVICE.exe[360] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00390429 .text C:\WINDOWS\system32\ctfmon.exe[368] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003E0429 .text C:\Program Files\Messenger\msmsgs.exe[376] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003B0429 .text C:\Program Files\Messenger\msmsgs.exe[376] WS2_32.dll!connect 719F406A 5 Bytes JMP 003B0526 .text C:\Program Files\Messenger\msmsgs.exe[376] WS2_32.dll!send 719F428A 5 Bytes JMP 003B05D0 .text C:\Program Files\Messenger\msmsgs.exe[376] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003B0543 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003C0429 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] WS2_32.dll!connect 719F406A 5 Bytes JMP 003C0526 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] WS2_32.dll!send 719F428A 5 Bytes JMP 003C05D0 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[384] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003C0543 .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[412] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 008B0429 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[484] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003D0429 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[484] WS2_32.dll!connect 719F406A 5 Bytes JMP 003D0526 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[484] WS2_32.dll!send 719F428A 5 Bytes JMP 003D05D0 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe[484] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003D0543 .text C:\WINDOWS\system32\winlogon.exe[572] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 004A0429 .text C:\WINDOWS\system32\winlogon.exe[572] WS2_32.dll!connect 719F406A 5 Bytes JMP 004A0526 .text C:\WINDOWS\system32\winlogon.exe[572] WS2_32.dll!send 719F428A 5 Bytes JMP 004A05D0 .text C:\WINDOWS\system32\winlogon.exe[572] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 004A0543 .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 005A0429 .text C:\WINDOWS\system32\services.exe[620] WS2_32.dll!connect 719F406A 5 Bytes JMP 005A0526 .text C:\WINDOWS\system32\services.exe[620] WS2_32.dll!send 719F428A 5 Bytes JMP 005A05D0 .text C:\WINDOWS\system32\services.exe[620] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 005A0543 .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429 .text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526 .text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0 .text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543 .text C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE[752] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 009B0429 .text C:\WINDOWS\system32\svchost.exe[796] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429 .text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526 .text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0 .text C:\WINDOWS\system32\svchost.exe[796] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543 .text C:\WINDOWS\system32\svchost.exe[848] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429 .text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526 .text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0 .text C:\WINDOWS\system32\svchost.exe[848] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543 .text C:\Program Files\Windows Defender\MsMpEng.exe[892] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00570429 .text C:\Program Files\Windows Defender\MsMpEng.exe[892] WS2_32.dll!connect 719F406A 5 Bytes JMP 00570526 .text C:\Program Files\Windows Defender\MsMpEng.exe[892] WS2_32.dll!send 719F428A 5 Bytes JMP 005705D0 .text C:\Program Files\Windows Defender\MsMpEng.exe[892] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00570543 .text C:\WINDOWS\System32\svchost.exe[976] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429 .text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526 .text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0 .text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543 .text C:\WINDOWS\system32\HPZipm12.exe[1068] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00620429 .text C:\WINDOWS\system32\HPZipm12.exe[1068] WS2_32.dll!connect 719F406A 5 Bytes JMP 00620526 .text C:\WINDOWS\system32\HPZipm12.exe[1068] WS2_32.dll!send 719F428A 5 Bytes JMP 006205D0 .text C:\WINDOWS\system32\HPZipm12.exe[1068] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00620543 .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429 .text C:\WINDOWS\system32\svchost.exe[1116] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526 .text C:\WINDOWS\system32\svchost.exe[1116] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0 .text C:\WINDOWS\system32\svchost.exe[1116] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543 .text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429 .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526 .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0 .text C:\WINDOWS\system32\svchost.exe[1168] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543 .