Aller au contenu

GlendaGabon

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    18

  • Inscription

  • Dernière visite

Profile Information

  • Sexe
    Female

Autres informations

  • Mes langues
    français, anglais

GlendaGabon's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. GlendaGabon
    Salut Apo, Salut Bruce Lee Tout d'abord un grand merci à tous les deux pour votre aide ! Je vais de ce pas voir tout ça de plus près! Juste une question encore, à propos du firewall: pour moi firewall = pare feu, et quand je vais voir l'état de mon pare-feu windows dans le panneau de config, il est bien noté comme activé. Pouvez-vous m'éclairer à ce sujet? Merci Glenda.
  2. GlendaGabon
    Salut Bruce Lee Opérations de nettoyage terminées sur F et sur G. J'ai eu un peu de mal avec les fichiers de restauration car à chaque scan Kaspersky m'en trouvait des nouveaux à supprimer. Finalement 'Report is empty" quand même pour mes 2 DD externes. Je les ai repassé une dernière fois avec Antivir pour avoir la conscience tranquille: RAS. Mon PC à l'air clean maintenant (mais c'est toi l'expert moi j'execute!). Ma fenêtre mystère n'est peut-être pas un problème de sécurité même si elle est apparue pendant que j'essayais de désinfecter . Ca ne me gène pas vraiment mais on se pose toujours la question de savoir ce qui cloche. Faut-il que je pose la question sur un autre forum, sur l'optimisation par exemple? Pour la sécurité, j'ai maintenant Antivir, Spybot (dont j'ai désactivé le tea timer car il me cassait un peu les pieds), AVG-AS et d'autres programmes que j'ai installés au fur et à mesure des procédures. Que me conseilles-tu de garder ou d'installer? En ce qui concerne Antivir, son icône disparait et réapparait de la zone de notification selon son humeur du jour, quelle que soit la façon dont je paramètre l'affichage de celle-ci. Est-ce normal? (tant que son absence n'implique pas une inactivation, ça ne me pose pas de problème). Merci pour tes conseils et à bientôt Glenda.
  3. GlendaGabon
    Salut Bruce Lee , J'ai supprimé les fichiers et rescanné avec Kasperski (rapport n°1 = disc C+ disc F): 1. ils sont apparus dans les fichiers de restaurations : pour l'instant je ne touche pas 2. il m'a retrouvé ces mêmes fichiers dans un autre dossier de sauvegarde sur F (je ne sais pas pourquoi il ne me les a pas détectés hier ausssi). Je les ai donc supprimé de ce nouvel emplacement et j'ai rescanné F ( = rapport n°2 = F tout seul). 3. suite à ça ils sont apparus dans de nouveaux fichiers de restauration de F:\system volume information Je n'y ai pas touché pour l'instant mais il se trouve que sur F ce dossier n'est pas interdit d'accès. Est-ce que je dois les supprimés manuellement et te renvoyer un nouveau rapport de scan? Même question pour les fichiers du 2ème disc que j'ai mis en quarantaine avec Antivir. Merci et à bientôt , Glenda. Rapport n°1 = C + F ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, November 08, 2007 12:01:34 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 8/11/2007 Kaspersky Anti-Virus database records: 453923 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 143754 Number of viruses found: 2 Number of infected objects: 8 Number of suspicious objects: 0 Duration of the scan process: 02:38:27 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Gilda\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Gilda\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Gilda\Historique\History.IE5\MSHist012007110820071109\index.dat Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Messenger\gilda_grard@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Messenger\gilda_grard@hotmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Messenger\gilda_grard@hotmail.com\SharingMetadata\Working\database_48E7_6D21_D02_4AA\dfsr.db Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Messenger\gilda_grard@hotmail.com\SharingMetadata\Working\database_48E7_6D21_D02_4AA\fsr.log Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Messenger\gilda_grard@hotmail.com\SharingMetadata\Working\database_48E7_6D21_D02_4AA\fsrtmp.log Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Messenger\gilda_grard@hotmail.com\SharingMetadata\Working\database_48E7_6D21_D02_4AA\tmp.edb Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Windows Live Contacts\gilda_grard@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Windows Live Contacts\gilda_grard@hotmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DF148F.tmp Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DF14A1.tmp Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DF5E44.tmp Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DFFD74.tmp Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DFFD86.tmp Object is locked skipped C:\Documents and Settings\Gilda\ntuser.dat Object is locked skipped C:\Documents and Settings\Gilda\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Gilda\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D991952E-5E86-496B-898E-D8A7FDB8F8BF}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\change.log Object is locked skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\change.log Object is locked skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\A0040123.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.d skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\A0040123.exe WiseSFX: infected - 1 skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\A0040124.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Gator.3013 skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\A0040124.exe WiseSFX: infected - 1 skipped F:\Disc Gilda 28 oct 2007\LABO\GENOMIQUE 2002-2003\SAV home\ZIP1\Themes\rainbow_tts.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.d skipped F:\Disc Gilda 28 oct 2007\LABO\GENOMIQUE 2002-2003\SAV home\ZIP1\Themes\rainbow_tts.exe WiseSFX: infected - 1 skipped F:\Disc Gilda 28 oct 2007\LABO\GENOMIQUE 2002-2003\SAV home\ZIP1\Themes\winter_cottage.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Gator.3013 skipped F:\Disc Gilda 28 oct 2007\LABO\GENOMIQUE 2002-2003\SAV home\ZIP1\Themes\winter_cottage.exe WiseSFX: infected - 1 skipped Scan process completed. Rapport n°2 = F seul ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, November 08, 2007 1:05:44 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 8/11/2007 Kaspersky Anti-Virus database records: 454665 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - Folders: F:\ Scan Statistics: Total number of scanned objects: 53744 Number of viruses found: 2 Number of infected objects: 8 Number of suspicious objects: 0 Duration of the scan process: 00:54:10 Infected Object Name / Virus Name / Last Action F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\change.log Object is locked skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\A0040123.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.d skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\A0040123.exe WiseSFX: infected - 1 skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\A0040124.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Gator.3013 skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\A0040124.exe WiseSFX: infected - 1 skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\A0040146.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.d skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\A0040146.sexe WiseSFX: infected - 1 skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\A0040147.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Gator.3013 skipped F:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP202\A0040147.exe WiseSFX: infected - 1 skipped Scan process completed.
