boheme52

La fonction auto n'était pas activée, j'y ai été voir et rien ne me propose l'option dvd ram j'ai aussi essayé de débrancher le lecteur, rebooter, arrêter, rebrancher, reboot, rien. Normalement, dès qu'on y met un dvd ram, il est reconnu, même pas besoin de formater ni rien

Bonjour, Après une infection et et nettoyage très efficace (merci) Mon graveur Samsung SH-S162L ne reconnait plus les dvd ram Normalement à l'insertion du dvd, il le reconnait et me donne la possibilité de l'employer +/- comme un HD ou comme une clé USB, malheureusement, quand j'insère un dvd ram, il me dit qu'il n'y a rien dedans. J'ai fais une màj du firware, mais rien n'y fait. Une idée ?

Encore merci pour tout Tout est fait J'ai reporté sur Malware complaint Et vais modifier mon profil utilisateur windows de suite

En mode sans echec : AntiVir PersonalEdition Classic Report file date: samedi 27 octobre 2007 13:00 Scanning for 904194 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Administrateur Computer name: MAISON-24D9033A Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55 ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 10:51:10 ANTIVIR3.VDF : 7.0.0.142 3072 Bytes 26/10/2007 10:51:10 AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 27/10/2007 10:51:10 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 27 octobre 2007 13:00 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '49' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\qoobox\Quarantine\catchme2007-10-26_202205.85.zip [0] Archive type: ZIP --> sstqr.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '47972666.qua'! C:\qoobox\Quarantine\catchme2007-10-26_205845.70.zip [0] Archive type: ZIP --> urqonkj.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4797266c.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\pmkhg.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '478e267d.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\sstqr.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was moved to '4797268c.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\sysdl132.exe.vir [DETECTION] Is the Trojan horse TR/Dldr.BHO.AL.4 [iNFO] The file was moved to '47962695.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\urqonkj.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was moved to '47942690.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DONNEES> D:\Cyberlink Power DVD 7[1].0.rar [0] Archive type: RAR --> keygen.exe [DETECTION] Is the Trojan horse TR/Vundo.Gen --> crack.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '478527e8.qua'! Begin scan in 'E:\' <BACKUP> End of the scan: samedi 27 octobre 2007 14:09 Used time: 1:09:04 min The scan has been done completely. 8493 Scanning directories 488433 Files were scanned 8 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 7 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 488425 Files not concerned 2836 Archives were scanned 2 Warnings 40 Notes J'ai viré tout ce qui avait dans la quarantine Un reboot Antivir a relancé un scan en mode normal : AntiVir PersonalEdition Classic Report file date: samedi 27 octobre 2007 14:28 Scanning for 904194 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: MAISON-24D9033A Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55 ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 10:51:10 ANTIVIR3.VDF : 7.0.0.142 3072 Bytes 26/10/2007 10:51:10 AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 27/10/2007 10:51:10 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 27 octobre 2007 14:28 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'Fast.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'rapimgr.exe' - '1' Module(s) have been scanned Scan process 'Snowforw.exe' - '1' Module(s) have been scanned Scan process 'MailWasher.exe' - '1' Module(s) have been scanned Scan process 'raid_tool.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'wcescomm.exe' - '1' Module(s) have been scanned Scan process 'AnyDVD.exe' - '1' Module(s) have been scanned Scan process 'DynDNS.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'Fast.exe' - '1' Module(s) have been scanned Scan process 'TaskSwitch.exe' - '1' Module(s) have been scanned Scan process 'vsnpstd3.exe' - '1' Module(s) have been scanned Scan process 'tsnpstd3.exe' - '1' Module(s) have been scanned Scan process 'CameraFixer.exe' - '1' Module(s) have been scanned Scan process 'InCD.exe' - '1' Module(s) have been scanned Scan process 'CloneCDTray.exe' - '1' Module(s) have been scanned Scan process 'E_FATIACE.EXE' - '1' Module(s) have been scanned Scan process 'AsusProb.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'itype.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 52 processes with 52 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '42' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP77\A0026355.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '475334a5.qua'! C:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP79\A0026501.