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1352] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00970429 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1352] WS2_32.dll!connect 719F406A 5 Bytes JMP 00970526 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1352] WS2_32.dll!send 719F428A 5 Bytes JMP 009705D0 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1352] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00970543 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1404] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003B0429 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1404] WS2_32.dll!connect 719F406A 5 Bytes JMP 003B0526 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1404] WS2_32.dll!send 719F428A 5 Bytes JMP 003B05D0 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1404] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003B0543 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[1480] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003D0429 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[1480] WS2_32.dll!connect 719F406A 5 Bytes JMP 003D0526 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[1480] WS2_32.dll!send 719F428A 5 Bytes JMP 003D05D0 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[1480] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003D0543 .text D:\Documents and Settings\GEORGES.115179860314\Bureau\desinfection\gwennig.exe.exe[1548] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 009F0429 .text C:\WINDOWS\system32\spoolsv.exe[1640] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00920429 .text C:\WINDOWS\system32\spoolsv.exe[1640] WS2_32.dll!connect 719F406A 5 Bytes JMP 00920526 .text C:\WINDOWS\system32\spoolsv.exe[1640] WS2_32.dll!send 719F428A 5 Bytes JMP 009205D0 .text C:\WINDOWS\system32\spoolsv.exe[1640] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00920543 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1768] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00C60429 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1768] WS2_32.dll!connect 719F406A 5 Bytes JMP 00C60526 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1768] WS2_32.dll!send 719F428A 5 Bytes JMP 00C605D0 .text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1768] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00C60543 .text D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1856] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00620429 .text D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1856] WS2_32.dll!connect 719F406A 5 Bytes JMP 00620526 .text D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1856] WS2_32.dll!send 719F428A 5 Bytes JMP 006205D0 .text D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1856] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00620543 .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[1912] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00A80429 .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[1912] WS2_32.dll!connect 719F406A 5 Bytes JMP 00A80526 .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[1912] WS2_32.dll!send 719F428A 5 Bytes JMP 00A805D0 .text C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe[1912] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00A80543 .text C:\WINDOWS\system32\VTTimer.exe[1960] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00390429 .text C:\WINDOWS\system32\VTtrayp.exe[1968] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00390429 .text C:\WINDOWS\SOUNDMAN.EXE[1980] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00980429 .text c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe[1992] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 009A0429 .text C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe[2008] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003A0429 .text ... .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2200] WS2_32.dll!connect 719F406A 5 Bytes JMP 00390526 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2200] WS2_32.dll!send 719F428A 5 Bytes JMP 003905D0 .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2200] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00390543 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2316] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00390429 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2316] WS2_32.dll!connect 719F406A 5 Bytes JMP 00390526 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2316] WS2_32.dll!send 719F428A 5 Bytes JMP 003905D0 .