shernice

Bonsoir Jok. Je ne sais pas si le pc est bien parametre. j'ai juste lance le system restore du D:\ qui est prevu pour reinstaller le systeme si il bloque. Il etait un peu bizarre ces dernier jours, style il redemare tout de suite apres avoir ete arrete, le disque dur tourne un moment mais rien ne s'affiche, ou aussi des programes qui s'arretent brusquement. Service pack2 ne s'est pas bien installe peut etre a cause d'un truc comme ca. je vais charger sp2 se soir pour voir si je peux l'installer.

Bonjour. alors j'ai plante la maj Windows. impossible d'ouvrir une session et ca ne fonctionnais pas en safe mode. impossible aussi de retourner a une configuration qui marche car j'avais decoche l'onglet. j'ai reinstalle windows. Merci infiniment pour votre aide. Je vais aller visiter d'autres topics de se site qui a l'ai tres bien. un dernier hijacthis: Logfile of HijackThis v1.99.1 Scan saved at 07:59:51, on 18/09/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Norton AntiVirus\navapsvc.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Compaq Connections\1940576\Program\backWeb-1940576.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qsg9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qsg9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qsg9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe

ca rame pour installer sp2

Folder C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\ not found. Created on 09/17/2007 23:46:43 Folder C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\ not found. Created on 09/17/2007 23:45:14 pour les maj c'est commence

DiagHelp version v1.2 - http://www.malekal.com excute le Mon 09/17/2007 ?23:05:01.70 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->9/17/2007 11:04:22 PM C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->9/17/2007 11:04:18 PM C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->9/17/2007 11:03:41 PM C:\WINDOWS\prefetch\CONIME.EXE-2543A6D8.pf -->9/17/2007 11:01:55 PM C:\WINDOWS\prefetch\RUNDLL32.EXE-42A8E4DE.pf -->9/17/2007 10:46:53 PM C:\WINDOWS\prefetch\MSIEXEC.EXE-330626DC.pf -->9/17/2007 10:36:46 PM C:\WINDOWS\prefetch\WINWORD.EXE-33AEA629.pf -->9/17/2007 10:36:42 PM C:\WINDOWS\prefetch\OUTLOOK.EXE-29875EE0.pf -->9/17/2007 10:36:29 PM C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->9/17/2007 10:36:19 PM C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->9/17/2007 10:34:31 PM C:\WINDOWS\System32\drivers\npf.sys -->9/8/2007 3:16:58 PM C:\WINDOWS\System32\drivers\QWBGMQWBHM.DAT -->9/8/2007 3:13:32 PM C:\WINDOWS\System32\drivers\CHLRXDHMRWBGMR.DAT.tmp -->9/8/2007 12:50:14 PM C:\WINDOWS\System32\drivers\aswmon.sys -->9/6/2007 6:05:25 PM C:\WINDOWS\System32\drivers\aswmon2.sys -->9/6/2007 6:05:10 PM C:\WINDOWS\System32\drivers\aswRdr.sys -->9/6/2007 6:03:02 PM C:\WINDOWS\System32\drivers\aswTdi.sys -->9/6/2007 6:02:20 PM C:\WINDOWS\System32\FNTCACHE.DAT -->9/17/2007 5:07:08 PM C:\WINDOWS\System32\tmp.txt -->9/16/2007 11:48:27 AM C:\WINDOWS\System32\tmp.reg -->9/16/2007 11:48:27 AM C:\WINDOWS\System32\wpa.dbl -->9/16/2007 10:35:49 AM C:\WINDOWS\System32\{0D059E7E-DE34-499D-B4D2-18C1089000F7}.dat -->9/14/2007 10:32:11 PM C:\WINDOWS\System32\SR2.dat -->9/14/2007 10:30:49 PM C:\WINDOWS\System32\rmoc3260.dll -->9/12/2007 10:47:20 PM C:\WINDOWS\System32\pndx5032.dll -->9/12/2007 10:47:07 PM C:\WINDOWS\System32\pndx5016.dll -->9/12/2007 10:47:07 PM C:\WINDOWS\System32\pncrt.dll -->9/12/2007 10:47:03 PM C:\WINDOWS\System32\CONFIG.NT -->9/12/2007 10:22:07 PM C:\WINDOWS\System32\asfiles.txt -->9/8/2007 10:28:02 PM C:\WINDOWS\System32\Uninstall.ico -->9/8/2007 10:20:31 PM C:\WINDOWS\System32\pavas.ico -->9/8/2007 10:20:31 PM C:\WINDOWS\System32\Help.ico -->9/8/2007 10:20:31 PM C:\WINDOWS\System32\mscpx32r.det -->9/8/2007 5:05:47 PM C:\WINDOWS\System32\OVAFLRWB.DLL -->9/8/2007 4:20:18 PM C:\WINDOWS\System32\HMQVB.DLL -->9/8/2007 4:20:18 PM C:\WINDOWS\System32\EJOUAFKQVAFJOTY.AAB -->9/8/2007 4:20:18 PM C:\WINDOWS\System32\klb1189239228.wk -->9/8/2007 4:13:48 PM C:\WINDOWS\System32\mywebhit.ini.tmp -->9/8/2007 3:17:39 PM C:\WINDOWS\System32\mywebhit.ini -->9/8/2007 3:17:21 PM C:\WINDOWS\System32\wpcap.dll -->9/8/2007 3:16:58 PM C:\WINDOWS\System32\WanPacket.dll -->9/8/2007 3:16:58 PM C:\WINDOWS\System32\Packet.dll -->9/8/2007 3:16:58 PM C:\WINDOWS.log -->9/17/2007 10:31:00 PM C:\WINDOWS\WindowsUpdate.log -->9/17/2007 10:30:52 PM C:\WINDOWS\wiadebug.log -->9/17/2007 10:30:46 PM C:\WINDOWS\wiaservc.log -->9/17/2007 10:30:44 PM C:\WINDOWS\bootstat.dat -->9/17/2007 10:30:27 PM C:\WINDOWS\SchedLgU.Txt -->9/17/2007 6:37:08 PM C:\WINDOWS\setupapi.log -->9/17/2007 8:53:52 AM C:\WINDOWS\svcpack.log -->9/16/2007 11:01:12 PM C:\WINDOWS\QTFont.qfn -->9/16/2007 1:51:58 PM C:\WINDOWS\QTFont.for -->9/16/2007 12:18:17 PM C:\WINDOWS\spupdsvc.log -->9/16/2007 11:38:43 AM C:\WINDOWS\tsoc.log -->9/16/2007 10:54:37 AM C:\WINDOWS\ocmsn.log -->9/16/2007 10:54:37 AM C:\WINDOWS\ocgen.log -->9/16/2007 10:54:37 AM C:\WINDOWS\ntdtcsetup.log -->9/16/2007 10:54:37 AM MD5 des fichiers sensibles tcpip.sys b8158e2a6112c0a5ca67bc158fc70218 ndis.sys 3b350e5a2a5e951453f3993275a4523a null.sys 73c1e1f395918bc2c6dd67af7591a3ad svchost.exe 0f7d9c87b0ce1fa520473119752c6f79 Volume in drive C is PRESARIO Volume Serial Number is FC96-68A1 Directory of C:\WINDOWS\system 02/16/1999 01:06 AM 4,064 Aspiexec.exe 05/07/1998 04:04 PM 52,736 hpsysdrv.exe 2 File(s) 56,800 bytes 0 Dir(s) 11,882,864,640 bytes free Volume in drive C is PRESARIO Volume Serial Number is FC96-68A1 Directory of C:\WINDOWS\system32 01/20/2003 07:39 PM 4,096 csrss.exe 1 File(s) 4,096 bytes 0 Dir(s) 11,882,864,640 bytes free Contenu de Downloaded Program Files Volume in drive C is PRESARIO Volume Serial Number is FC96-68A1 Directory of C:\WINDOWS\Downloaded Program Files 09/16/2007 11:42 PM <DIR> . 09/16/2007 11:42 PM <DIR> .. 