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '475334ab.qua'! C:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP79\A0026505.exe [DETECTION] Is the Trojan horse TR/Dldr.BHO.AL.4 [iNFO] The file was moved to '475334ad.qua'! C:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP79\A0026510.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '475334af.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <DONNEES> Begin scan in 'E:\' <BACKUP> E:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP27\A0004293.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47533bd0.qua'! E:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP27\A0004294.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [iNFO] The file was moved to '47533bd6.qua'! E:\System Volume Information\_restore{C3AF7278-2CC4-4C42-8962-3C7BDD7E69C2}\RP59\A0021115.exe [DETECTION] Is the Trojan horse TR/Agent.36441 [iNFO] The file was moved to '47533d31.qua'! End of the scan: samedi 27 octobre 2007 15:28 Used time: 59:53 min The scan has been done completely. 8684 Scanning directories 546477 Files were scanned 7 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 7 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 546470 Files not concerned 3111 Archives were scanned 2 Warnings 40 Notes

Le problème a l'air réglé Un tout grand merci à tous Mais existe-t-il un moyen de se protéger de ce genre de chose ? Changer Avast par Antivir comme proposé plus haut ? Autre chose ? ComboFix 07-10-26.4 - Administrateur 2007-10-26 20:50:44.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.532 [GMT 2:00] Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript * Created a new restore point FILE:: C:\sysuouv.exe C:\WINDOWS\system32\apeqixya.dll C:\WINDOWS\system32\humbktoq.dll C:\WINDOWS\system32\pfwcjdig.dll C:\WINDOWS\system32\sysdl132.exe C:\WINDOWS\system32\urqonkj.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\sysuouv.exe C:\WINDOWS\system32\apeqixya.dll C:\WINDOWS\system32\ghkmp.bak1 C:\WINDOWS\system32\ghkmp.ini C:\WINDOWS\system32\humbktoq.dll C:\WINDOWS\system32\pfwcjdig.dll C:\WINDOWS\system32\pfwcjdig.dllbox C:\WINDOWS\system32\pmkhg.dll C:\WINDOWS\system32\sysdl132.exe C:\WINDOWS\system32\urqonkj.dll . ((((((((((((((((((((((((((((( Fichiers créés 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))))))) . 2007-10-26 20:11 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-26 19:26 <REP> d-------- C:\Program Files\Trend Micro 2007-10-26 19:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-26 19:23 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-26 19:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-26 18:14 2,732 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-26 11:53 <REP> d-------- C:\Program Files\Fichiers communs\OCP Software 2007-10-26 11:53 <REP> d-------- C:\My CE Installations 2007-10-26 11:53 229,450 --a------ C:\WINDOWS\system32\ocpTools.dll 2007-10-26 11:29 <REP> d-------- C:\Program Files\Common Files 2007-10-26 11:27 <REP> d-------- C:\Program Files\OCP Software 2007-10-26 11:01 <REP> d--h----- C:\Program Files\SystemA 2007-10-22 18:18 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-22 18:17 <REP> d-------- C:\Program Files\MSXML 4.0 2007-10-10 23:03 <REP> d-------- C:\Program Files\Microsoft ActiveSync 2007-10-09 18:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2007-10-09 18:21 <REP> d-------- C:\Program Files\CyberLink 2007-10-06 19:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM 2007-10-04 18:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\U3 2007-10-03 20:33 <REP> d-------- C:\Program Files\7-Zip 2007-10-03 19:09 <REP> d-------- C:\Program Files\Medion GoPal Assistant 2007-10-03 19:09 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GoPal Assistant 2007-10-03 18:06 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-10-03 18:06 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-10-02 11:06 339,968 --a------ C:\WINDOWS\system32\pscUD112.dll 2007-10-02 11:06 49,152 --a------ C:\WINDOWS\system32\pscVSWIA.dll 2007-10-02 11:05 94,208 --a------ C:\WINDOWS\system32\PSCLU112.dll 2007-10-02 11:05 53,248 --a------ C:\WINDOWS\system32\pscND112.exe 2007-10-01 21:41 <REP> d-------- C:\Program Files\My Drivers 2007-09-30 20:33 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData 2007-09-29 13:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON 2007-09-29 13:16 159,744 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys 2007-09-29 13:16 118,784 -ra------ C:\WINDOWS\system32\ptipbmf.dll 2007-09-29 13:09 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-09-29 13:09 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-09-29 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL 2007-09-29 13:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll 2007-09-29 13:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll 2007-09-29 13:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll 2007-09-29 12:58 <REP> d-------- C:\Program Files\UIU 2007-09-29 11:32 94,208 --a------ C:\WINDOWS\amcap.exe 2007-09-29 11:31 <REP> d-------- C:\Program Files\Fichiers communs\snpstd3 2007-09-29 11:31 8,718,848 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys 2007-09-29 11:31 339,968 --a------ C:\WINDOWS\vsnpstd3.exe 2007-09-29 11:31 90,112 --a------ C:\WINDOWS\tsnpstd3.exe 2007-09-29 11:31 61,440 --a------ C:\WINDOWS\system32\rsnpstd3.dll 2007-09-29 11:31 61,440 --a------ C:\WINDOWS\system32\csnpstd3.dll 2007-09-29 11:31 53,248 --a------ C:\WINDOWS\vsnpstd3.dll 2007-09-29 11:31 53,248 --a------ C:\WINDOWS\system32\vsnpstd3.dll 2007-09-29 11:31 20,480 --a------ C:\WINDOWS\usnpstd3.exe 2007-09-29 11:31 20,480 --------- C:\WINDOWS\CameraFixer.exe 2007-09-29 10:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech 2007-09-29 09:25 <REP> d-------- C:\Program Files\Snowforw 2007-09-29 09:21 <REP> d-------- C:\Program Files\CyberLink2 2007-09-29 09:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Visicom Media 2007-09-29 09:01 <REP> d-------- C:\Program Files\vmntoolbar 2007-09-29 09:01 <REP> d-------- C:\Program Files\Visicom Media 2007-09-29 08:58 <REP> d-------- C:\Program Files\Runtime Software 2007-09-29 08:56 <REP> d-------- C:\Program Files\IrfanView 2007-09-29 08:53 <REP> d-------- C:\Program Files\G6 FTP Server 2007-09-29 08:38 <REP> d-------- C:\WINDOWS\InCD 2007-09-29 08:38 3,067,904 --------- C:\WINDOWS\NuNinst.exe 2007-09-29 08:38 102,016 --------- C:\WINDOWS\system32\drivers\InCDfs.sys 2007-09-29 08:38 33,536 --------- C:\WINDOWS\system32\drivers\InCDrm.sys 2007-09-29 08:38 29,440 --------- C:\WINDOWS\system32\drivers\InCDpass.sys 2007-09-29 08:38 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys 2007-09-28 20:55 <REP> d-------- C:\Program Files\Lavasoft 2007-09-28 20:35 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2007-09-28 20:18 <REP> d-------- C:\WINDOWS\system32\QuickTime 2007-09-28 20:09 <REP> d-------- C:\Program Files\Fichiers communs\Vbox 2007-09-28 20:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller 2007-09-28 20:06 <REP> d-------- C:\Program Files\Macromedia 2007-09-28 20:06 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia 2007-09-28 20:05 <REP> d-------- C:\WINDOWS\Downloaded Installations 2007-09-28 20:04 <REP> d-------- C:\Program Files\PowerQuest 2007-09-28 20:02 <REP> d-------- C:\Program Files\SpeedFan 2007-09-28 19:51 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-28 19:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2007-09-28 19:35 <REP> d-------- C:\Program Files\Elaborate Bytes 2007-09-28 18:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SlySoft 2007-09-28 18:54 <REP> d-------- C:\Program Files\SlySoft 2007-09-28 18:51 <REP> d-------- C:\Program Files\Fichiers communs\Ahead 2007-09-28 18:51 <REP> d-------- C:\Program Files\Ahead 2007-09-28 18:51 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-09-28 18:51 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-09-28 18:51 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-09-28 18:51 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-09-28 18:51 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys 2007-09-28 18:51 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-09-28 18:51 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-09-28 18:51 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-09-28 17:57 <REP> d-------- C:\Program Files\Firetrust 2007-09-28 17:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MailWasherPro 2007-09-28 17:51 <REP> d-------- C:\EPSON 2007-09-28 17:51 79,679 --a------ C:\WINDOWS\system32\E_FLMACE.DLL 2007-09-28 17:51 64,000 --a------ C:\WINDOWS\system32\E_FBCBACE.DLL 2007-09-28 17:51 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL 2007-09-28 17:51 34,304 --a------ C:\WINDOWS\system32\E_FBCHACE.DLL 2007-09-28 17:49 <REP> d-------- C:\Program Files\EPSON 2007-09-28 17:35 996,872 --a------ C:\WINDOWS\system32\CP3240MT.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-26 16:22 232 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2007-10-21 09:21 --------- d-----w C:\Program Files\Java 2007-09-29 08:28 --------- d-----w C:\Program Files\Crazy Browser 2007-09-28 15:52 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-09-28 14:58 9,324,032 ----a-w C:\WINDOWS\system32\RTLCPL.EXE 2007-09-28 14:58 77,824 ----a-w C:\WINDOWS\SOUNDMAN.EXE 2007-09-28 14:58 294,912 ------w C:\WINDOWS\alcupd.exe 2007-09-28 14:58 200,704 ------w C:\WINDOWS\alcrmv.exe 2007-09-28 14:58 2,317,504 ----a-w C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-09-28 14:58 156,672 ----a-w C:\WINDOWS\system32\RTLCPAPI.dll 2007-09-28 11:58 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-09-28 11:07 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-09-28 11:07 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-09-28 10:03 65,536 ----a-w C:\WINDOWS\system32\Audio3D.dll 2007-09-28 10:03 65,536 ----a-w C:\WINDOWS\system32\a3d.dll 2007-09-28 10:03 400,384 ----a-w C:\WINDOWS\system32\drivers\ALCXSENS.SYS 2007-09-28 10:00 --------- d-----w C:\Program Files\VIA 2007-09-28 09:58 --------- d-----w C:\Program Files\Marvell 2007-09-28 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-09-28 09:46 --------- d-----w C:\Program Files\Sunbelt Software 2007-09-28 09:40 --------- d-----w C:\Program