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2316] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00390543 .text C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 006A0429 .text C:\WINDOWS\System32\svchost.exe[2544] WS2_32.dll!connect 719F406A 5 Bytes JMP 006A0526 .text C:\WINDOWS\System32\svchost.exe[2544] WS2_32.dll!send 719F428A 5 Bytes JMP 006A05D0 .text C:\WINDOWS\System32\svchost.exe[2544] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 006A0543 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2708] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 00530429 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2708] WS2_32.dll!connect 719F406A 5 Bytes JMP 00530526 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2708] WS2_32.dll!send 719F428A 5 Bytes JMP 005305D0 .text C:\Program Files\Windows Media Player\WMPNetwk.exe[2708] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 00530543 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2752] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003D0429 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2752] WS2_32.dll!connect 719F406A 5 Bytes JMP 003D0526 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2752] WS2_32.dll!send 719F428A 5 Bytes JMP 003D05D0 .text C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe[2752] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003D0543 .text C:\WINDOWS\System32\alg.exe[3068] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 005A0429 .text C:\WINDOWS\System32\alg.exe[3068] WS2_32.dll!connect 719F406A 5 Bytes JMP 005A0526 .text C:\WINDOWS\System32\alg.exe[3068] WS2_32.dll!send 719F428A 5 Bytes JMP 005A05D0 .text C:\WINDOWS\System32\alg.exe[3068] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 005A0543 .text C:\WINDOWS\explorer.exe[3688] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 003E0429 .text C:\WINDOWS\explorer.exe[3688] WS2_32.dll!connect 719F406A 5 Bytes JMP 003E0526 .text C:\WINDOWS\explorer.exe[3688] WS2_32.dll!send 719F428A 5 Bytes JMP 003E05D0 .text C:\WINDOWS\explorer.exe[3688] WS2_32.dll!WSAConnect 71A00C69 5 Bytes JMP 003E0543 ---- Kernel IAT/EAT - GMER 1.0.13 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F5A73470] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F5A7348B] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F5A7350F] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F5A73532] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F5A7350F] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F5A7348B] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F5A73470] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F5A7350F] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F5A73532] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F5A73470] \SystemRoot\system32\drivers\fwdrv.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F5A7348B] \SystemRoot\system32\drivers\fwdrv.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [ECBCDF76] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [ECBCC812] aswMon2.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F5A5CCC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F778C2C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F778C2C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F5A5CCC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F778C2C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F5A5CCC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F5A5CCC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F5A5CBC0] fwdrv.sys AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [804F3520] ntkrnlpa.exe AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F778C2C0] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F778C8E6] aswTdi.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F778C8E6] aswTdi.SYS Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE EBB9FC8A Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE EBB9C7C8 Device \FileSystem\Fastfat \Fat IRP_MJ_READ EBB9860A Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE EBB98AED Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION EBBA3958 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION EBBA6821 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA EBBAF38A Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA EBBAED49 Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS EBBA8BBE Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION EBBA9331 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION EBBB74F4 Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL EBB9FB37 Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL EBB9B948 Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL EBBA546B Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN EBBB679D Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL EBBB5C4A Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP EBB9C2FD Device \FileSystem\Fastfat \Fat IRP_MJ_PNP EBBB61DB Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible EBBB11F9 AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [ECBCDF76] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [ECBCC812] aswMon2.