08/24/2006 08:28 AM 141,424 asinst.dll 08/22/2006 09:06 AM 537 asinst.inf 12/07/2004 05:07 PM 32 bdcore.dll 05/25/2006 01:21 AM 118,784 bdupd.dll 07/29/2003 09:44 AM 65 desktop.ini 10/15/1997 01:52 AM 697 DirectAnimation Java Classes.osd 07/25/2002 05:13 PM 24,576 dwusplay.dll 07/25/2002 05:13 PM 196,608 dwusplay.exe 02/14/2007 06:44 PM 378 ImageUploader4.inf 02/14/2007 06:44 PM 2,557,752 ImageUploader4.ocx 05/25/2006 01:21 AM 53,248 ipsupd.dll 07/25/2002 05:05 PM 172,032 isusweb.dll 09/07/2007 11:29 AM 2,305 kavwebscan.inf 03/16/2005 12:34 PM 7,407 lang.ini 12/07/2004 05:07 PM 32 libfn.dll 03/14/2005 02:38 PM 126 live.ini 12/14/2004 01:58 PM 3,486,872 MgAxCtrl.dll 12/14/2004 01:55 PM 159 MgAxCtrl.inf 01/20/2000 03:25 PM 1,162 Microsoft XML Parser for Java.osd 06/01/2006 02:57 AM 1,331 oscan8.inf 06/01/2006 02:54 AM 471,040 oscan8.ocx 05/31/2006 04:15 AM 10 oscan81.ocx_x 03/14/2005 02:58 PM 7,073 scanoptions.tsi 03/27/2007 04:00 PM 5,021 swflash.inf 07/30/2007 07:24 PM 293 wuweb.inf 25 File(s) 7,248,964 bytes Total Files Listed: 25 File(s) 7,248,964 bytes 2 Dir(s) 11,882,860,544 bytes free Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\Program Files\\Kingsoft\\Powerword 2006\\xdict.exe"="C:\\Program Files\\Kingsoft\\Powerword 2006\\xdict.exe:*:Enabled:Kingsoft PowerWord" "C:\\Program Files\\Kingsoft\\Powerword 2006\\update.exe"="C:\\Program Files\\Kingsoft\\Powerword 2006\\update.exe:*:Enabled:Kingsoft PowerWord Online Update" Export de la clef SharedTaskScheduler [sharedTaskScheduler] exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-17 23:05:36 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\x8922q\\x86ec8?] "SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,00,19,07,00,00,00,00,1e,e8,37,63,6c,.. "Changed"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "I:\DVD Templates\fr_FR\Nouveau b\x958e\x9588gar\x93fen\???"="" "I:\DVD Templates\fr_FR\G\x959a\x959eal\Mosa\x98cdue\???"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\x8922q\\x86ec8?] "Inno Setup: Setup Version"="5.1.4" "Inno Setup: App Path"="C:\Program Files\Kingsoft\Powerword 2006" "InstallLocation"="C:\Program Files\Kingsoft\Powerword 2006\" "Inno Setup: Icon Group"="\x91d1\x5c71\x8bcd\x9738 2006 OEM\x7248" "Inno Setup: User"="Owner" "Inno Setup: User Info: Name"="uu" "Inno Setup: User Info: Organization"="kscb0759428" "Inno Setup: User Info: Serial"="" "DisplayName"="\x91d1\x5c71\x8bcd\x9738 2006 OEM\x7248" "DisplayIcon"="C:\Program Files\Kingsoft\Powerword 2006\Setup.ico" "UninstallString"=""C:\Program Files\Kingsoft\Powerword 2006\unins000.exe"" "QuietUninstallString"=""C:\Program Files\Kingsoft\Powerword 2006\unins000.exe" /SILENT" "DisplayVersion"="9.0.0.0" "Publisher"="Kingsoft" "URLInfoAbout"="http://www.kingsoft.com" "HelpLink"="http://support.kingsoft.com" "NoModify"=dword:00000001 "NoRepair"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts] "\xf8f5N\x5a85SO?"="FangSongTi.TTF" "wiSO"="KaiTi.TTF" "\x7a0ffNSO?"="LiShuTi.TTF" "O\x6d03xSO?"="WeiBeiTi.TTF" "L\x5775iSO?"="XingKaiTi.TTF" "\x5640\16\x70e0?S?-N\6WA~ ?(?T?r?u?e?T?y?p?e?)???"="tcyen00m.ttf" "\x5640\16\x70e0?S?-N\x5a85 ?(?T?r?u?e?T?y?p?e?)????"="gcsun00m.ttf" "\x5640\16\x70e0?S?-N\x5a85A~ ?(?T?r?u?e?T?y?p?e?)????"="tcsun00m.ttf" "\x5640\16\x70e0?S?-NI{\x7e39 ?(?T?r?u?e?T?y?p?e?)????"="gcdsn00m.ttf" "\x5640\16\x70e0?S?-N\x8933 ?(?T?r?u?e?T?y?p?e?)????"="gchei00m.ttf" "\x5640\16\x70e0?S?-N\x8933A~ ?(?T?r?u?e?T?y?p?e?)????"="tchei00m.ttf" "\x5640\16\x70e0?S?fN\x5a85\x5b68 ?(?T?r?u?e?T?y?p?e?)?????"="gcsun02m.ttf" "\x5640\16\x70e0?S?fN\x5a85\x5b68A~ ?(?T?r?u?e?T?y?p?e?)?????"="tcsun02m.ttf" "\x5640\16\x70e0?S?\xf8f5N\x5a85SO ?(?T?r?u?e?T?y?p?e?)????"="gcfsn00m.ttf" "\x5640\16\x70e0?S?'Y\x5a85 ?(?T?r?u?e?T?y?p?e?)????"="gcsun00b.ttf" "\x5640\16\x70e0?S?'Y\x5a85A~ ?(?T?r?u?e?T?y?p?e?)????"="tcsun00b.ttf" "\x5640\16\x70e0?S?'Y\x7a0ffN ?(?T?r?u?e?T?y?p?e?)????"="gcdls00b.ttf" "\x5640\16\x70e0?S?'Y\x8933 ?(?T?r?u?e?T?y?p?e?)????"="gchei00b.ttf" "\x5640\16\x70e0?S?'Y\x8933A~ ?(?T?r?u?e?T?y?p?e?)????"="tchei00b.ttf" "\x5640\16\x70e0?S?\xe668\x5a85A~ ?(?T?r?u?e?T?y?p?e?)?????"="tcbsn00l.ttf" "\x5640\16\x70e0?S?wiSO ?(?T?r?u?e?T?y?p?e?)???"="gckai00m.ttf" "\x5640\16\x70e0?S?\x68b6\6WA~ ?(?T?r?u?e?T?y?p?e?)????"="tcyen00b.ttf" "\x5640\16\x70e0?S?\x82f8I{\x7e39 ?(?T?r?u?e?T?y?p?e?)?????"="gcdsn00l.ttf" "\x5640\16\x70e0?S?\22?TSO ?(?T?r?u?e?T?y?p?e?)????"="gcstt00b.ttf" "\x5640\16\x70e0?S?\22?TSOA~ ?(?T?r?u?e?T?y?p?e?)????"="tcstt00b.ttf" "\x5640\16\x70e0?S?L\x5775i ?(?T?r?u?e?T?y?p?e?)????"="gcska00b.ttf" "\x5640\16\x70e0?S?L\x5775iA~ ?(?T?r?u?e?T?y?p?e?)????"="tcska00b.ttf" "\x5640\16\x70e0?S?\x666a[ ?(?T?r?u?e?T?y?p?e?)????"="gccsn00b.ttf" "\x5640\16\x70e0?S?\x666a[A~ ?(?T?r?u?e?T?y?p?e?)????"="tccsn00b.ttf" "\x5640\16\x70e0?S?\x666d\x8933 ?(?T?r?u?e?T?y?p?e?)?????"="gccmh00b.ttf" "\x5640\16\x70e0?S?\x666d\x8933A~ ?(?T?r?u?e?T?y?p?e?)?????"="tccmh00b.ttf" "\x5640\16\x70e0?S?O\x6d03x ?(?T?r?u?e?T?y?p?e?)????"="gcwei00b.ttf" "\x5640\16\x70e0?S?O\x6d03xA~ ?(?T?r?u?e?T?y?p?e?)????"="tcwei00b.ttf" "\x5640\16?\xf8f5/\xf8f50\xf8f5\r\xf8f5\22\xf8f5A~ ?(?T?r?u?e?T?y?p?e?)???"="tpop02b.ttf" "\x5640\16?Nwi\x20ac{ ?(?T?r?u?e?T?y?p?e?)???"="gkai00m0.ttf" "\x5640\16?NwiA~ ?(?T?r?u?e?T?y?p?e?)???"="tkai00m.ttf" "\x5640\16?NL\x5752N\x20ac{ ?(?T?r?u?e?T?y?p?e?)????"="gsin00m.ttf" "\x5640\16?NL\x5752NA~ ?(?T?r?u?e?T?y?p?e?)????"="tsin00m.ttf" "\x5640\16?N\x7a0f\x20ac{ ?(?T?r?u?e?T?y?p?e?)????"="glei00m.ttf" "\x5640\16?N\x7a0fA~ ?(?T?r?u?e?T?y?p?e?)????"="tlei00m.ttf" "\x5640\16\x7112N\x5a85\x20ac{ ?(?T?r?u?e?T?y?p?e?)????"="gmin00m0.ttf" "\x5640\16\x7112N\x5a85A~ ?(?T?r?u?e?T?y?p?e?)????"="tmin00m.ttf" "\x5640\16\x71a6R\x7491AmA~ ?(?T?r?u?e?T?y?p?e?)????"="tkan00u.ttf" "\x5640\16?Y\ah\x5a85\x20ac{ ?(?T?r?u?e?T?y?p?e?)????"="gmin00h.ttf" "\x5640\16?\\ah\x5a85\x20ac{ ?(?T?r?u?e?T?y?p?e?)????"="gmin00b0.ttf" "\x5640\16?^JTSOA~ ?(?T?r?u?e?T?y?p?e?)???"="tpop03b.ttf" "\x5640\16\x711b_\x615bA~ ?(?T?r?u?e?T?y?p?e?)????"="toor00u.ttf" "\x5640\16\x7161b\x5a85\x20ac{ ?(?T?r?u?e?T?y?p?e?)????"="gbsn00l.ttf" "\x5640\16\x7171ez\x4fc2O\x20ac{ ?(?T?r?u?e?T?y?p?e?)????"="gchw00u.ttf" "\x5640\16\x7171ez\x4fc2OA~ ?(?T?r?u?e?T?y?p?e?)????"="tchw00u.ttf" "\x5640\16\x712am\xe668SOA~ ?(?T?r?u?e?T?y?p?e?)????"="tpop00b.ttf" "\x5640\16\x712cr\6W\x20ac{ ?(?T?r?u?e?T?y?p?e?)???"="ggtr00h.ttf" "\x5640\16\x712cr\x68b6\6W\x20ac{ ?(?T?r?u?e?T?y?p?e?)