Files\Alwil Software 2007-09-28 09:19 --------- d-----w C:\Program Files\microsoft frontpage 2007-09-28 09:18 --------- d-----w C:\Program Files\Services en ligne 2007-09-28 09:17 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-31 18:45 69,632 ----a-w C:\WINDOWS\system32\wshext.dll 2007-07-31 18:45 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-07-31 18:45 36,864 ----a-w C:\WINDOWS\system32\wshcon.dll 2007-07-31 18:45 32,768 ----a-w C:\WINDOWS\system32\dispex.dll 2007-07-31 18:45 163,840 ----a-w C:\WINDOWS\system32\scrobj.dll 2007-07-31 18:45 155,648 ----a-w C:\WINDOWS\system32\scrrun.dll 2007-07-31 18:45 135,168 ----a-w C:\WINDOWS\system32\wscript.exe 2007-07-31 18:45 114,688 ----a-w C:\WINDOWS\system32\cscript.exe . ((((((((((((((((((((((((((((( snapshot@2007-10-26_20.23.18.90 ))))))))))))))))))))))))))))))))))))))))) . + 2007-10-26 18:58:34 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_748.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{263D9676-810E-11DC-8324-0800200C9A67}] 2007-10-26 11:01 95232 --a------ C:\Program Files\SystemA\ie-improver.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DB3F881-19A2-4085-ABD0-DBD56E71F4F5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5302307-6F5B-4BBE-BC0C-3EF416F454BC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] "SoundMan"="SOUNDMAN.EXE" [2007-09-28 16:58 C:\WINDOWS\SOUNDMAN.EXE] "ASUS Probe"="C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe" [2002-12-06 16:07] "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06] "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-10-03 11:23] "tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 15:05] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55] "Ptipbmf"="ptipbmf.dll" [2003-06-20 09:06 C:\WINDOWS\system32\ptipbmf.dll] "BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 12:14] "CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2001-10-19 12:14] "FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 12:14] "ec1a4104"="C:\WINDOWS\system32\apeqixya.dll" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:22] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 13:34] "DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe" [2006-09-17 10:32] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-09-28 19:00] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:07] C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ MailWasherPro.lnk - C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe [2004-04-10 07:21:44] Raccourci vers Snowforw.exe.lnk - C:\Program Files\Snowforw\Snowforw.exe [2007-09-27 12:21:46] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-28 20:36:01] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2007-09-28 12:00:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pfwcjdig] pfwcjdig.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonkj] urqonkj.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkhg.dll R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys R2 AsProbe;AsProbe;\??\C:\WINDOWS\system32\drivers\AsProbe.sys S2 A32P;A32P;C:\WINDOWS\system32\drivers\A32P.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c898804e-7293-11dc-979e-0011d898a47d}] AutoRun\command - I:\LaunchU3.exe -a . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-09-28 14:14:28 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job" . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-26 20:59:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-26 21:00:53 - machine was rebooted C:\ComboFix2.txt ... 2007-10-26 20:24 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:03:20, on 26/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Fast.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\fast.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DynDNS Updater\DynDNS.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe C:\Program Files\Snowforw\Snowforw.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Crazy Browser\Crazy Browser.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SystemA - {263D9676-810E-11DC-8324-0800200C9A67} - C:\Program Files\SystemA\ie-improver.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {B5302307-6F5B-4BBE-BC0C-3EF416F454BC} - (no file) O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [ec1a4104] rundll32.exe "C:\WINDOWS\system32\apeqixya.dll",b O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MailWasherPro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe O4 - Startup: Raccourci vers Snowforw.exe.lnk = C:\Program Files\Snowforw\Snowforw.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: pfwcjdig - pfwcjdig.dll (file missing) O20 - Winlogon Notify: urqonkj - urqonkj.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8336 bytes