  4. GlendaGabon
    Bonjour Bruce Lee , Voici le résultats des opérations: 1. quelques cookies détectés avec AVG-AS sur le disc C: - l'action appliquée a été la suppression des fichiers (pourtant j'avais bien paramétré sur quarantaine comme tu me l'as dit) - le rapport n'a pas été généré: j'imagine que c'est parce que j'avais laissé cocher la case "faire un rapport seulement si infections détectées" ou une formule dans le genre. Du coup j'ai fait une impression d'écran de la fenêtre de résultat au cas où tu voudrais en savoir plus. Dis moi si tu veux que je te l'envoie. Je ne sais pas trop d'où ils sortent car les noms ne me disent rien (par ex "doubleclick" ou "adviva") 2. le scan Kaspersky a trouvé quelques "trucs" sur mon 1er DD externe (F, celui sans virus d'hier) et rien sur le 2nd (G, celui avec rontobrok) mais comme j'avais mis ces derniers fichiers en quarantaine avec Antivir, c'est peut-être normal Merci et @+ Glenda. Voici le rapport Kaspersky ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, November 07, 2007 3:05:47 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 7/11/2007 Kaspersky Anti-Virus database records: 452722 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 164631 Number of viruses found: 2 Number of infected objects: 8 Number of suspicious objects: 0 Duration of the scan process: 02:54:04 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Gilda\Application Data\Microsoft\Modèles\Normal.dot Object is locked skipped C:\Documents and Settings\Gilda\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Gilda\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Gilda\Historique\History.IE5\MSHist012007110720071108\index.dat Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DF26C5.tmp Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DF7D38.tmp Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DFACB1.tmp Object is locked skipped C:\Documents and Settings\Gilda\Mes documents\Boulot\Comptabilité CIRMF\Pour comptat CIRMF bis.doc Object is locked skipped C:\Documents and Settings\Gilda\ntuser.dat Object is locked skipped C:\Documents and Settings\Gilda\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Gilda\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Gilda\Temporary Internet Files\Content.IE5\SRDNEUVX\bind[1].htm Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP199\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{8FF8B9ED-261B-4D23-A2B0-F77ECEF8DA29}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{DE2F3AF3-996C-4D57-8228-DB049021F091}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped F:\Disc Gilda 05-01-07\Disc C\LABO\GENOMIQUE 2002-2003\SAV home\ZIP1\Themes\rainbow_tts.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.d skipped F:\Disc Gilda 05-01-07\Disc C\LABO\GENOMIQUE 2002-2003\SAV home\ZIP1\Themes\rainbow_tts.exe WiseSFX: infected - 1 skipped F:\Disc Gilda 05-01-07\Disc C\LABO\GENOMIQUE 2002-2003\SAV home\ZIP1\Themes\winter_cottage.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Gator.3013 skipped F:\Disc Gilda 05-01-07\Disc C\LABO\GENOMIQUE 2002-2003\SAV home\ZIP1\Themes\winter_cottage.exe WiseSFX: infected - 1 skipped F:\Disc Gilda 28 oct 2007\LABO\GENOMIQUE 2002-2003\SAV home\ZIP1\Themes\rainbow_tts.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.d skipped F:\Disc Gilda 28 oct 2007\LABO\GENOMIQUE 2002-2003\SAV home\ZIP1\Themes\rainbow_tts.exe WiseSFX: infected - 1 skipped F:\Disc Gilda 28 oct 2007\LABO\GENOMIQUE 2002-2003\SAV home\ZIP1\Themes\winter_cottage.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Gator.3013 skipped F:\Disc Gilda 28 oct 2007\LABO\GENOMIQUE 2002-2003\SAV home\ZIP1\Themes\winter_cottage.exe WiseSFX: infected - 1 skipped Scan process completed.
  5. GlendaGabon
    Hello Hello Bruce Lee, Génial , donc tout est bien qui va bien! As-tu une idée de ce que je peux faire pour éliminer ma fenêtre mystère? Restauration désactivée & réactivée: OK. Pour les DD externes: 1. Scan du 1er avec antivir: RAS 2. Scan du 2nd: détection de TR/Rontobrok.A et DR/Gator.3202. Pour l'instant j'ai mis les fichiers en quarantaine. DR/gator.3202 se trouve dans des fichiers restauration (encore eux décidément...) F:\system volume information\_restore{...}\RP442\A0043770.exe. 3. Voici le log HJThis que j'ai fait après la mise en quarantaine, avec le disc contaminé connecté au PC mais je ne suis pas sûre que celui-ci ait été réellement analysé (est-ce qu'il n'y aurait pas des options à cocher qqpart ) Merci @+ Glenda. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:04:36, on 06/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\HiJackThis\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.10:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=pavilion&pf=laptop O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172155585390 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CIRMF_GABON O17 - HKLM\Software\..\Telephony: DomainName = CIRMF_GABON O17 - HKLM\System\CCS\Services\Tcpip\..\{2B1CF6E8-1662-45BB-A110-E539C8DDC0B4}: NameServer = 151.99.125.2,217.77.71.1,195.83.14.1,195.217.62.126,152.99.125.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CIRMF_GABON O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CIRMF_GABON O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 10\Ncbi.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe -- End of file - 12721 bytes
  6. GlendaGabon
    Salut Bruce Lee , bon , ça fait déjà ça en moins! Merci à toi et à Apollo.01 Ceci dit il a effectivement deux problèmes que je n'arrive pas à régler qui sont apparus suite à brontok: 1. Le dossier "system volume information" m'est interdit d'accès quand je double-clic dessus. Dans les propriétés, il affiche 0 fichier-0 octet. Quand avast (que j'ai désinstallé pour antivir comme recommandé par Apo) passait dessus, il me signalait des fichiers à l'intérieur comme archives corrompues, dont le nombre augmentait tout les jours (à cause de la création automatique des points de restauration peut-être?). En l'occurence je ne sais pas ce que signifie le "corrompu" mais je m'inquiète surtout de l'accès interdit et des 0 octet. 2. J'ai une fenêtre "fantôme" à chaque démarrage de mon PC, qui s'ouvre et se ferme trop vite pour que j'arrive à identifier ce dont il s'agit exactement. Ces derniers jours j'avais aussi systématiquement une erreur au démarrage "LaunchApplication.exe n'a pu démarrer", mais ce matin le message a disparu, de lui-même, je n'ai rien touché... Hier soir à la fermeture, erreur "wowexec" et "iexplore.exe": c'est la première fois que je vois wowexec mais j'ai toujours eu des messages d'erreur à la fermeture, en particulier iexplore.exe. Je préfère te donner toutes les infos mais ceci ne m'inquiète pas vraiment. Voilà pour le petit bilan des symptômes... diagnostic docteur ? Sinon sur le plan de la sécurité, j'ai 2 disques durs externes à décontaminer: pour l'instant ils sont rangés dans un tiroir et je n'ai pas osé les reconnecter à mon PC. J'ai des datas importantes dessus que je dois récupérer, peux-tu me conseiller pour les nettoyer sans réinfecter mon PC s.t.p.? Merci pour ton aide et à bientôt, Glenda