????"="ggtr00u.ttf" "\x5640\16\x712cr\x68b6\x5a85\x20ac{ ?(?T?r?u?e?T?y?p?e?)?????"="gmin00u.ttf" "\x5640\16\x712cr\x68b6\x8933\x20ac{ ?(?T?r?u?e?T?y?p?e?)?????"="ghei01u.ttf" "\x5640\16?t\x7e92A~ ?(?T?r?u?e?T?y?p?e?)????"="tovr00u.ttf" "\x5640\16\x7151|\6W\x20ac{ ?(?T?r?u?e?T?y?p?e?)???"="ggtr00b.ttf" "\x5640\16\x7151|L\x5775i\x20ac{ ?(?T?r?u?e?T?y?p?e?)????"="gska00b.ttf" "\x5640\16\x7151|O\x6d03x\x20ac{ ?(?T?r?u?e?T?y?p?e?)????"="gwei00b.ttf" "\x5640\16\x7151|\x8933\x20ac{ ?(?T?r?u?e?T?y?p?e?)????"="ghei01b.ttf" "\x5640\16\x7151|\x8933A~ ?(?T?r?u?e?T?y?p?e?)????"="thei01b.ttf" "\x5640\16\x718e~\xf8f5N\x5a85\x20ac{ ?(?T?r?u?e?T?y?p?e?)????"="gsun00l.ttf" "\x5640\16\x718e~\xf8f5N\x5a85A~ ?(?T?r?u?e?T?y?p?e?)????"="tsun00l.ttf" "\x5640\16\x718e~\6W\x20ac{ ?(?T?r?u?e?T?y?p?e?)???"="ggtr00l0.ttf" "\x5640\16\x718e~\6WA~ ?(?T?r?u?e?T?y?p?e?)???"="tgtr00l.ttf" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Hachette Multim\x9590ia] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Hachette Multim\x9590ia\3000 recettes ELLE] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iPod\Programmes de mise ?jour pr\x958f\x9590ents] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iPod\Programmes de mise ?jour pr\x958f\x9590ents\iPod Updater 2006-01-10] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iPod\Programmes de mise ?jour pr\x958f\x9590ents\Previous Updaters] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\\x688d\23f\x64ed\24{] "\x86ec\x97f9T\x20ac\x9aae???"=dword:00000001 "\x86ec\x97f9\x6439eQ???"=dword:00000001 "\20?n\x884f:y??"=dword:00000001 "\26Y\1x\x884f:y?"=dword:00000001 "\x895dzz<h?"=dword:00000000 "IQ\ah\x9096\x5f47??"=dword:00000001 "<SPACE>"=dword:00000000 "<ENTER>"=dword:00000001 "FC Input"=dword:00000000 "FC aid"=dword:00000000 "GB/GBK"=dword:00000000 scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 144 - ccPxySvc.exe 252 - ashWebSv.exe 324 - ashMaiSv.exe 512 - csrss.exe 536 - winlogon.exe 580 - services.exe 592 - lsass.exe 764 - svchost.exe 816 - svchost.exe 976 - svchost.exe 1056 - explorer.exe 1268 - ashServ.exe 1460 - spoolsv.exe 1844 - hphmon05.exe 2024 - guard.exe 2076 - E_FATIAEP.EXE 2092 - avgas.exe 2108 - ccApp.exe 2232 - ctfmon.exe 2240 - GoogleToolbarNo 2616 - xdict.exe 2872 - WinRAR.exe 2996 - firefox.exe 3656 - conime.exe 3784 - cmd.exe Total number of processes = 26 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D4000 - \WINDOWS\system32\ntoskrnl.exe 806C7000 - \WINDOWS\system32\hal.dll F8C41000 - \WINDOWS\system32\KDCOM.DLL F8B51000 - \WINDOWS\system32\BOOTVID.dll F86F4000 - ACPI.sys F8C43000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F8741000 - pci.sys F8751000 - isapnp.sys F8C45000 - avgarkt.sys F8C47000 - intelide.sys F89C1000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F8761000 - MountMgr.sys F86D5000 - ftdisk.sys F89C9000 - PartMgr.sys F8771000 - VolSnap.sys F86BF000 - atapi.sys F8781000 - disk.sys F8791000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F89D1000 - PxHelp20.sys F86AB000 - KSecDD.sys F8621000 - Ntfs.sys F85F8000 - NDIS.sys F89D9000 - viaagp1.sys F87A1000 - SISAGPX.sys F89E1000 - pn4rokf391.sys F87B1000 - ohci1394.sys F87C1000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS F85DE000 - Mup.sys F89E9000 - agp440.sys F8881000 - \SystemRoot\System32\DRIVERS\nic1394.sys F8A99000 - \SystemRoot\System32\DRIVERS\processr.sys F84E1000 - \SystemRoot\System32\DRIVERS\ialmnt5.sys F84CF000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS F8AA1000 - \SystemRoot\System32\DRIVERS\usbuhci.sys F84AD000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F8AA9000 - \SystemRoot\System32\DRIVERS\usbehci.sys F847D000 - \SystemRoot\System32\DRIVERS\HSFHWBS2.sys F8400000 - \SystemRoot\System32\DRIVERS\ks.sys F82FC000 - \SystemRoot\System32\DRIVERS\HSF_DP.sys F8261000 - \SystemRoot\System32\DRIVERS\HSF_CNXT.sys F8AB1000 - \SystemRoot\System32\Drivers\Modem.SYS F8991000 - \SystemRoot\System32\DRIVERS\R8139n51.SYS F8AB9000 - \SystemRoot\System32\DRIVERS\fdc.sys F824E000 - \SystemRoot\System32\DRIVERS\parport.sys F89A1000 - \SystemRoot\System32\DRIVERS\serial.sys F8C15000 - \SystemRoot\System32\DRIVERS\serenum.sys F89B1000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F8AC1000 - \SystemRoot\System32\DRIVERS\PS2.sys F8AC9000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F8AD1000 - \SystemRoot\System32\DRIVERS\mouclass.sys F87F1000 - \SystemRoot\System32\DRIVERS\imapi.sys F8AD9000 - \SystemRoot\System32\Drivers\MxlW2k.SYS F8801000 - \SystemRoot\System32\DRIVERS\cdrom.sys F8811000 - \SystemRoot\System32\DRIVERS\redbook.sys F8AE1000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F8021000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F8000000 - \SystemRoot\system32\drivers\portcls.sys F8821000 - \SystemRoot\system32\drivers\drmk.sys F8E45000 - \SystemRoot\System32\DRIVERS\audstub.sys F8831000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F8C1D000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F7FEA000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F8841000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F8851000 - \SystemRoot\System32\DRIVERS\raspptp.sys F8C21000 - \SystemRoot\System32\DRIVERS\TDI.SYS F7F39000 - \SystemRoot\System32\DRIVERS\psched.sys F8861000 - \SystemRoot\System32\DRIVERS\msgpc.sys F8AF1000 - \SystemRoot\System32\DRIVERS\ptilink.sys F8AF9000 - \SystemRoot\System32\DRIVERS\raspti.sys F8871000 - \SystemRoot\System32\DRIVERS\termdd.sys F8D0E000 - \SystemRoot\System32\DRIVERS\swenum.sys F7EDC000 - \SystemRoot\System32\DRIVERS\update.sys F8891000 - \SystemRoot\System32\Drivers\NDProxy.SYS F88B1000 - \SystemRoot\System32\DRIVERS\usbhub.sys F8C63000 - \SystemRoot\System32\DRIVERS\USBD.SYS F8B09000 - \SystemRoot\System32\DRIVERS\flpydisk.sys F8C71000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8E7E000 - \SystemRoot\System32\Drivers\Null.SYS F8C73000 - \SystemRoot\System32\Drivers\Beep.SYS F8E7F000 - \SystemRoot\System32\DRIVERS\AvgArCln.sys F8E80000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F8B19000 - \SystemRoot\System32\drivers\vga.sys