ComboFix 07-10-26.4 - Administrateur 2007-10-26 20:14:00.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.535 [GMT 2:00] Running from: C:\Documents and Settings\Administrateur\Bureau\combofix.exe Command switches used :: /v pfwcjdig urqonkj . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\WINDOWS\system32\kidgkxnf.dll C:\WINDOWS\system32\pfwcjdig.dllbox C:\WINDOWS\system32\rqtss.bak1 C:\WINDOWS\system32\rqtss.bak2 C:\WINDOWS\system32\rqtss.ini C:\WINDOWS\system32\sstqr.dll . ((((((((((((((((((((((((((((( Fichiers créés 2007-09-26 to 2007-10-26 )))))))))))))))))))))))))))))))))))) . 2007-10-26 20:11 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-26 19:26 <REP> d-------- C:\Program Files\Trend Micro 2007-10-26 19:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-26 19:23 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-26 19:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-26 18:14 2,732 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-26 17:03 83,008 --a------ C:\WINDOWS\system32\apeqixya.dll 2007-10-26 16:56 340,032 --a------ C:\WINDOWS\system32\pfwcjdig.dll 2007-10-26 16:56 340,032 --a------ C:\WINDOWS\system32\humbktoq.dll 2007-10-26 11:53 <REP> d-------- C:\Program Files\Fichiers communs\OCP Software 2007-10-26 11:53 <REP> d-------- C:\My CE Installations 2007-10-26 11:53 229,450 --a------ C:\WINDOWS\system32\ocpTools.dll 2007-10-26 11:29 <REP> d-------- C:\Program Files\Common Files 2007-10-26 11:27 <REP> d-------- C:\Program Files\OCP Software 2007-10-26 11:01 <REP> d--h----- C:\Program Files\SystemA 2007-10-26 11:01 145,929 --a------ C:\WINDOWS\system32\sysdl132.exe 2007-10-26 11:01 33,792 --------- C:\WINDOWS\system32\urqonkj.dll 2007-10-26 11:01 8,704 --a------ C:\sysuouv.exe 2007-10-22 18:18 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-22 18:17 <REP> d-------- C:\Program Files\MSXML 4.0 2007-10-10 23:03 <REP> d-------- C:\Program Files\Microsoft ActiveSync 2007-10-09 18:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2007-10-09 18:21 <REP> d-------- C:\Program Files\CyberLink 2007-10-06 19:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM 2007-10-04 18:47 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\U3 2007-10-03 20:33 <REP> d-------- C:\Program Files\7-Zip 2007-10-03 19:09 <REP> d-------- C:\Program Files\Medion GoPal Assistant 2007-10-03 19:09 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GoPal Assistant 2007-10-03 18:06 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-10-03 18:06 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-10-02 11:06 339,968 --a------ C:\WINDOWS\system32\pscUD112.dll 2007-10-02 11:06 49,152 --a------ C:\WINDOWS\system32\pscVSWIA.dll 2007-10-02 11:05 94,208 --a------ C:\WINDOWS\system32\PSCLU112.dll 2007-10-02 11:05 53,248 --a------ C:\WINDOWS\system32\pscND112.exe 2007-10-01 21:41 <REP> d-------- C:\Program Files\My Drivers 2007-09-30 20:33 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData 2007-09-29 13:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON 2007-09-29 13:16 159,744 -ra------ C:\WINDOWS\system32\drivers\Fasttx2k.sys 2007-09-29 13:16 118,784 -ra------ C:\WINDOWS\system32\ptipbmf.dll 2007-09-29 13:09 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-09-29 13:09 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-09-29 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\UDL 2007-09-29 13:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll 2007-09-29 13:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll 2007-09-29 13:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll 2007-09-29 12:58 <REP> d-------- C:\Program Files\UIU 2007-09-29 11:32 94,208 --a------ C:\WINDOWS\amcap.exe 2007-09-29 11:31 <REP> d-------- C:\Program Files\Fichiers communs\snpstd3 2007-09-29 11:31 8,718,848 --a------ C:\WINDOWS\system32\drivers\snpstd3.sys 2007-09-29 11:31 339,968 --a------ C:\WINDOWS\vsnpstd3.exe 2007-09-29 11:31 90,112 --a------ C:\WINDOWS\tsnpstd3.exe 2007-09-29 11:31 61,440 --a------ C:\WINDOWS\system32\rsnpstd3.dll 2007-09-29 11:31 61,440 --a------ C:\WINDOWS\system32\csnpstd3.dll 2007-09-29 11:31 53,248 --a------ C:\WINDOWS\vsnpstd3.dll 2007-09-29 11:31 53,248 --a------ C:\WINDOWS\system32\vsnpstd3.dll 2007-09-29 11:31 20,480 --a------ C:\WINDOWS\usnpstd3.exe 2007-09-29 11:31 20,480 --------- C:\WINDOWS\CameraFixer.exe 2007-09-29 10:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Leadertech 2007-09-29 09:25 <REP> d-------- C:\Program Files\Snowforw 2007-09-29 09:21 <REP> d-------- C:\Program Files\CyberLink2 2007-09-29 09:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Visicom Media 2007-09-29 09:01 <REP> d-------- C:\Program Files\vmntoolbar 2007-09-29 09:01 <REP> d-------- C:\Program Files\Visicom Media 2007-09-29 08:58 <REP> d-------- C:\Program Files\Runtime Software 2007-09-29 08:56 <REP> d-------- C:\Program Files\IrfanView 2007-09-29 08:53 <REP> d-------- C:\Program Files\G6 FTP Server 2007-09-29 08:38 <REP> d-------- C:\WINDOWS\InCD 2007-09-29 08:38 3,067,904 --------- C:\WINDOWS\NuNinst.exe 2007-09-29 08:38 102,016 --------- C:\WINDOWS\system32\drivers\InCDfs.sys 2007-09-29 08:38 33,536 --------- C:\WINDOWS\system32\drivers\InCDrm.sys 2007-09-29 08:38 29,440 --------- C:\WINDOWS\system32\drivers\InCDpass.sys 2007-09-29 08:38 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys 2007-09-28 20:55 <REP> d-------- C:\Program Files\Lavasoft 2007-09-28 20:35 