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [ECBCC812] aswMon2.SYS ---- Registry - GMER 1.0.13 ---- Reg \Registry\USER\S-1-5-21-2834144396-330407623-3462022994-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:Q:\Qbphzragf naq Frggvatf\TRBETRF.115179860314\Ohernh\Cebt. VaperqvZnvy KR Cerzvhz se 1609 (29-07-04)+nqqbaf(+Tbyq)+Pex+FxvaPerngbe 1561(01-07-04)+YrggrePerngbe+Vaperqv\VaperqvZnvy KR Cerzvhz ohvyq 1609 (29-07-04)\VaperqvZnvy Qvpgvbanver Se.rkr 0x3D 0x00 0x00 0x00 ... Reg \Registry\USER\S-1-5-21-2834144396-330407623-3462022994-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:Q:\Qbphzragf naq Frggvatf\TRBETRF.115179860314\Ohernh\Cebt. VaperqvZnvy KR Cerzvhz se 1609 (29-07-04)+nqqbaf(+Tbyq)+Pex+FxvaPerngbe 1561(01-07-04)+YrggrePerngbe+Vaperqv\VaperqvZnvy KR Cerzvhz ohvyq 1609 (29-07-04)\Yrggre Perngbe Obahf cnpx.rkr 0x3D 0x00 0x00 0x00 ... ---- Files - GMER 1.0.13 ---- ADS D:\Documents and Settings\GEORGES.115179860314\Favoris\Résultats de la recherche d:favicon ADS D:\Documents and Settings\GEORGES.115179860314\Local Settings\Application Data\Microsoft\Messenger\geothomas@hotmail.fr\SharingMetadata\nounouche30@hotmail.fr\DFSR\Staging\CS{4C185C88-73E8-2DB7-BF12-90A32E16D728}1\10-{4C185C88-73E8-2DB7-BF12-90A32E16D728}-v1-{613E0D40-10FD-4C51-B30C-F8F90541ED88}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ---- EOF - GMER 1.0.13 ---- Bon courage

Bonjour Je n'ai pas vu la différence entre les 2 fix et à mon avis ce sont les mêmes. Je vois toujours le hanonvt.ini dans le hijackthis, mais j'ai suivi à la lettre tes instructions et donc voici les rapports : OTMovIT (toujours très court) : c:\WINDOWS\system32\hanonvt.ini moved successfully. Created on 08/20/2007 07:37:01 Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 07:39:37, on 20/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\System32\svchost.exe D:\Documents and Settings\GEORGES.115179860314\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [E06FXLRD_7674218] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Re Bon j'ai été un peu plus long mais Kaspersky a mis plus d'1 heure pour analyser les mails d'Incredimail (semble pas tres cool ce logiciel). En plus il a fallu que j'installe une connexion sur le PC pour le connecter sur Internet (la je suis sur le mien et pas sur celui a problème). Pour le fichier HOSTS je pense qu'il ne sait même pas qu'il existe, mais avec un PB (Packard poubelle) plus des antivirus installés, suprimés (Norton, Securitoo, Avast donc que des bons) je sais pas ce qui a pu se passer. Enfin voila les rapports : Kaspersky (encore des virus) : ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Sunday, August 19, 2007 7:46:05 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 19/08/2007 Enregistrements dans la base antivirus Kaspersky : 361299 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Statistiques de l'analyse: Total d'objets analysés: 68015 Nombre de virus trouvés: 2 Nombre d'objets infectés: 3 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 02:08:11 Nom de l'objet infecté / Nom du virus / Dernière action C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db L'objet est verrouillé ignoré C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\debug.log.idx L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\error.log L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\error.log.idx L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\ids.log.idx L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\network.log L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\network.log.idx L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\system.log L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\system.log.idx L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\warning.log.idx L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\web.log L'objet est verrouillé ignoré C:\Program Files\Kerio\Personal Firewall 4\logs\web.log.idx L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\etc\hosts.20070817-094454.backup Infecté : Trojan.Win32.Qhost.mg ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\hanonvt.ini Infecté : Trojan-Downloader.Win32.Agent.bxx ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05222007-194130.log L'objet est verrouillé ignoré D:\Documents and Settings\GEORGES.115179860314\Cookies\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\GEORGES.115179860314\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré D:\Documents and Settings\GEORGES.115179860314\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\GEORGES.115179860314\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\GEORGES.115179860314\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré D:\Documents and Settings\GEORGES.115179860314\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\GEORGES.115179860314\ntuser.dat L'objet est verrouillé ignoré D:\Documents and Settings\GEORGES.115179860314\ntuser.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\LocalService.AUTORITE NT.001\Cookies\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService.AUTORITE NT.001\ntuser.dat L'objet est verrouillé ignoré D:\Documents and Settings\LocalService.AUTORITE NT.001\ntuser.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService.AUTORITE NT.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService.AUTORITE NT.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService.AUTORITE NT.001\ntuser.dat L'objet est verrouillé ignoré D:\Documents and Settings\NetworkService.AUTORITE NT.001\ntuser.dat.LOG L'objet est verrouillé ignoré D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré D:\_OTMoveIt\MovedFiles\WINDOWS\system32\hanonvt.ini Infecté : Trojan-Downloader.Win32.Agent.bxx ignoré Analyse terminée. OTMoveIT (pas très long) : C:\WINDOWS\system32\hanonvt.ini moved successfully. Created on 08/19/2007 17:01:07 Bonne soirée