  7. GlendaGabon
    Bonsoir Bruce Lee RAS sur muscle.exe par virus total & vraisemblablement rien d'infectieux détecté par Kasperski sur mon PC, mais plusieurs fichiers verrouillés. @+ , Glenda. 1. VirusTotal Fichier muscle.exe reçu le 2007.11.05 15:35:39 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2007.11.6.0 2007.11.05 - AntiVir 7.6.0.30 2007.11.05 - Authentium 4.93.8 2007.11.03 - Avast 4.7.1074.0 2007.11.05 - AVG 7.5.0.503 2007.11.05 - BitDefender 7.2 2007.11.05 - CAT-QuickHeal 9.00 2007.11.03 - ClamAV 0.91.2 2007.11.05 - DrWeb 4.44.0.09170 2007.11.05 - eSafe 7.0.15.0 2007.10.28 - eTrust-Vet 31.2.5264 2007.11.02 - Ewido 4.0 2007.11.05 - FileAdvisor 1 2007.11.05 - Fortinet 3.11.0.0 2007.10.19 - F-Prot 4.4.2.54 2007.11.05 - F-Secure 6.70.13030.0 2007.11.05 - Ikarus T3.1.1.12 2007.11.05 - Kaspersky 7.0.0.125 2007.11.05 - McAfee 5155 2007.11.02 - Microsoft 1.2908 2007.11.05 - NOD32v2 2637 2007.11.05 - Norman 5.80.02 2007.11.05 - Panda 9.0.0.4 2007.11.04 - Prevx1 V2 2007.11.05 - Rising 20.17.01.00 2007.11.05 - Sophos 4.23.0 2007.11.05 - Sunbelt 2.2.907.0 2007.11.02 - Symantec 10 2007.11.05 - TheHacker 6.2.9.110 2007.10.27 - VBA32 3.12.2.4 2007.11.03 - VirusBuster 4.3.26:9 2007.11.05 - Information additionnelle File size: 299008 bytes MD5: 62ff6b597b542e17846f022ce83e0e93 SHA1: c5b49861a0b07e80cad339fb14abafb072fb2ce7 2. Kaspersky ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, November 05, 2007 5:54:33 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 5/11/2007 Kaspersky Anti-Virus database records: 451836 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 95977 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 01:38:06 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Gilda\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Gilda\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Gilda\Historique\History.IE5\MSHist012007110520071106\index.dat Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Messenger\gilda_grard@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Messenger\gilda_grard@hotmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Messenger\gilda_grard@hotmail.com\SharingMetadata\Working\database_48E7_6D21_D02_4AA\dfsr.db Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Messenger\gilda_grard@hotmail.com\SharingMetadata\Working\database_48E7_6D21_D02_4AA\fsr.log Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Messenger\gilda_grard@hotmail.com\SharingMetadata\Working\database_48E7_6D21_D02_4AA\fsrtmp.log Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Messenger\gilda_grard@hotmail.com\SharingMetadata\Working\database_48E7_6D21_D02_4AA\tmp.edb Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Windows Live Contacts\gilda_grard@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Application Data\Microsoft\Windows Live Contacts\gilda_grard@hotmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DF1943.tmp Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DF1955.tmp Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DF2C7B.tmp Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DF2C8D.tmp Object is locked skipped C:\Documents and Settings\Gilda\Local Settings\Temp\~DFCE27.tmp Object is locked skipped C:\Documents and Settings\Gilda\ntuser.dat Object is locked skipped C:\Documents and Settings\Gilda\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Gilda\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP197\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{0299C85C-176C-46E5-9671-71A0E904CE58}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  8. GlendaGabon
    Salut Bruce Lee, Muscle.exe est en fait un logiciel que j'utilise pour le boulot. Pas peu fier de sa puissance de calcul, il l'affiche dans son nom! Je lance ta procédure pour vérifier. @+, Glenda.
  9. GlendaGabon
    Salut Bruce Lee , après le scan, la fenêtre Virus Log Information est restée vide, vraisemblablement rien n'a été détecté. Par contre quelques erreurs ont été signalées dans l'autre fenêtre. Je ne sais pas ce que cela signifie et comme maintenant je flippe dès que je vois "error" quelque part je me permets de te poster ces "morceaux choisis" du log mwav (ainsi que la section des paramètres, histoire de faire corriger ma copie). J'ai quand même refait un ComboFix et HJThis dont je te joins les rapports également. Perplexe devant tout ça, et puisqu'un train peut en cacher un autre, j'ai refouillé dans tout ce que j'avais fait . J'avais aussi un "Trojan-gen" dans un programme zip que par chance je n'avais ni utilisé ni même dezippé (et que j'ai supprimé depuis). Par ailleurs j'ai regardé le rapport de mon scan Bitdef online que j'avais fait avant de venir sur le forum de Zebulon. BitDef avait supprimé d'autres fichiers infectés, passés inaperçus (cf ci-dessous). Comme mes problèmes avaient vraiment commençé avec brontok et que tout avait été supprimé, j'ai oublié l'affaire . Merci et à bientôt , Glenda. Extrait du rapport BitDef C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine5277CA8.exe=>(Quarantine-2) Infecté par: Worm.RJump.K C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine5277CA8.exe=>(Quarantine-2) Echec de la désinfection C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine5277CA8.exe=>(Quarantine-2) Supprimé C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BA01C88.exe=>(Quarantine-2) Infecté par: Worm.RJump.K C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BA01C88.exe=>(Quarantine-2) Echec de la désinfection C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BA01C88.exe=>(Quarantine-2) Supprimé C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineE880000\4E9B7705.VBN Infecté par: Worm.RJump.A C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineE880000\4E9B7705.VBN Echec de la désinfection C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineE880000\4E9B7705.VBN Supprimé C:\Documents and Settings\Gilda\Local Settings\Application Data\ListHost10.txt Infecté par: Generic.Qhost.616793F4 C:\Documents and Settings\Gilda\Local Settings\Application Data\ListHost10.txt Echec de la désinfection C:\Documents and Settings\Gilda\Local Settings\Application Data\ListHost10.txt Supprimé C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP193\A0038458.exe=>(Quarantine-2) Infecté par: Worm.RJump.K