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2007-09-28 20:18 <REP> d-------- C:\WINDOWS\system32\QuickTime 2007-09-28 20:09 <REP> d-------- C:\Program Files\Fichiers communs\Vbox 2007-09-28 20:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MSNInstaller 2007-09-28 20:06 <REP> d-------- C:\Program Files\Macromedia 2007-09-28 20:06 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia 2007-09-28 20:05 <REP> d-------- C:\WINDOWS\Downloaded Installations 2007-09-28 20:04 <REP> d-------- C:\Program Files\PowerQuest 2007-09-28 20:02 <REP> d-------- C:\Program Files\SpeedFan 2007-09-28 19:51 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-28 19:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2007-09-28 19:35 <REP> d-------- C:\Program Files\Elaborate Bytes 2007-09-28 18:59 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SlySoft 2007-09-28 18:54 <REP> d-------- C:\Program Files\SlySoft 2007-09-28 18:51 <REP> d-------- C:\Program Files\Fichiers communs\Ahead 2007-09-28 18:51 <REP> d-------- C:\Program Files\Ahead 2007-09-28 18:51 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-09-28 18:51 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-09-28 18:51 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-09-28 18:51 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-09-28 18:51 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys 2007-09-28 18:51 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-09-28 18:51 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-09-28 18:51 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-09-28 17:57 <REP> d-------- C:\Program Files\Firetrust 2007-09-28 17:57 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MailWasherPro 2007-09-28 17:51 <REP> d-------- C:\EPSON . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-26 16:22 232 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2007-10-21 09:21 --------- d-----w C:\Program Files\Java 2007-09-29 08:28 --------- d-----w C:\Program Files\Crazy Browser 2007-09-28 15:52 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-09-28 14:58 9,324,032 ----a-w C:\WINDOWS\system32\RTLCPL.EXE 2007-09-28 14:58 77,824 ----a-w C:\WINDOWS\SOUNDMAN.EXE 2007-09-28 14:58 294,912 ------w C:\WINDOWS\alcupd.exe 2007-09-28 14:58 200,704 ------w C:\WINDOWS\alcrmv.exe 2007-09-28 14:58 2,317,504 ----a-w C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-09-28 14:58 156,672 ----a-w C:\WINDOWS\system32\RTLCPAPI.dll 2007-09-28 11:58 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-09-28 11:07 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-09-28 11:07 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-09-28 10:03 65,536 ----a-w C:\WINDOWS\system32\Audio3D.dll 2007-09-28 10:03 65,536 ----a-w C:\WINDOWS\system32\a3d.dll 2007-09-28 10:03 400,384 ----a-w C:\WINDOWS\system32\drivers\ALCXSENS.SYS 2007-09-28 10:00 --------- d-----w C:\Program Files\VIA 2007-09-28 09:58 --------- d-----w C:\Program Files\Marvell 2007-09-28 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-09-28 09:46 --------- d-----w C:\Program Files\Sunbelt Software 2007-09-28 09:40 --------- d-----w C:\Program Files\Alwil Software 2007-09-28 09:19 --------- d-----w C:\Program Files\microsoft frontpage 2007-09-28 09:18 --------- d-----w C:\Program Files\Services en ligne 2007-09-28 09:17 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-31 18:45 69,632 ----a-w C:\WINDOWS\system32\wshext.dll 2007-07-31 18:45 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll 2007-07-31 18:45 36,864 ----a-w C:\WINDOWS\system32\wshcon.dll 2007-07-31 18:45 32,768 ----a-w C:\WINDOWS\system32\dispex.dll 2007-07-31 18:45 163,840 ----a-w C:\WINDOWS\system32\scrobj.dll 2007-07-31 18:45 155,648 ----a-w C:\WINDOWS\system32\scrrun.dll 2007-07-31 18:45 135,168 ----a-w C:\WINDOWS\system32\wscript.exe 2007-07-31 18:45 114,688 ----a-w C:\WINDOWS\system32\cscript.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{263D9676-810E-11DC-8324-0800200C9A67}] 2007-10-26 11:01 95232 --a------ C:\Program Files\SystemA\ie-improver.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DB3F881-19A2-4085-ABD0-DBD56E71F4F5}] 2007-10-26 11:01 33792 --------- C:\WINDOWS\system32\urqonkj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-10-26 16:56 340032 --a------ C:\WINDOWS\system32\pfwcjdig.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5302307-6F5B-4BBE-BC0C-3EF416F454BC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pfwcjdig.dll [2007-10-26 16:56 340032] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43] "nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43] "SoundMan"="SOUNDMAN.EXE" [2007-09-28 16:58 C:\WINDOWS\SOUNDMAN.EXE] "ASUS Probe"="C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe" [2002-12-06 16:07] "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06] "CameraFixer"="C:\WINDOWS\CameraFixer.exe" [2005-10-03 11:23] "tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 15:05] "snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 15:55] "Ptipbmf"="ptipbmf.dll" [2003-06-20 09:06 C:\WINDOWS\system32\ptipbmf.dll] "BackgroundSwitcher"="C:\WINDOWS\system32\bgswitch.exe" [2001-10-19 