Re Re Travail fait bien que j'ai eu un message d'erreur lors du démarrage en mode sans échec en suivant la procédure que vous m'avez donné ==> vous n'êtes pas administrateur (alors que si) mais ça a fonctionné quand même. Bon on avance fort j'ai récupéré le panneau de configuration, les propriétés sur le poste de travail et le bureau et pour l'instant je n'ai pas vu revenir le message. Je ne sais pas s'il reste quelque chose mais ça va beaucoup mieux. Pour l'mage de l'écran il se démm.... s'il sait pas où elle est il en cherchera une autre. Déjà bien beau que je lui enlève toutes ses cochonneries. Rapport Navilog Clean Navipromo version 2.0.8 commencé le 19/08/2007 à 15:28:50,48 Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 15.08.2007 a 15h00 by IL-MAFIOSO Mode suppression automatique avec prise en charge résultats Blacklight *** Creation backups fichiers trouvés par Blacklight *** Copie vers "C:\Program Files\navilog1\Backupnavi" *** Suppression des fichiers trouvés avec Blacklight *** c:\WINDOWS\system32\pqepne.dat supprimé ! C:\windows\system32\pqepne.exe supprimé ! c:\WINDOWS\system32\pqepne_nav.dat supprimé ! c:\WINDOWS\system32\pqepne_navps.dat supprimé ! ** 2ème passage ** C:\WINDOWS\system32\pqepne.exe absent ! C:\WINDOWS\system32\pqepne.dat absent ! C:\WINDOWS\system32\pqepne_nav.dat absent ! C:\WINDOWS\system32\pqepne_navps.dat absent ! C:\WINDOWS\system32\pqepne_navup.dat absent ! C:\WINDOWS\system32\pqepne_navtmp.dat absent ! C:\WINDOWS\system32\pqepne_m2s.xml absent ! C:\WINDOWS\prefetch\pqepne*.pf absent ! *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** *** Suppression dossiers dans D:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans D:\Documents and Settings\GEORGES.115179860314\Application Data *** *** Suppression fichiers *** C:\WINDOWS\system32\nvs2.inf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu D:\Documents and Settings\GEORGES.115179860314\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi *** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche et Suppression Heuristique : * ** *** **** ***** C:\WINDOWS\System32\elifarghp_navtmp.dat trouvé ! Copie C:\WINDOWS\system32\elifarghp_navtmp.dat réalise avec succes ! C:\WINDOWS\system32\elifarghp_navtmp.dat supprimé ! ****** ******* ******** 3)Contrôle présence clés Rootkit dans le registre : Aucune autre clés présente dans le registre ! 4)Certificats : Certificat Egroup supprimé ! *** Recherche avec GenericNaviSearch Beta *** !!! Ces résultats peuvent révéler des fichiers légitimes !!! !!! A verifier impérativement avant toute suppression manuelle !!! Fichiers trouvés supprimés avec backups : Aucun Fichier trouvé ! Fichiers suspects non supprimés : Aucun Fichier suspect trouvé ! *** Nettoyage termine le 19/08/2007 à 15:32:03,31 *** Rapport Smitfraudfix SmitFraudFix v2.212 Rapport fait à 15:36:23,73, 19/08/2007 Executé à partir de D:\Documents and Settings\GEORGES.115179860314\Bureau\desinfection\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 192.168.200.3 ad.doubleclick.net 192.168.200.3 ad.fastclick.net 192.168.200.3 ads.fastclick.net 192.168.200.3 atdmt.com 192.168.200.3 awaps.net 192.168.200.3 banner.fastclick.net 192.168.200.3 banners.fastclick.net 192.168.200.3 click.atdmt.com 192.168.200.3 clicks.atdmt.com 192.168.200.3 engine.awaps.net 192.168.200.3 fastclick.net 192.168.200.3 ftp.avp.ch 192.168.200.3 ftp.kasperskylab.ru 192.168.200.3 updates5.kaspersky-labs.com 192.168.200.3 www.awaps.net 192.168.200.3 www.symantec.com 192.168.200.3 www.viruslist.ru »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\printer.exe supprimé C:\WINDOWS\system32\WinAvXX.exe supprimé »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E4A506F-FCEC-4550-802D-675337D637F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E4A506F-FCEC-4550-802D-675337D637F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7E4A506F-FCEC-4550-802D-675337D637F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7E4A506F-FCEC-4550-802D-675337D637F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Rapport Hijackthis en mode normal Logfile of HijackThis v1.99.1 Scan saved at 15:43:30, on 19/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe D:\Documents and Settings\GEORGES.115179860314\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [E06FXLRD_7674218] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Bonjour Merci de votre réponse et de la bienvenue. Pour ce qui est de la désinstallation, on va attendre, vu que je n'ai plus accès au panneau de configuration dans le menu démarrer Pour ce qui est du travail pas de problème. Je dois bien en faire un peu vu que vous m'aider si gentiment Pour Avast je lui ai déjà dit que c'était une m.... et il va acheter Kaspersky. Pour l'infection je me doute qu'elle est importante vu le comportement du PC Je reçois un message d'erreur lors du fix de pqepne, mais j'ai l'impression qu'il n'est plus dans le HJT (fix et raport fait en mode sans echec) Raport de Smitfraudfix fait en mode normal SmitFraudFix v2.212 Rapport fait à 14:28:04,70, 19/08/2007 Executé à partir de D:\Documents and Settings\GEORGES.115179860314\Bureau\desinfection\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\windows\system32\pqepne.exe C:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» D:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\printer.exe PRESENT ! C:\WINDOWS\system32\WinAvXX.