C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP193\A0038458.exe=>(Quarantine-2) Echec de la désinfection C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP193\A0038458.exe=>(Quarantine-2) Supprimé C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP193\A0038459.exe=>(Quarantine-2) Infecté par: Worm.RJump.K C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP193\A0038459.exe=>(Quarantine-2) Echec de la désinfection C:\System Volume Information\_restore{206D5C9A-566B-437B-A762-213EF381532E}\RP193\A0038459.exe=>(Quarantine-2) Supprimé Morceaux Choisis du rapport mwav Sun Nov 04 22:41:06 2007 => ********************************************************** Sun Nov 04 22:41:06 2007 => eScan AntiVirus Toolkit Utility. Sun Nov 04 22:41:06 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc. Sun Nov 04 22:41:06 2007 => ********************************************************** Sun Nov 04 22:41:06 2007 => Version 4.4.7 Sun Nov 04 22:41:06 2007 => Log File: C:\KASPER~1\mwav.log Sun Nov 04 22:41:11 2007 => Latest Date of files inside MWAV: 04 Nov 2007 21:49:01. Sun Nov 04 22:41:16 2007 => AV Library Loaded... Sun Nov 04 22:41:16 2007 => Scanning File C:\KASPER~1\kavss.exe Sun Nov 04 22:41:16 2007 => Scanning File C:\KASPER~1\Getvlist.exe Sun Nov 04 22:41:16 2007 => Scanning File C:\KASPER~1\kavss.dll Sun Nov 04 22:41:16 2007 => Scanning File C:\KASPER~1\kavssdi.dll Sun Nov 04 22:41:16 2007 => Scanning File C:\KASPER~1\kavssi.dll Sun Nov 04 22:41:16 2007 => Scanning File C:\KASPER~1\kavvlg.dll Sun Nov 04 22:41:16 2007 => Scanning File C:\KASPER~1\msvlclnt.dll Sun Nov 04 22:41:16 2007 => Scanning File C:\KASPER~1\ipc.dll Sun Nov 04 22:41:16 2007 => Scanning File C:\KASPER~1\main.avi Sun Nov 04 22:41:16 2007 => Scanning File C:\KASPER~1\virus.avi Sun Nov 04 22:41:16 2007 => Virus Database Date: 2007/11/04 Sun Nov 04 22:41:16 2007 => Virus Database Count: 451540 Sun Nov 04 22:41:34 2007 => ********************************************************** Sun Nov 04 22:41:34 2007 => eScan AntiVirus Toolkit Utility. Sun Nov 04 22:41:34 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc. Sun Nov 04 22:41:34 2007 => Sun Nov 04 22:41:34 2007 => Support: support@mwti.net Sun Nov 04 22:41:34 2007 => Web: http://www.mwti.net Sun Nov 04 22:41:34 2007 => ********************************************************** Sun Nov 04 22:41:34 2007 => Version 4.4.7 Sun Nov 04 22:41:34 2007 => Log File: C:\KASPER~1\mwav.log Sun Nov 04 22:41:34 2007 => Latest Date of files inside MWAV: 04 Nov 2007 21:49:01. Sun Nov 04 22:41:34 2007 => Options Selected by User: Sun Nov 04 22:41:34 2007 => Memory Check: Enabled Sun Nov 04 22:41:34 2007 => Registry Check: Enabled Sun Nov 04 22:41:34 2007 => StartUp Folder Check: Enabled Sun Nov 04 22:41:34 2007 => System Folder Check: Enabled Sun Nov 04 22:41:34 2007 => System Area Check: Disabled Sun Nov 04 22:41:34 2007 => Services Check: Enabled Sun Nov 04 22:41:34 2007 => Drive Check: Disabled Sun Nov 04 22:41:34 2007 => All Drive Check :Enabled Sun Nov 04 22:41:34 2007 => Scanning Type: Scan And Clean Sun Nov 04 22:41:34 2007 => Folder Check: Disabled (...) Sun Nov 04 22:41:40 2007 => ***** Scanning Service Files ***** Sun Nov 04 22:41:41 2007 => ERROR!!! Invalid Entry \??\C:\DOCUME~1\Gilda\LOCALS~1\Temp\catchme.sys in SYSTEM\CurrentControlSet\Services\catchme... Sun Nov 04 22:41:47 2007 => ERROR!!! Invalid Entry "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" in SYSTEM\CurrentControlSet\Services\Planificateur LiveUpdate automatique... Sun Nov 04 22:41:50 2007 => ERROR!!! Invalid Entry system32\DRIVERS\UIUSYS.SYS in SYSTEM\CurrentControlSet\Services\UIUSys... (...) Sun Nov 04 22:43:27 2007 => ***** Scanning All Drives ***** Sun Nov 04 22:47:04 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\Audrey\Bureau\SAV mes docs gilda\SAV Clef USB 500\Mila SV100327.JPG? (...) Sun Nov 04 22:48:18 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\Gilda\Cookies\index.dat (...) Sun Nov 04 22:48:21 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\Gilda\HISTOR~1\History.IE5\index.dat (...) Sun Nov 04 22:48:21 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\Gilda\HISTOR~1\History.IE5\MSHIST~3\index.dat (...) Sun Nov 04 22:48:32 2007 => ERROR!!! MS_ScanAndClean return ffffffff (...) Sun Nov 04 22:48:32 2007 => ERROR!!! MS_ScanAndClean return ffffffff (...) Sun Nov 04 22:48:36 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\Gilda\LOCALS~1\APPLIC~1\MICROS~1\Windows\UsrClass.dat (...) Sun Nov 04 22:48:36 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\Gilda\LOCALS~1\APPLIC~1\MICROS~1\Windows\USRCLA~1.LOG (...) Sun Nov 04 22:53:06 2007 => ERROR!!! MS_ScanAndClean return ffffffff (...) Sun Nov 04 22:58:50 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\Gilda\Mes documents\SAV Clef USB 500 26 oct 07\Mila SV100327.JPG? (...) Sun Nov 04 22:59:04 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\Gilda\NTUSER~1.LOG (...) Sun Nov 04 22:59:59 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\UsrClass.dat (...) Sun Nov 04 22:59:59 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\USRCLA~1.LOG (...) Sun Nov 04 23:00:00 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\NTUSER.DAT (...) Sun Nov 04 23:00:00 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\NTUSER~1.LOG (...) Sun Nov 04 23:17:06 2007 => ERROR!!! ScanFile fails for C:\LABO\GENOMIQUE 2004-2006\JJL-AUDREY\2006\tik 402 au 434 10?06.xls (...) Mon Nov 05 00:00:38 2007 => ERROR!!! FindFirstFile For C:\System Volume Information\*.* Failed!!! Reason is Accès refusé. (0x5) (...) Mon Nov 05 00:17:37 2007 => Scanning Folder: C:\WINDOWS\system32\config\*.* Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\Antiviru.evt Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\Antivirus.Evt Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\AppEvent.Evt Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\AppEvent.Evt Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\default Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\default Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\default.bak Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\default.LOG Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\default.LOG Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\default.sav Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\default.tmp.LOG [**] Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\Media Ce.evt Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\MEDIAC~1.EVT Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\SAM Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SAM Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\SAM.bak Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\SAM.LOG Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SAM.LOG Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\SAM.tmp.LOG [**] Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\SecEvent.Evt Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SecEvent.Evt Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\SECURITY Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SECURITY Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\SECURITY.bak Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\SECURITY.LOG Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SECURITY.LOG Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\SECURITY.tmp.LOG Mon Nov 05 00:17:37 2007 => *** File C:\WINDOWS\system32\config\software having Size Restriction *** Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\software [**] Mon Nov 05 00:17:37 2007 => *** File C:\WINDOWS\system32\config\software.bak having Size Restriction *** Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\software.bak [**] Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\software.LOG Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\software.LOG Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\software.sav Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\software.tmp.LOG [**] Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\SysEvent.Evt Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SysEvent.Evt Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\system Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\system Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\system.bak Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\system.LOG Mon Nov 05 00:17:37 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\system.LOG Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\system.sav Mon Nov 05 00:17:37 2007 => Scanning File C:\WINDOWS\system32\config\system.tmp.LOG [**] (...) Mon Nov 05 00:20:12 2007 => Scanning Folder: C:\WINDOWS\system32\wbem\Repository\FS\*.* Mon Nov 05 00:20:12 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Mon Nov 05 00:20:12 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Mon Nov 05 00:20:12 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Mon Nov 05 00:20:12 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Mon Nov 05 00:20:12 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Mon Nov 05 00:20:12 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Mon Nov 05 00:20:12 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Mon Nov 05 00:20:12 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Mon Nov 05 00:20:12 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Mon Nov 05 00:20:12 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Mon Nov 05 00:20:12 2007 => *** File C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA having Size Restriction *** Mon Nov 05 00:20:12 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA [**] Mon Nov 05 00:20:12 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Mon Nov 05 00:20:12 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP (...) Mon Nov 05 00:21:24 2007 => ***** Checking for specific ITW Viruses ***** Mon Nov 05 00:21:24 2007 => Checking for Welchia Virus... Mon Nov 05 00:21:24 2007 => Checking for LovGate Virus... Mon Nov 05 00:21:24 2007 => Checking for CodeRed Virus... Mon Nov 05 00:21:24 2007 => Checking for OpaServ Virus... Mon Nov 05 00:21:24 2007 => Checking for Sobig.e Virus... Mon Nov 05 00:21:24 2007 => Checking for Winupie Virus... Mon Nov 05 00:21:24 2007 => Checking for Swen Virus... Mon Nov 05 00:21:24 2007 => Checking for JS.Fortnight Virus... Mon Nov 05 00:21:24 2007 => Checking for Novarg Virus... Mon Nov 05 00:21:25 2007 => Checking for Pagabot Virus... Mon Nov 05 00:21:25 2007 => Checking for Parite.b Virus... Mon Nov 05 00:21:25 2007 => Checking for Parite.a Virus... Mon Nov 05 00:21:25 2007 => ***** Scanning complete. ***** Mon Nov 05 00:21:25 2007 => Total Number of Files Scanned: 89966 Mon Nov 05 00:21:25 2007 => Total Number of Virus(es) Found: 0 Mon Nov 05 00:21:25 2007 => Total Number of Disinfected Files: 0 Mon Nov 05 00:21:25 2007 => Total Number of Files Renamed: 0 Mon Nov 05 00:21:25 2007 => Total Number of Deleted Files: 0 Mon Nov 05 00:21:25 2007 => Total Number of Errors: 10 Mon Nov 05 00:21:25 2007 => Time Elapsed: 01:39:40 Mon Nov 05 00:21:25 2007 => Virus Database Date: 2007/11/04 Mon Nov 05 00:21:25 2007 => Virus Database Count: 451540 Mon Nov 05 00:21:26 2007 => Scan Completed. Mon Nov 05 00:27:31 2007 => Virus Database Date: 2007/11/04 Mon Nov 05 00:27:31 2007 => Virus Database Count: 451540 Mon Nov 05 00:27:56 2007 => AV Library Unloaded (3)... log HJThis Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 09:34:52, on 05/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\explorer.exe C:\Program Files\HiJackThis\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.10:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=pavilion&pf=laptop O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172155585390 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CIRMF_GABON O17 - HKLM\Software\..\Telephony: DomainName = CIRMF_GABON O17 - HKLM\System\CCS\Services\Tcpip\..\{2B1CF6E8-1662-45BB-A110-E539C8DDC0B4}: NameServer = 151.99.125.2,217.77.71.1,195.83.14.1,195.217.62.126,152.99.125.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CIRMF_GABON O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CIRMF_GABON O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 10\Ncbi.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe -- End of file - 12200 bytes Et enfin rapport ComboFix ComboFix 07-11-01.1** - Gilda 2007-11-05 9:31:00.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1604 [GMT 1:00] Running from: C:\Documents and Settings\Gilda\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))))))) . 