12:14] "CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2001-10-19 12:14] "FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-19 12:14] "ec1a4104"="C:\WINDOWS\system32\apeqixya.dll" [2007-10-26 17:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:22] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-03-30 13:34] "DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe" [2006-09-17 10:32] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-09-28 19:00] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:07] C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ MailWasherPro.lnk - C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe [2004-04-10 07:21:44] Raccourci vers Snowforw.exe.lnk - C:\Program Files\Snowforw\Snowforw.exe [2007-09-27 12:21:46] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-28 20:36:01] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2007-09-28 12:00:08] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{6DB3F881-19A2-4085-ABD0-DBD56E71F4F5}"= C:\WINDOWS\system32\urqonkj.dll [2007-10-26 11:01 33792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pfwcjdig] pfwcjdig.dll 2007-10-26 16:56 340032 C:\WINDOWS\system32\pfwcjdig.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonkj] urqonkj.dll 2007-10-26 11:01 33792 C:\WINDOWS\system32\urqonkj.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqr.dll R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys R2 AsProbe;AsProbe;\??\C:\WINDOWS\system32\drivers\AsProbe.sys S2 A32P;A32P;C:\WINDOWS\system32\drivers\A32P.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c898804e-7293-11dc-979e-0011d898a47d}] AutoRun\command - I:\LaunchU3.exe -a . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-09-28 14:14:28 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job" . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-26 20:22:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-26 20:24:25 - machine was rebooted . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:32:40, on 26/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Fast.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\fast.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DynDNS Updater\DynDNS.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe C:\Program Files\Snowforw\Snowforw.exe C:\Program Files\Crazy Browser\Crazy Browser.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pfwcjdig.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [ec1a4104] rundll32.exe "C:\WINDOWS\system32\apeqixya.dll",b O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MailWasherPro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe O4 - Startup: Raccourci vers Snowforw.exe.lnk = C:\Program Files\Snowforw\Snowforw.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7565 bytes

Je viens de m'installer un nouveau Pc Je le pensais bien protégé : Avast, Kerio, Spy S&D, ad-aware Et je viens de me choper cette crasse J'ai fait tourner adaware, spy s&d qui m'ont nettoyé plein de trucs, mais ça revient sans cesse J'ai fait tourner smitfraudfix en option 2, c'esr tjrs la SmitFraudFix v2.195 Rapport fait à 19:23:39,62, ven. 26/10/2007 Executé à partir de E:\Pgms (F)\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\fast.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DynDNS Updater\DynDNS.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\VIA\RAID\raid_tool.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe C:\Program Files\Snowforw\Snowforw.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Fast.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Crazy Browser\Crazy Browser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 172.19.3.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E9242361-5A7C-47F2-93EA-3A9F6A4876E3}: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E9242361-5A7C-47F2-93EA-3A9F6A4876E3}: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E9242361-5A7C-47F2-93EA-3A9F6A4876E3}: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=172.19.3.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:26:56, on 26/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\fast.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\DynDNS Updater\DynDNS.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\VIA\RAID\raid_tool.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe C:\Program Files\Snowforw\Snowforw.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Fast.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Crazy Browser\Crazy Browser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1BF0EB4E-4CCD-44C7-81B6-AF83693D49DB} - C:\WINDOWS\system32\sstqr.dll O2 - BHO: SystemA - {263D9676-810E-11DC-8324-0800200C9A67} - C:\Program Files\SystemA\ie-improver.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6DB3F881-19A2-4085-ABD0-DBD56E71F4F5} - C:\WINDOWS\system32\urqonkj.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\kidgkxnf.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\pfwcjdig.dll O2 - BHO: (no name) - {B5302307-6F5B-4BBE-BC0C-3EF416F454BC} - (no file) O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pfwcjdig.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\Asus\Asus Probe V2.64.01\AsusProb.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe O4 - HKLM\..\Run: [ec1a4104] rundll32.exe "C:\WINDOWS\system32\apeqixya.dll",b O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MailWasherPro.lnk = C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe O4 - Startup: Raccourci vers Snowforw.exe.lnk = C:\Program Files\Snowforw\Snowforw.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: pfwcjdig - C:\WINDOWS\SYSTEM32\pfwcjdig.dll O20 - Winlogon Notify: urqonkj - C:\WINDOWS\SYSTEM32\urqonkj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8795 bytes