F8C75000 - \SystemRoot\System32\Drivers\mnmdd.SYS F8C77000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F8B21000 - \SystemRoot\System32\Drivers\Msfs.SYS F8B29000 - \SystemRoot\System32\Drivers\Npfs.SYS F8596000 - \SystemRoot\System32\DRIVERS\rasacd.sys EF975000 - \SystemRoot\System32\DRIVERS\ipsec.sys EF921000 - \SystemRoot\System32\DRIVERS\tcpip.sys EF8E9000 - \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS EF8D8000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS F88E1000 - \SystemRoot\System32\Drivers\aswTdi.SYS EF8B3000 - \SystemRoot\System32\DRIVERS\netbt.sys F88F1000 - \SystemRoot\System32\DRIVERS\netbios.sys F8BF1000 - \SystemRoot\System32\DRIVERS\srvkp.sys EF7EA000 - \SystemRoot\System32\DRIVERS\rdbss.sys F8901000 - \SystemRoot\System32\DRIVERS\wanarp.sys EF780000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F8911000 - \SystemRoot\System32\DRIVERS\arp1394.sys F8921000 - \SystemRoot\System32\Drivers\Fips.SYS F8D1E000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F8B41000 - \SystemRoot\System32\Drivers\Aavmker4.SYS EF734000 - \SystemRoot\System32\Drivers\Fastfat.SYS F8B49000 - \SystemRoot\System32\DRIVERS\usbccgp.sys F7F35000 - \SystemRoot\System32\DRIVERS\usbscan.sys F8A01000 - \SystemRoot\System32\DRIVERS\usbprint.sys BF800000 - \SystemRoot\System32\win32k.sys F7F1D000 - \SystemRoot\System32\drivers\Dxapi.sys F7F19000 - \SystemRoot\System32\watchdog.sys BFF80000 - \SystemRoot\System32\drivers\dxg.sys F8DCB000 - \SystemRoot\System32\drivers\dxgthk.sys BF9C6000 - \SystemRoot\System32\ialmdnt5.dll BF9B8000 - \SystemRoot\System32\ialmrnt5.dll BF9E4000 - \SystemRoot\System32\ialmdev5.DLL BFA0A000 - \SystemRoot\System32\ialmdd5.DLL EF5D3000 - \SystemRoot\System32\drivers\afd.sys EF660000 - \SystemRoot\System32\DRIVERS\ndisuio.sys EF3DD000 - \SystemRoot\System32\Drivers\aswMon2.SYS EF182000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F8CA1000 - \SystemRoot\System32\Drivers\ParVdm.SYS EF351000 - \SystemRoot\System32\Drivers\AspiXNT.SYS EF299000 - \SystemRoot\System32\DRIVERS\mdmxsdk.sys EF01B000 - \SystemRoot\System32\DRIVERS\srv.sys EF1E5000 - \SystemRoot\system32\drivers\sysaudio.sys EEF95000 - \SystemRoot\system32\drivers\wdmaud.sys EF132000 - \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS EEBF9000 - \SystemRoot\System32\DRIVERS\ipnat.sys EEFEB000 - \SystemRoot\System32\Drivers\aswRdr.SYS EE1D3000 - \SystemRoot\system32\drivers\kmixer.sys F8D57000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 130 Liste des programmes installes ABBYY FineReader 5.0 Sprint AC3Filter (remove only) Adobe Download Manager 2.2 (Remove Only) Adobe Flash Player 9 ActiveX Adobe Photoshop 7.0 Adobe Premiere Elements 1.0 Adobe Premiere Elements 1.0 Adobe Reader 7.0 Advanced WindowsCare 2.51 Personal Apple Software Update Archiveur WinRAR AutoUpdate avast! Antivirus AVG Anti-Rootkit Free AVG Anti-Spyware 7.5 Blackhawk Striker from Compaq (remove only) Blasterball 2 from Compaq (remove only) Bounce from Compaq (remove only) Cannonballs from Compaq (remove only) Chinese New Star ClearProg 1.4.2 Beta 13 Compaq Connections dBpowerAMP DirectShow Decoder Codec dBpowerAMP FLAC Codec dBpowerAMP Monkeys Audio Codec dBpowerAMP Musepack Codec dBpowerAMP Music Converter dBpowerAMP Ogg Vorbis Codec dBpowerAMP WMA V9.1 Codec DezPinYin DirectX 9 Hotfix - KB839643 DivX DivX Player Env51 EPSON Attach To Email EPSON Attach To Email EPSON Copy Utility 3 EPSON Easy Photo Print EPSON File Manager EPSON Image Clip Palette EPSON Printer Software EPSON Scan EPSON Scan Assistant EPSON Web-To-Page ESCX4700_4100 User's Guide Excavation from Compaq (remove only) FaxTools Five Card Frenzy from Compaq (remove only) Free YouTube to iPod Converter version 2.3 GemMaster 3 from Compaq (remove only) Generic USB Mass Storage Driver Google Earth Google Toolbar for Internet Explorer Google Video Player HijackThis 2.0.2 Honeycombs from Compaq (remove only) HP Deskjet Preloaded Printer Drivers HP eServices Local Prints and Save HP Photo and Imaging 2.0 - Photosmart Cameras HP Software Update HpSdpAppCoreApp ID3-TagIT InFlac 1.1.1 Ink Intel® Extreme Graphics Driver Internet Explorer Q903235 iPod for Windows 2005-10-12 iPod for Windows 2005-10-12 iTunes Java 2 Runtime Environment, SE v1.4.1_02 Java Web Start Kaspersky Online Scanner KBD Lecteur Windows Media?10 Lexmark X5100 Series LiveReg (Symantec Corporation) LiveUpdate 1.80 (Symantec Corporation) LSI Logic ASPI for Windows 2000 Mars Rover from Compaq (remove only) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Data Access Components KB870669 Microsoft Encarta Encyclopedia Standard - WE 2003 Microsoft GB18030 Support Package Microsoft Money Microsoft Money System Pack Microsoft Office Professional Edition 2003 Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Works 7.0 Mozilla Firefox (2.0.0.6) MSN Messenger 7.5 MSN Music Assistant MUSICMATCH? Jukebox My Presario PC Nero Suite Norton Personal Firewall Orbital from Compaq (remove only) Otto from Compaq (remove only) Panda ActiveScan PC-Doctor for Windows Photosmart 140,240,7200,7600,7700,7900 Series PIF DESIGNER Polar Bowler from Compaq (remove only) PS2 PSShortcutsP Python 2.2 combined Win32 extensions Python 2.2.1 QuickTime Real Alternative 1.46 RealPlayer RecordNow! S3Display S3Gamma2 S3Info2 S3Overlay Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896426) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905495) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB914798) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924496) Shockwave Slyder from Compaq (remove only) Spybot - Search & Destroy 1.4 SpywareBlaster v3.5.1 STX from Compaq (remove only) Super Jeux de cartes 3 Superpen Soft Transtar Intelligent Translation Expert UltimateZip 3.0.3 Update for Windows XP (KB835409) Update for Windows XP (KB898461) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Virtual Warfare from Compaq (remove only) WebFldrs XP Winamp (remove only) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 9 Hotfix [see KB885492 for more information] Windows Media Player Hotfix [see Q828026 for more