2007-11-04 20:26 <REP> d-------- C:\Downloads 2007-11-04 20:24 <REP> d-------- C:\Kaspersky 2007-11-03 21:01 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-03 19:35 <REP> d-------- C:\WINDOWS\ERUNT 2007-11-02 21:07 <REP> d-------- C:\Program Files\Avira 2007-11-02 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-11-02 20:52 <REP> d-------- C:\Program Files\Antivir 2007-11-02 15:56 <REP> d-------- C:\Program Files\cwshredder 2007-11-02 13:51 <REP> d-------- C:\WINDOWS\BDOSCAN8 2007-10-31 21:17 <REP> d-------- C:\Program Files\CCleaner 2007-10-31 21:16 2,628,288 --a------ C:\ccleaner_ccleaner_2.01.507_francais_14492.exe 2007-10-30 19:05 <REP> d-------- C:\Program Files\Lavasoft 2007-10-30 19:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-30 19:04 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-30 18:58 19,755,376 --a------ C:\aaw2007.exe 2007-10-30 18:43 529 --a------ C:\DesactiveRestrictionsRegistre.vbs 2007-10-30 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-30 17:24 7,467,056 --a------ C:\spybotsd15.exe 2007-10-30 11:21 407,680 --a------ C:\aswclnr.exe 2007-10-29 20:48 <REP> d-------- C:\Program Files\Alwil Software 2007-10-29 20:28 <REP> d--h----- C:\Documents and Settings\Audrey.GILDA-HP\Voisinage réseau 2007-10-29 20:28 <REP> d--h----- C:\Documents and Settings\Audrey.GILDA-HP\Voisinage d'impression 2007-10-29 20:28 <REP> d---s---- C:\Documents and Settings\Audrey.GILDA-HP\Temporary Internet Files 2007-10-29 20:28 <REP> d--h----- C:\Documents and Settings\Audrey.GILDA-HP\Modèles 2007-10-29 20:28 <REP> dr------- C:\Documents and Settings\Audrey.GILDA-HP\Mes documents 2007-10-29 20:28 <REP> dr------- C:\Documents and Settings\Audrey.GILDA-HP\Menu Démarrer 2007-10-29 20:28 <REP> d---s---- C:\Documents and Settings\Audrey.GILDA-HP\Historique 2007-10-29 20:28 <REP> dr------- C:\Documents and Settings\Audrey.GILDA-HP\Favoris 2007-10-29 20:28 <REP> d-------- C:\Documents and Settings\Audrey.GILDA-HP\Bureau 2007-10-29 20:28 <REP> d-------- C:\Documents and Settings\Audrey.GILDA-HP\Application Data\PC Suite 2007-10-29 20:28 <REP> d-------- C:\Documents and Settings\Audrey.GILDA-HP\Application Data\Logitech 2007-10-29 19:20 17,521,856 --a------ C:\setupfre.exe 2007-10-29 19:20 88,064 --a------ C:\brontgui.com 2007-10-29 18:56 151,696 --a------ C:\FxSasser(2).exe 2007-10-29 18:56 38,912 --a------ C:\AntiBrontokA-en.exe 2007-10-29 16:22 151,696 --a------ C:\FxSasser.exe 2007-10-29 16:21 91,136 --a------ C:\f-sasser.exe 2007-10-26 18:52 <REP> d-------- C:\Documents and Settings\Gilda\Application Data\Otto 2007-10-26 18:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Otto 2007-10-26 17:40 <REP> d-------- C:\Nad 2007-10-26 15:53 <REP> d-------- C:\Documents and Settings\Audrey\Application Data\Logitech 2007-10-26 15:52 <REP> d-------- C:\Documents and Settings\Audrey\Temporary Internet Files 2007-10-26 15:52 <REP> d-------- C:\Documents and Settings\Audrey\Modèles 2007-10-26 15:52 <REP> d-------- C:\Documents and Settings\Audrey\Historique 2007-10-26 15:52 <REP> d-------- C:\Documents and Settings\Audrey\Favoris 2007-10-26 15:52 <REP> d-------- C:\Documents and Settings\Audrey\Bureau 2007-10-26 15:52 <REP> d-------- C:\Documents and Settings\Audrey\Application Data\PC Suite 2007-10-26 10:05 <REP> d-------- C:\Program Files\ChromasPro 2007-10-26 09:49 <REP> d-------- C:\ChromasPro 2007-10-22 09:24 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-03 16:28 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-10-31 21:10 --------- d-----w C:\Program Files\GemMasterFrench 2007-10-29 19:47 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-09-25 07:07 --------- d-----w C:\Program Files\EndNote 2007-08-22 12:57 96,768 ------w C:\WINDOWS\system32\dllcache\inseng.dll 2007-08-22 12:57 669,696 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-22 12:57 620,032 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-22 12:57 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-22 12:57 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-22 12:57 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-08-22 12:57 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-22 12:57 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-08-22 12:57 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-08-22 12:57 3,085,824 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-22 12:57 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-08-22 12:57 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-22 12:57 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-22 12:57 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-08-22 12:57 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-22 12:57 1,498,624 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-08-22 12:57 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll 2007-08-22 12:57 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll 2005-09-24 06:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2005-09-08 14:26 299,008 ----a-w C:\Documents and Settings\Gilda\muscle.exe 2007-01-05 23:31:06 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 06:58] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 06:58] "nwiz"="nwiz.exe" [2006-07-20 06:58 C:\WINDOWS\system32\nwiz.exe] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 16:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 06:22] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 15:14] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 10:50] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-02-23 20:10] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 C:\WINDOWS\KHALMNPR.Exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "HPWUTOOLBOX"="C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [2005-09-19 11:31] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-02 21:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 05:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 08:56] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Démarrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30] HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-01-05 23:00:56] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-22 21:57:24] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-05 09:32:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???@X??????`?@?????L?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-05 9:33:01 C:\ComboFix2.txt ... 2007-11-03 21:10 . --- E O F ---
  10. GlendaGabon
    Bonsoir Bruce Lee, et merci de bien vouloir m'aider Opérations de mises à jours terminées, je m'en vais scanner tout ça et je te poste les rapports demain. Bye Bye Glenda.
  11. GlendaGabon
    Oui bien sûr, je patiente et ne touche à rien en attendant. La désinfection des autres supports était une question que je gardais pour la fin: j'ai fait des sauvegardes sur dd externe entre le moment de l'infection et le moment où j'ai compris.... Je suis pratiquement sûre d'avoir "emboucanné" 2 disques en plus de mon PC... Depuis je les ai gardés en quarantaine dans mon tiroir (avec mes clés USB). Pour info, mon PC a le même message d'erreur au démarrage qu'hier soir mais les programmes actifs sont revenus dans la zone de notification (antivir est re re de retour). Je dois te dire que j'utilisais la mauvaise terminologie jusqu'à présent car je ne faisais pas de distinction entre cette zone et la barre de tache: je te prie sincèrement de m'excuser si je t'ai induit en erreur. Sinon, juste pour savoir, est-ce que les trucs vraiment louches sont dans les rapports d'analyse où dans les symptomes de mon PC (où les 2)? Bye, @+ Glenda.