J'ai fait comme expliqué, sauf le 1er rapport écrasé par le 2ème, le voici : Clean Navipromo version 2.0.3 commencé le lun. 03/09/2007 à 22:19:53,34 Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO Mode suppression automatique avec prise en charge résultats Blacklight *** fsbl1.txt non trouvé *** (Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche) *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\Serge\Application Data *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Serge\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Erreur application fixreg Le registre n'a pas été nettoyé *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche et Suppression Heuristique : * ** *** **** ***** ****** ******* ******** 3)Contrôle présence clés Rootkit dans le registre : Aucune autre clés présente dans le registre ! *** Nettoyage termine le lun. 03/09/2007 à 22:24:59,49 *** Je n'ai toujours pas accès au panneau de config, mais en allant dans les options internet de IE, je n'ai rien trouvé de ce que décrit ci-dessus Je reboote pour voir, mais je crois avoir déja fait cette manip et rien de changé, j'éditerai le post au retour. 1er reboot, plus de trace de l'infection, toujours plus accès au panneau de config, utilisé zeb-restore, j'ai accès à l'horloge, le gestionnaire des taches, mais pas le panneau de config. Reboot, tout est OK, juste perdu mon fond d'écran comme annoncé, ça m'a permis de changer Merci beaucoup

Salut à tous J'avais déja été infecté par ce truc, j'avis réussi à m'en débarasser avec navilog, mais cette fois-ci la bête est plus coriace : J'ai sans arrêt un pop-up "Windows security alert" qui me propose de nettoyer non PC J'ai essayé de le renettoyer avec navilog, mais cette fois-ci rien n'y fait J'ai téléchargé ceci : 2) Télécharge la dernière version de SmitFraudFix Rien n'y fait et je n'ai plus accès à mon PC en mode admin (je ne peux plus régler l'heure, plus accès au panneau de config, ...) Le rapport de Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:35:51, on 3/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.exe F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe F:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\printer.exe F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe F:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Skype\Phone\Skype.exe F:\Program Files\DynDNS Updater\DynDNS.exe F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\PROGRA~1\MICROS~3\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe F:\Program Files\MSI\PC Alert 4\PCAlert4.exe F:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe F:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\MSN Messenger\usnsvc.exe F:\Program Files\Crazy Browser\Crazy Browser.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe F:\Help\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [Opware12] "F:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" O4 - HKLM\..\Run: [CloneCDTray] "f:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] f:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU" O4 - HKCU\..\Run: [DynDNS Updater] "f:\Program Files\DynDNS Updater\DynDNS.exe" O4 - HKCU\..\Run: [AnyDVD] F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [sysRestore] "C:\DOCUME~1\Serge\LOCALS~1\Temp\tmp1.tmp.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe" O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: MailWasherPro.lnk = F:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe O4 - Startup: Start Firewall.lnk = C:\WINDOWS\system32\net.exe O4 - Startup: system.exe O4 - Global Startup: autorun.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: PC Alert 4.lnk = F:\Program Files\MSI\PC Alert 4\PCAlert4.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - f:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - f:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.5.0_04) - O16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) - http://www.euras.com/euras/activex2/euras.CAB O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt O20 - Winlogon Notify: 3drilt - 3drilt.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: wampapache - Apache Software Foundation - F:\Program Files\wamp\Apache2\bin\Apache.exe O23 - Service: wampmysqld - Unknown owner - F:\Program Files\wamp\mysql\bin\mysqld-nt.exe -- End of file - 9629 bytes