information] Windows Sasser Worm Removal Tool (KB841720) Windows XP Hotfix - KB823182 Windows XP Hotfix - KB824105 Windows XP Hotfix - KB825119 Windows XP Hotfix - KB826939 Windows XP Hotfix - KB828035 Windows XP Hotfix - KB828741 Windows XP Hotfix - KB833407 Windows XP Hotfix - KB833987 Windows XP Hotfix - KB835732 Windows XP Hotfix - KB837001 Windows XP Hotfix - KB839645 Windows XP Hotfix - KB840315 Windows XP Hotfix - KB840374 Windows XP Hotfix - KB840987 Windows XP Hotfix - KB841356 Windows XP Hotfix - KB841533 Windows XP Hotfix - KB841873 Windows XP Hotfix - KB842773 Windows XP Hotfix - KB871250 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB873376 Windows XP Hotfix - KB883939 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Hotfix - KB896688 Windows XP Hotfix - KB896727 Windows XP Hotfix - KB897715 Windows XP Hotfix - KB905915 Windows XP Hotfix - KB911567 Windows XP Hotfix - KB918439 Windows XP Hotfix - KB918899 Windows XP Hotfix - KB925486 Windows XP Hotfix (SP2) [see q329256 for more information] Windows XP Hotfix (SP2) Q327979 Windows XP Hotfix (SP2) Q329112 Windows XP Hotfix (SP2) Q329909 Windows XP Hotfix (SP2) Q331958 Windows XP Hotfix (SP2) Q811789 Yahoo! Messenger Volume in drive C is PRESARIO Volume Serial Number is FC96-68A1 Directory of C:\Program Files 09/15/2007 02:12 PM <DIR> . 09/15/2007 02:12 PM <DIR> .. 06/15/2005 08:37 PM <DIR> ABBYY FineReader 5.0 Sprint 02/09/2007 09:37 PM <DIR> Adobe 11/29/2005 10:42 AM <DIR> Ahead 09/08/2007 04:18 PM <DIR> Alwil Software 09/08/2007 05:59 PM <DIR> Apple Software Update 07/29/2003 06:54 PM <DIR> BackWeb 05/24/2005 10:47 PM 352,256 BoxChs.dll 05/24/2005 10:47 PM 348,160 boxcht.dll 05/24/2005 10:47 PM 352,256 boxengs.dll 05/24/2005 10:47 PM 352,256 boxengt.dll 08/10/2004 02:15 PM 427,520 BTNexgenIPL32.dll 08/10/2004 02:16 PM 431,104 BTNexgenIPL32u.dll 06/21/2007 11:19 PM <DIR> Chinese New Star 09/12/2007 08:50 AM <DIR> ClearProg 09/12/2007 10:47 PM <DIR> Common Files 07/29/2003 06:54 PM <DIR> Compaq Connections 07/29/2003 09:42 AM <DIR> ComPlus Applications 03/17/2005 08:25 AM 40,960 CYHook.dll 09/26/2005 10:57 PM <DIR> DivX 09/12/2007 08:52 AM <DIR> Easy Internet signup 09/30/2006 05:54 PM <DIR> epson 06/15/2005 08:36 PM <DIR> FaxTools 02/19/2007 05:47 PM <DIR> Free YouTube to iPod Converter 06/21/2007 10:43 PM <DIR> GB18030Tools 05/24/2003 04:42 PM 1,773,568 gdiplus.dll 10/09/2005 11:33 AM 339,968 geniuschs.dll 10/09/2005 11:33 AM 339,968 geniuscht.dll 11/10/2005 01:16 PM 339,968 geniuseng.dll 07/13/2000 09:26 AM 48,960 GETTEXT.EXE 06/17/2002 09:33 AM 126,976 GetTxtNT.dll 02/18/2007 11:31 PM <DIR> Google 09/11/2007 08:55 AM <DIR> GRISOFT 09/08/2007 12:36 AM <DIR> Hewlett-Packard 04/03/2007 03:11 PM <DIR> HP 06/21/2007 11:01 PM <DIR> HW000000 12/28/2001 02:20 PM 36,864 hw32.dll 07/08/1999 04:13 PM 32,256 HW32F.DLL 10/19/1998 03:53 PM 500,732 hwfphras.bin 05/20/2003 07:25 PM 45,056 HWGetPadID.dll 01/09/2002 03:52 PM 1,163,264 HWLMAPI.DLL 04/24/2002 08:09 AM 40,960 HWLoad.exe 05/10/2005 05:09 PM 36,864 hwlx32.dll 09/15/2007 08:41 AM <DIR> HWMail 11/18/2005 04:01 PM 1,998,944 HWPen10.chm 11/17/2005 03:16 PM 1,789,952 HWPen10.exe 11/21/2005 09:16 AM 551,257 HWPen10E.chm 11/18/2005 11:11 AM 1,488,418 HWPen10F.chm 11/17/2005 03:16 PM 1,802,240 HWPen10U.exe 11/30/2005 09:41 AM 323,584 HWPenSign.exe 11/30/2005 09:41 AM 331,776 HWPenSignU.exe 04/26/2005 02:46 AM 1,305,567 HWPHHK.BIN 11/16/1998 08:46 AM 932,710 hwphrase.bin 06/04/2002 10:30 AM 32,768 HwPress.dll 09/23/2005 12:06 PM 217,088 HWSetup.dll 09/23/2005 12:06 PM 217,088 HWSetupU.dll 09/23/2005 02:49 PM 917,504 hwshell.exe 11/22/2005 11:31 AM 899 hwshell.ini 11/10/2005 02:48 PM 139,264 HWSmoothDraw.dll 09/22/2005 09:55 AM 184,320 HWUser.exe 09/22/2005 09:56 AM 188,416 HWUserU.exe 04/25/2005 04:13 PM 730,978 HWYP.BIN 04/16/2006 08:43 PM <DIR> ID3-TagIT 11/16/2005 03:25 PM <DIR> Illustrate 06/21/2007 11:18 PM <DIR> InfoQuick 11/18/2005 11:43 AM 569,344 InputBox.exe 11/18/2005 11:43 AM 573,440 InputBoxU.exe 09/14/2007 10:26 PM <DIR> Internet Explorer 09/11/2007 08:25 AM <DIR> IObit 09/08/2007 06:02 PM <DIR> iPod 09/08/2007 06:02 PM <DIR> iTunes 09/29/2004 05:56 PM <DIR> Java 09/12/2007 09:01 AM <DIR> Java Web Start 06/21/2007 10:39 PM <DIR> JTTS 06/22/2007 08:56 AM <DIR> Kingsoft 07/19/2007 10:43 PM <DIR> Lexmark X5100 Series 11/17/2005 12:13 PM 45,056 Linit.dll 06/15/2005 08:59 PM <DIR> LSI Logic 06/14/2005 08:49 PM <DIR> Messenger 06/16/2005 09:00 PM <DIR> Micro Application 06/15/2005 09:50 PM <DIR> Microsoft ActiveSync 07/29/2003 09:47 AM <DIR> microsoft frontpage 07/29/2003 06:45 PM <DIR> Microsoft Money 06/15/2005 09:49 PM <DIR> Microsoft Office 07/29/2003 06:47 PM <DIR> Microsoft Works 06/15/2005 09:46 PM <DIR> Microsoft.NET 09/30/2004 08:44 AM <DIR> Movie Maker 09/15/2007 06:56 PM <DIR> Mozilla Firefox 07/29/2003 09:41 AM <DIR> MSN 07/29/2003 09:40 AM <DIR> MSN Gaming Zone 12/03/2005 08:12 AM <DIR> MSN Messenger 06/17/2005 11:14 PM <DIR> MsnMusic 07/29/2003 06:30 PM <DIR> MUSICMATCH 07/29/2003 07:00 PM <DIR> My Presario PC 09/15/2007 08:50 AM <DIR> NetMeeting 03/31/2004 03:38 PM 2,058,129 newphchs.bin 09/14/2007 10:33 PM <DIR> Norton Personal Firewall 07/29/2003 09:43 AM <DIR> Online Services 09/16/2007 10:47 AM <DIR> Outlook Express 07/29/2003 07:08 PM <DIR> PC-Doctor for Windows 08/08/2005 04:17 PM 1,159,168 PenChs.dll 08/16/2005 05:52 PM 1,208,320 pencht.dll 12/01/2005 04:45 PM 1,191,936 penengs.dll 12/01/2005 04:45 PM 1,241,088 penengt.dll 07/01/2007 03:31 PM 87 PenSign.DAT 11/09/2005 09:09 AM 73,728 PenSignChs.dll 11/09/2005 09:09 AM 73,728 PenSignCht.dll 12/01/2005 04:07 PM 73,728 PenSignEng.dll 06/21/2007 10:39 PM <DIR> preview 09/08/2007 06:01 PM <DIR> QuickTime 09/12/2007 10:46 PM <DIR> Real 01/21/2006 06:11 PM <DIR> Real Alternative 07/29/2003 06:25 PM <DIR> RecordNow! 