  12. GlendaGabon
    Apo, et bien non pas de redirection à signaler. Mais je n'ai pas pu télécharger combofix via ton lien: 404 Not Found The requested URL '/sUBs/combofix.exe' was not found on this server. thttpd/2.25b 29dec2003 Alors je l'ai eu par http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe Tout s'est bien passé jusqu'au redémarrage du PC où j'ai eu le message d'erreur suivant "Launchapplication.exe - composant introuvable. Cette application n'a pas pu démarrer car ConnAPI.DLL est introuvable. La réinstallation de cette application peut corriger ce problème." Le nom est un peu trop généric pour que je sache de quoi il s'agit au juste comme application . Peut-être bien plusieurs d'ailleurs car il manque plusieurs choses dans la barre de tache (entre autre, l'icone antivir s'est de nouveau volatilisée). Ceci dit, cela ne semble pas avoir perturbé combofix qui a poursuivi sont boulot (ouf!) jusqu'à l'affichage du rapport ci-dessous. @+ , Glenda. ComboFix 07-11-01.1** - Gilda 2007-11-03 21:03:08.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1554 [GMT 1:00] Running from: C:\Documents and Settings\Gilda\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\z.txt D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NWSAPAGENT -------\NwSapAgent -------\poof ((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))))))) . 2007-11-03 21:01 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-03 19:35 <REP> d-------- C:\WINDOWS\ERUNT 2007-11-02 21:07 <REP> d-------- C:\Program Files\Avira 2007-11-02 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-11-02 20:52 <REP> d-------- C:\Program Files\Antivir 2007-11-02 15:56 <REP> d-------- C:\Program Files\cwshredder 2007-11-02 13:51 <REP> d-------- C:\WINDOWS\BDOSCAN8 2007-10-31 21:17 <REP> d-------- C:\Program Files\CCleaner 2007-10-31 21:16 2,628,288 --a------ C:\ccleaner_ccleaner_2.01.507_francais_14492.exe 2007-10-30 19:05 <REP> d-------- C:\Program Files\Lavasoft 2007-10-30 19:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-30 19:04 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-30 18:58 19,755,376 --a------ C:\aaw2007.exe 2007-10-30 18:43 529 --a------ C:\DesactiveRestrictionsRegistre.vbs 2007-10-30 17:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-30 17:24 7,467,056 --a------ C:\spybotsd15.exe 2007-10-30 11:21 407,680 --a------ C:\aswclnr.exe 2007-10-29 20:48 <REP> d-------- C:\Program Files\Alwil Software 2007-10-29 20:28 <REP> d--h----- C:\Documents and Settings\Audrey.GILDA-HP\Voisinage réseau 2007-10-29 20:28 <REP> d--h----- C:\Documents and Settings\Audrey.GILDA-HP\Voisinage d'impression 2007-10-29 20:28 <REP> d---s---- C:\Documents and Settings\Audrey.GILDA-HP\Temporary Internet Files 2007-10-29 20:28 <REP> d--h----- C:\Documents and Settings\Audrey.GILDA-HP\Modèles 2007-10-29 20:28 <REP> dr------- C:\Documents and Settings\Audrey.GILDA-HP\Mes documents 2007-10-29 20:28 <REP> dr------- C:\Documents and Settings\Audrey.GILDA-HP\Menu Démarrer 2007-10-29 20:28 <REP> d---s---- C:\Documents and Settings\Audrey.GILDA-HP\Historique 2007-10-29 20:28 <REP> dr------- C:\Documents and Settings\Audrey.GILDA-HP\Favoris 2007-10-29 20:28 <REP> d-------- C:\Documents and Settings\Audrey.GILDA-HP\Bureau 2007-10-29 20:28 <REP> d-------- C:\Documents and Settings\Audrey.GILDA-HP\Application Data\PC Suite 2007-10-29 20:28 <REP> d-------- C:\Documents and Settings\Audrey.GILDA-HP\Application Data\Logitech 2007-10-29 19:20 17,521,856 --a------ C:\setupfre.exe 2007-10-29 19:20 88,064 --a------ C:\brontgui.com 2007-10-29 18:56 151,696 --a------ C:\FxSasser(2).exe 2007-10-29 18:56 38,912 --a------ C:\AntiBrontokA-en.exe 2007-10-29 16:22 151,696 --a------ C:\FxSasser.exe 2007-10-29 16:21 91,136 --a------ C:\f-sasser.exe 2007-10-26 18:52 <REP> d-------- C:\Documents and Settings\Gilda\Application Data\Otto 2007-10-26 18:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Otto 2007-10-26 17:40 <REP> d-------- C:\Nad 2007-10-26 15:53 <REP> d-------- C:\Documents and Settings\Audrey\Application Data\Logitech 2007-10-26 15:52 <REP> d-------- C:\Documents and Settings\Audrey\Temporary Internet Files 2007-10-26 15:52 <REP> d-------- C:\Documents and Settings\Audrey\Modèles 2007-10-26 15:52 <REP> d-------- C:\Documents and Settings\Audrey\Historique 2007-10-26 15:52 <REP> d-------- C:\Documents and Settings\Audrey\Favoris 2007-10-26 15:52 <REP> d-------- C:\Documents and Settings\Audrey\Bureau 2007-10-26 15:52 <REP> d-------- C:\Documents and Settings\Audrey\Application Data\PC Suite 2007-10-26 10:05 <REP> d-------- C:\Program Files\ChromasPro 2007-10-26 09:49 <REP> d-------- C:\ChromasPro 2007-10-22 09:24 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-03 16:28 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-10-31 21:10 --------- d-----w C:\Program Files\GemMasterFrench 2007-10-29 19:47 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-09-25 07:07 --------- d-----w C:\Program Files\EndNote 2007-08-03 14:17 71,680 ----a-w C:\WINDOWS\ST5UNST.EXE 2005-09-08 14:26 299,008 ----a-w C:\Documents and Settings\Gilda\muscle.exe 2007-01-05 23:31:06 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 06:58] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 06:58] "nwiz"="nwiz.exe" [2006-07-20 06:58 C:\WINDOWS\system32\nwiz.exe] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 16:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 06:22] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 15:14] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 10:50] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-02-23 20:10] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 C:\WINDOWS\KHALMNPR.Exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "HPWUTOOLBOX"="C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe" [2005-09-19 11:31] "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 14:10] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-02 21:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 05:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 08:56] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 08:59] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Démarrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30] HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-01-05 23:00:56] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-01-22 21:57:24] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-03 21:07:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???@X??????`?@?????L?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-03 21:10:05 - machine was rebooted . --- E O F ---