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\GEORGES.115179860314 »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\GEORGES.115179860314\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer D:\DOCUME~1\GEORGE~1.115\MENUDM~1\PROGRA~1\DMARRA~1\system.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\GEORGE~1.115\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="http://images.google.fr/images?q=tbn:yHi9H-1Y0blKhM:http://www.lannaronca.it/Montagne%252005.jpg"'>http://images.google.fr/images?q=tbn:yHi9H-1Y0blKhM:http://www.lannaronca.it/Montagne%252005.jpg" "SubscribedURL"="http://images.google.fr/images?q=tbn:yHi9H-1Y0blKhM:http://www.lannaronca.it/Montagne%252005.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="file:///D:/DOCUME~1/GEORGE~1.115/LOCALS~1/APPLIC~1/IM/Runtime/EMOTIC~1/storch_1.gif" "SubscribedURL"="file:///D:/DOCUME~1/GEORGE~1.115/LOCALS~1/APPLIC~1/IM/Runtime/EMOTIC~1/storch_1.gif" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\WINDOWS\\system32\\hanonvt.ini" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E4A506F-FCEC-4550-802D-675337D637F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E4A506F-FCEC-4550-802D-675337D637F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7E4A506F-FCEC-4550-802D-675337D637F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7E4A506F-FCEC-4550-802D-675337D637F3}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Raport de Navilog fait en mode normal Search Navipromo version 2.0.8 commencé le 19/08/2007 à 14:31:59,42 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 15.08.2007 a 15h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans D:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans D:\Documents and Settings\GEORGES.115179860314\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html Fichier(s) caché(s) dans C:\WINDOWS\system32 : c:\WINDOWS\system32\pqepne.dat C:\windows\system32\pqepne.exe c:\WINDOWS\system32\pqepne_nav.dat c:\WINDOWS\system32\pqepne_navps.dat Processus caché(s) dans C:\WINDOWS\system32 : C:\windows\system32\pqepne.exe *** Recherche fichiers *** C:\WINDOWS\system32\nvs2.inf trouvé ! *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * C:\WINDOWS\system32\pqepne.dat trouvé ! ** C:\WINDOWS\system32\pqepne.dat trouvé ! *** **** ***** C:\WINDOWS\system32\elifarghp_navtmp.dat trouvé ! ****** ******* ******** 3)Recherche Certificats : Certificat Egroup trouvé ! *** Recherche avec GenericNaviSearch Beta *** !!! Tous Ces résultats peuvent révéler des fichiers légitimes !!! !!! A verifier impérativement avant toute suppression manuelle !!! Fichiers trouvés : C:\WINDOWS\system32\pqepne.exe trouvé ! Fichiers suspects : Aucun Fichier suspect trouvé ! *** Analyse Terminé le 19/08/2007 à 14:38:51,56 *** Raport de Hijackthis fait en mode sans echec Logfile of HijackThis v1.99.1 Scan saved at 14:53:12, on 19/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\Documents and Settings\GEORGES.115179860314\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [E06FXLRD_7674218] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Un grand merci pour votre aide

Bonjour Mon voisin a apparemment récupérer une 'bête' sur Internet. J'ai scanné son pc avec spybot et adaware, suprimé tous les spywares trouvés. J'ai démonté son disque dur pour le scanner dans un autre PC avec McAfee, résultat 6 fichiers indésirables dérectés, donc suprimés. Surprise un scan fait 3h plus tard redonne les mêmes. Le message du titre apparaît toutes les 3 minutes demandant de se connecter pour télécharger 'spyware remover'. Cela me semble bizarre. Le panneau de configuration a disparu du menu démarrer, impossible de faire 'propriétés' sur le disque dur et sur le bureau : message : "Cette opération a été annulée en raison de restrictions en vigueur sur cet ordinateur. Consultez votre administrateur système." Ci-joint le rapport Hijackthis fait en mode sans échec. Pouvez vous m'aider à suprimer cette infection. Logfile of HijackThis v1.99.1 Scan saved at 10:06:29, on 19/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\printer.exe D:\Documents and Settings\GEORGES.115179860314\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Picasa Media Detector] D:\Documents and Settings\GEORGES.115179860314\Bureau\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [pqepne] c:\windows\system32\pqepne.exe pqepne O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [E06FXLRD_7674218] "D:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: system.exe O4 - Global Startup: autorun.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\hanonvt.ini O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Merci d'avance de votre aide