09/09/2007 07:47 PM <DIR> RegCleaner 12/01/2005 01:54 PM 458,752 RGenius.exe 12/01/2005 01:55 PM 458,752 RGeniusU.exe 01/09/2002 04:06 PM 131,072 SegmentJ.DLL 09/23/2005 11:46 AM 65,536 SetupChs.dll 09/23/2005 11:46 AM 65,536 setupcht.dll 09/23/2005 11:46 AM 69,632 setupeng.dll 11/18/2005 01:58 PM 37,220 Signchs.chm 11/18/2005 02:00 PM 64,112 Signcht.chm 11/25/2005 03:29 PM 28,436 Signeng.chm 09/08/2007 03:28 PM <DIR> Spybot - Search & Destroy 01/27/2007 04:38 PM <DIR> SpywareBlaster 09/14/2007 10:31 PM <DIR> Symantec 06/22/2007 08:48 AM <DIR> Transtar 08/30/2000 10:07 PM 1,044,480 trilmapi.dll 09/17/2007 10:31 PM <DIR> UltimateZip 06/21/2007 10:39 PM <DIR> V10CHT 06/21/2007 10:39 PM <DIR> v11 09/15/2007 08:53 AM <DIR> WhiteBoard 07/29/2003 06:35 PM <DIR> WildTangent 09/12/2007 09:16 AM <DIR> Winamp 09/16/2007 10:46 AM <DIR> Windows Media Player 09/30/2004 08:44 AM <DIR> Windows NT 09/12/2007 09:16 AM <DIR> WinRAR 07/29/2003 09:47 AM <DIR> xerox 09/08/2007 05:10 PM <DIR> XoftSpySE 10/14/2005 04:43 PM <DIR> Yahoo! 60 File(s) 30,973,969 bytes 81 Dir(s) 11,882,717,184 bytes free Volume in drive C is PRESARIO Volume Serial Number is FC96-68A1 Directory of C:\Program Files\common files 09/12/2007 10:47 PM <DIR> . 09/12/2007 10:47 PM <DIR> .. 04/10/2007 09:31 PM <DIR> Adobe 11/29/2005 10:42 AM <DIR> Ahead 09/08/2007 12:34 AM <DIR> AVSMedia 06/15/2005 09:49 PM <DIR> DESIGNER 09/30/2006 05:56 PM <DIR> InstallShield 06/22/2007 08:56 AM <DIR> Kingsoft 06/21/2007 11:19 PM <DIR> Microsoft Shared 07/29/2003 09:43 AM <DIR> MSSoap 02/13/2007 02:20 PM <DIR> Nero 07/29/2003 05:34 PM <DIR> ODBC 09/12/2007 10:47 PM <DIR> Real 09/30/2004 08:44 AM <DIR> Services 07/29/2003 05:34 PM <DIR> SpeechEngines 06/21/2007 11:19 PM <DIR> StarDock 09/17/2007 10:31 PM <DIR> Symantec Shared 09/16/2007 10:47 AM <DIR> System 09/12/2007 10:47 PM <DIR> xing shared 0 File(s) 0 bytes 19 Dir(s) 11,882,725,376 bytes free Volume in drive C is PRESARIO Volume Serial Number is FC96-68A1 Directory of C:\ 05/24/2001 12:59 PM 162,304 UNWISE.EXE 1 File(s) 162,304 bytes 0 Dir(s) 11,882,725,376 bytes free Attention : C:\autorun.inf existe [AutoRun] open=auto.exe shellexecute=auto.exe shell\Auto\command=auto.exe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.1.2\iTunesSetupAdmin.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2711_symnet$20consumer_4.7.1_english\Message.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2711_symnet$20consumer_4.7.1_english\setup.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2717_symnet$20consumer_5.4.4_english\Message.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2717_symnet$20consumer_5.4.4_english\setup.exe c:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe c:\Documents and Settings\Owner\Desktop\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\Owner\Desktop\avgarkt-setup-1.1.0.42.exe c:\Documents and Settings\Owner\Desktop\avgas-setup-7.5.1.43.exe c:\Documents and Settings\Owner\Desktop\AWCSetup_CNET.exe c:\Documents and Settings\Owner\Desktop\Firefox Setup 2.0.0.6.exe c:\Documents and Settings\Owner\Desktop\HiJackThis.exe c:\Documents and Settings\Owner\Desktop\ie6setup.exe c:\Documents and Settings\Owner\Desktop\OTMoveIt.exe c:\Documents and Settings\Owner\Desktop\RealPlayer10-5GOLD_fr.exe c:\Documents and Settings\Owner\Desktop\setupfre.exe c:\Documents and Settings\Owner\Desktop\WGAPluginInstall.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\catchme.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\diff.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\dumphive.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\find2.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\Fport.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\grep.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\KProcCheck.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\LFiles.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\md5sums.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\pslist.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\streams.exe c:\Documents and Settings\Owner\Desktop\DiagHelp\swreg.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\dumphive.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\exit.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\HostsChk.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\Process.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\restart.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\swreg.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\swsc.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\unzip.exe c:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX00.704\RunScanner.exe c:\Documents and Settings\Owner\Local Settings\Temp\RarSFX0\basic\preupd.exe c:\Documents and Settings\Owner\Local Settings\Temp\RarSFX0\basic\sched.exe c:\Documents and Settings\Owner\Local Settings\Temp\RarSFX0\basic\setup.exe c:\Documents and Settings\Owner\Local Settings\Temp\RarSFX0\basic\update.exe c:\Documents and Settings\Owner\Local Settings\Temp\RarSFX0\basic\wsctool.exe c:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4X6VW9YV\Firefox%20Setup%202.0.0.6[1].exe c:\Documents and Settings\Shernice\Application Data\Microsoft\Installer\{939E2189-9B65-41FC-A842-1BBC1588BFD1}\ARPPRODUCTICON.exe c:\Documents and Settings\Shernice\Desktop\Spybot - Search & Destroy\blindman.exe c:\Documents and Settings\Shernice\Desktop\Spybot - Search & Destroy\SpybotSD.exe c:\Documents and Settings\Shernice\Desktop\Spybot - Search & Destroy\TeaTimer.exe c:\Documents and Settings\Shernice\Desktop\Spybot - Search & Destroy\unins000.exe c:\Documents and Settings\Shernice\Desktop\Spybot - Search & Destroy\Update.exe c:\Documents and Settings\Shernice\Local Settings\Temp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\msgup810_249_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\msgup810_401_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsa64.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsc2F.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsd1B.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsd2.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsg17.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsg1D.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsh2D.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsi2F.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsj21.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsj3.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsk14.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsk50.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsm31.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsm34.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsnF.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nso11.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsoE.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsoF.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsr2C.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsu2.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsv38.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsw1E.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\Local Settings\Temp\nsz25.tmp\msgup_fr.exe c:\Documents and Settings\Shernice\My Documents\msgr8us.exe c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2717_symnet$20consumer_5.4.4_english\SymStore.dll c:\Documents and Settings\Owner\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll ****** Fin du rapport DiagHelp

D'abord merci pour votre aide. Le pc fonctionne bien, surtout avec AVG comme antivirus. Antivir decouvre des virus tout le temps et bloque des programes comme firefox. Al_Ctl_del ne fonctionne pas j'ai seulement la barre du cpu. Quand je clique sur sur une des partitions dans hard disk drive j'ai: Windows cannot find 'auto.exe' on ne peut pas faire apparaitre les dossier cachés dans la session de l'autre utilisateur en cochant la case prevue le téléchargement des programmes sur internet commence avant que je clique ok dans la boite prevue. sinon quant j'ai rentre C:\ WINDOWS\ system32\ => j47kkb1vkb.dll dans virus total ca c'est arrêté et j'ai eu le desktop. j'ai réessayais et c'était ok

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:34:20 PM, on 9/17/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Norton Personal Firewall\NISUM.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\system32\UMonit2K.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\hwshell.exe C:\Program Files\Kingsoft\Powerword 2006\xdict.exe C:\Program Files\UltimateZip\uzqkst.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\HiJackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ó?ò?°é??(&V) - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\InfoQuick\VoiceMate\Plugin\MyBands.dll O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB002" /M "Stylus CX4100" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe O4 - Global Startup: 金山词霸 2006.lnk = C:\Program Files\Kingsoft\Powerword 2006\xdict.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://202.172.177.20/ActiveX/mgaxctrl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189909975093 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://mocca.com/MediaCorp/ImageUploader4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE -- End of file - 8807 bytes

0 bytes size received / Se ha recibido un archivo vacio

Et voici le reste: C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools moved successfully. Created on 09/17/2007 07:48:02 KASPERSKY ONLINE SCANNER REPORT Monday, September 17, 2007 7:38:26 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.93.1 Kaspersky Anti-Virus database last update: 16/09/2007 Kaspersky Anti-Virus database records: 393762 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics Total number of scanned objects 98643 Number of viruses found 0 Number of infected objects 0 Number of suspicious objects 0 Duration of the scan process 01:56:52 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Confdntl.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\Spam.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton Personal Firewall\Log\WebHist.log Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cert8.db Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\history.dat Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\key3.db Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\parent.lock Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\search.sqlite Object is locked skipped C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007091620070917\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_928.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Shernice\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Shernice\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Shernice\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Shernice\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Shernice\Local Settings\History\History.IE5\MSHist012007091720070918\index.dat Object is locked skipped C:\Documents and Settings\Shernice\Local Settings\Temp\~DF76D.tmp Object is locked skipped C:\Documents and Settings\Shernice\Local Settings\Temp\~DFA4A7.tmp Object is locked skipped C:\Documents and Settings\Shernice\Local Settings\Temp\~DFFB10.tmp Object is locked skipped C:\Documents and Settings\Shernice\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Shernice\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Shernice\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SymNeti1000.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SymNeti1001.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SymNeti1002.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SymNeti1003.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SymNeti1004.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SymNeti1005.log Object is locked skipped C:\Program Files\Norton Personal Firewall\nisum.dat Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{48AD5744-EEE8-4ABD-838D-81C9BC274856}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\pn4rokf391.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\j47kkb1vkb.dll Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped F:\property\2 Rental\Giacomo\2 bdrm.xls Object is locked skipped F:\property\2 Rental\Giacomo\the regalia.xls Object is locked skipped F:\property\2 Rental\Giacomo\d3.xls Object is locked skipped Scan process completed.

Merci pour ton aide Eclypse! J'ai fait les mises a jour windows avec hijackthis je n'ai pas réussi a virer: O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing) ca revient toujours pour: O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe je les ai laisses car ces noms correspondent a des programmes pour l'apprentissage du mandarin avec une tablette graphique que j'ai installes il y a quelques temps deja. Mais si tu me conseille de les enlever pas de pbm sinon voici les rapports: SmitFraudFix v2.225 Scan done at 11:48:19.78, 09/16/2007 Sun Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode 换换换换换换换换换换换换 Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Norton Personal Firewall\NISUM.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\system32\UMonit2K.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\hwshell.exe C:\Program Files\Kingsoft\Powerword 2006\xdict.exe C:\Program Files\UltimateZip\uzqkst.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\cmd.exe C:\WINDOWS\System32\conime.exe C:\WINDOWS\System32\cmd.exe 换换换换换换换换换换换换 hosts 换换换换换换换换换换换换 C:\ 换换换换换换换换换换换换 C:\WINDOWS 换换换换换换换换换换换换 C:\WINDOWS\system 换换换换换换换换换换换换 C:\WINDOWS\Web 换换换换换换换换换换换换 C:\WINDOWS\system32 换换换换换换换换换换换换 C:\Documents and Settings\Owner 换换换换换换换换换换换换 C:\Documents and Settings\Owner\Application Data 换换换换换换换换换换换换 Start Menu 换换换换换换换换换换换换 C:\DOCUME~1\Owner\FAVORI~1 换换换换换换换换换换换换 Desktop 换换换换换换换换换换换换 C:\Program Files 换换换换换换换换换换换换 Corrupted keys 换换换换换换换换换换换换 Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" 换换换换换换换换换换换换 Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll 换换换换换换换换换换换换 AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] 换换换换换换换换换换换换 Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" 换换换换换换换换换换换换 Rustock 换换换换换换换换换换换换 DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 202.73.37.3 DNS Server Search Order: 165.21.83.88 HKLM\SYSTEM\CCS\Services\Tcpip\..\{24CBCDEF-5785-4487-8986-F352D130096C}: DhcpNameServer=202.73.37.3 165.21.83.88 HKLM\SYSTEM\CS1\Services\Tcpip\..\{24CBCDEF-5785-4487-8986-F352D130096C}: DhcpNameServer=192.169.34.181 203.120.90.40 HKLM\SYSTEM\CS2\Services\Tcpip\..\{24CBCDEF-5785-4487-8986-F352D130096C}: DhcpNameServer=202.73.37.3 165.21.83.88 HKLM\SYSTEM\CS3\Services\Tcpip\..\{24CBCDEF-5785-4487-8986-F352D130096C}: DhcpNameServer=202.73.37.3 165.21.83.88 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=202.73.37.3 165.21.83.88 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.169.34.181 203.120.90.40 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=202.73.37.3 165.21.83.88 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=202.73.37.3 165.21.83.88 换换换换换换换换换换换换 Scanning for wininet.dll infection 换换换换换换换换换换换换 End AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 10:48:58 PM 9/16/2007 + Scan result: :mozilla.637:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.452:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.453:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.504:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.865:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adengage : Cleaned. :mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adengage : Cleaned. :mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adengage : Cleaned. :mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Adviva : Cleaned. :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned. :mozilla.570:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned. :mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.455:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned. :mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Estat : Cleaned. :mozilla.576:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.851:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Fortunecity : Cleaned. :mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.337:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.721:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.723:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.732:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.765:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.360:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned. :mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Real : Cleaned. :mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Real : Cleaned. :mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Real : Cleaned. :mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Real : Cleaned. :mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned. :mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned. :mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.304:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.531:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.716:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Weborama : Cleaned. :mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Weborama : Cleaned. :mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Weborama : Cleaned. :mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.731:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.140:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6weyjjaq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:11:29 PM, on 9/16/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Norton Personal Firewall\NISUM.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\system32\UMonit2K.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\hwshell.exe C:\Program Files\Kingsoft\Powerword 2006\xdict.exe C:\Program Files\UltimateZip\uzqkst.exe C:\WINDOWS\System32\conime.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\HiJackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ó?ò?°é??(&V) - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\InfoQuick\VoiceMate\Plugin\MyBands.dll O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB002" /M "Stylus CX4100" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-1003193338-2640079429-974192258-1009\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet (User 'Shernice') O4 - HKUS\S-1-5-21-1003193338-2640079429-974192258-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Shernice') O4 - HKUS\S-1-5-21-1003193338-2640079429-974192258-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Shernice') O4 - HKUS\S-1-5-21-1003193338-2640079429-974192258-1009\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Shernice') O4 - HKUS\S-1-5-21-1003193338-2640079429-974192258-1009\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Shernice') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe O4 - Global Startup: 金山词霸 2006.lnk = C:\Program Files\Kingsoft\Powerword 2006\xdict.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://202.172.177.20/ActiveX/mgaxctrl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189909975093 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://mocca.com/MediaCorp/ImageUploader4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE -- End of file - 9450 bytes

Bonjour Mon PC est infecte depuis quelques jours. j'ai essaye plusieurs anti virus mais des dossiers infectes reviennent a chaque fois voici le hijackthis fait apres un scan avec Antivir en safe mode comme indique sur le sticky de Megataupe. il y a t'il quelque chose a faire? Merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:15:18 PM, on 9/15/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe c:\Program Files\Norton Personal Firewall\NISUM.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\Program Files\Norton Personal Firewall\ccPxySvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wuauclt.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\system32\UMonit2K.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\hwshell.exe C:\Program Files\Kingsoft\Powerword 2006\xdict.exe C:\Program Files\UltimateZip\uzqkst.exe C:\Program Files\Kingsoft\Powerword 2006\update.exe C:\Documents and Settings\Owner\Desktop\HiJackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ó?ò?°é??(&V) - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\InfoQuick\VoiceMate\Plugin\MyBands.dll O3 - Toolbar: NewStar Band - {56C8C49B-7340-4D2F-988B-77416E8B97A5} - C:\Program Files\Chinese New Star\WordPlugin\IEPhonetic.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\system32\UMonit2K.exe O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB002" /M "Stylus CX4100" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip\uzqkst.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HANWANG Shell.lnk = %ProgramFiles%\hwshell.exe O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe O4 - Global Startup: 金山词霸 2006.lnk = C:\Program Files\Kingsoft\Powerword 2006\xdict.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://vivoptz.dyndns.biz:101/VatDec.cab O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://vivoptz.dyndns.biz/RtspVaPgDec.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://202.172.177.20/ActiveX/mgaxctrl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118749390641 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://mocca.com/MediaCorp/ImageUploader4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE O23 - Service: Remote Help Session Manager (Rasautol) - Unknown owner - C:\WINDOWS\System32\ntsokele.exe (file missing) -- End of file - 8723 bytes