  13. GlendaGabon
    Bonsoir Apollo.01, et tout d'abord merci de t'occuper de ce dossier, même pendant ton WE . Voici donc les rapports après ATF-cleaner + SDFix + HJThis. après tout ça, l'icone d'antivir s'est installée dans la barre de tache. "Système Volume Information" reste interdit d'accès (avec la propriété de contenir 0 octet depuis quelques jours). Merci et à bientôt Glenda. Rapport SDFix------------------------------------------------------------------------------------------- SDFix: Version 1.113 Run by Gilda on 03/11/2007 at 19:36 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-03 19:43:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Invitrogen\\Vector NTI Advance 10\\Vector NTI 10.exe"="C:\\Program Files\\Invitrogen\\Vector NTI Advance 10\\Vector NTI 10.exe:*:Enabled:Vector NTI 10.0.1" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Files with Hidden Attributes: Sat 6 Jan 2007 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys" Tue 25 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 31 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sat 3 Nov 2007 128,704,971 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT2.tmp" Finished! Rapport HJThis------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:50:04, on 03/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\HiJackThis\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.10:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=pavilion&pf=laptop O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172155585390 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CIRMF_GABON O17 - HKLM\Software\..\Telephony: DomainName = CIRMF_GABON O17 - HKLM\System\CCS\Services\Tcpip\..\{2B1CF6E8-1662-45BB-A110-E539C8DDC0B4}: NameServer = 151.99.125.2,217.77.71.1,195.83.14.1,195.217.62.126,152.99.125.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CIRMF_GABON O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CIRMF_GABON O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 10\Ncbi.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe -- End of file - 12681 bytes
  14. GlendaGabon
    RE , bon ben c'est déjà ça de gagner, enfin je crois... J'ai fait tourner l'outil de désinstallation et voici le rapport de DiagHelp ( énorme ce rapport...). Il me faudrait au moins 10 vies pour arriver à piger qqch @+ Glenda. DiagHelp version v1.3 - http://www.malekal.com excute le 03/11/2007 à 17:42:00,89 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->03/11/2007 17:41:32 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->03/11/2007 17:41:26 C:\WINDOWS\prefetch\SPYBOTSD.EXE-1344276B.pf -->03/11/2007 17:38:33 C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->03/11/2007 17:37:20 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->03/11/2007 17:37:08 C:\WINDOWS\prefetch\EHREC.EXE-3B4F59C8.pf -->03/11/2007 17:33:57 C:\WINDOWS\prefetch\EHMSAS.EXE-181DA6C9.pf -->03/11/2007 17:33:57 C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->03/11/2007 17:33:47 C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->03/11/2007 17:33:20 C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf -->03/11/2007 17:33:19 C:\WINDOWS\System32\drivers\avipbb.sys -->02/11/2007 21:09:38 C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:11 C:\WINDOWS\System32\drivers\AWRTRD.sys -->07/08/2007 13:58:08 C:\WINDOWS\System32\drivers\NSDriver.sys -->07/08/2007 13:56:58 C:\WINDOWS\System32\drivers\avgntmgr.sys -->18/07/2007 14:22:19 C:\WINDOWS\System32\drivers\AWRTPD.sys -->11/07/2007 14:37:26 C:\WINDOWS\System32\drivers\update.sys -->23/04/2007 11:32:54 C:\WINDOWS\System32\nvapps.xml -->03/11/2007 17:31:53 C:\WINDOWS\System32\CONFIG.NT -->02/11/2007 21:00:48 C:\WINDOWS\System32\d3d9caps.dat -->31/10/2007 21:59:13 C:\WINDOWS\System32\perfh00C.dat -->31/10/2007 15:39:32 C:\WINDOWS\System32\perfh009.dat -->31/10/2007 15:39:32 C:\WINDOWS\System32\perfc00C.dat -->31/10/2007 15:39:32 C:\WINDOWS\System32\perfc009.dat -->31/10/2007 15:39:32 C:\WINDOWS\System32\PerfStringBackup.INI -->31/10/2007 15:39:31 C:\WINDOWS\System32\wpa.dbl -->29/10/2007 15:57:17 C:\WINDOWS\System32\FNTCACHE.DAT -->29/10/2007 15:57:09 C:\WINDOWS\System32\ssprs.tgz -->26/10/2007 18:22:09 C:\WINDOWS\System32\lsprst7.tgz -->26/10/2007 18:22:09 C:\WINDOWS\System32\MRT.exe -->28/09/2007 06:19:39 C:\WINDOWS\System32\TZLog.log -->06/09/2007 09:09:57 C:\WINDOWS\System32\ssprs.dll -->29/08/2007 17:09:50 C:\WINDOWS\System32\lsprst7.dll -->29/08/2007 17:09:50 C:\WINDOWS\System32\wininet.dll -->22/08/2007 13:57:30 C:\WINDOWS\System32\urlmon.dll -->22/08/2007 13:57:30 C:\WINDOWS\System32\shlwapi.dll -->22/08/2007 13:57:30 C:\WINDOWS\System32\shdocvw.dll -->22/08/2007 13:57:29 C:\WINDOWS\System32\pngfilt.dll -->22/08/2007 13:57:28 C:\WINDOWS\System32\mstime.dll -->22/08/2007 13:57:28 C:\WINDOWS\System32\msrating.dll -->22/08/2007 13:57:28 C:\WINDOWS\System32\mshtmled.dll -->22/08/2007 13:57:28 C:\WINDOWS\System32\mshtml.dll -->22/08/2007 13:57:28 C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt -->03/11/2007 17:33:49 C:\WINDOWS\WindowsUpdate.log -->03/11/2007 17:33:48 C:\WINDOWS\setupapi.log -->03/11/2007 17:33:35 C:\WINDOWS.log -->03/11/2007 17:32:55 C:\WINDOWS\wiaservc.log -->03/11/2007 17:32:40 C:\WINDOWS\wiadebug.log -->03/11/2007 17:32:40 C:\WINDOWS\bootstat.dat -->03/11/2007 17:29:40 C:\WINDOWS\SchedLgU.Txt -->03/11/2007 17:28:41 C:\WINDOWS\NeroDigital.ini -->03/11/2007 16:30:16 C:\WINDOWS\ntbtlog.txt -->02/11/2007 21:26:21 C:\WINDOWS\f-sasser.log -->01/11/2007 18:22:00 C:\WINDOWS\setuperr.log -->01/11/2007 14:55:25 C:\WINDOWS\setupact.log -->01/11/2007 14:55:25 C:\WINDOWS\Sti_Trace.log -->31/10/2007 22:03:42 C:\WINDOWS\GSAS.ini -->31/10/2007 21:57:29 MD5 des fichiers sensibles tcpip.sys 1dbf125862891817f374f407626967f4 ndis.sys aa898f84d2b59129fb92e143a2c73434 null.sys 73c1e1f395918bc2c6dd67af7591a3ad svchost.exe 1bd6c2f707a275cb7c16fd99fe0f31ca ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1852 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x10000000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 0x10100000 0xe000 2.40.0849.0000 C:\Program Files\Logitech\SetPoint\lgscroll.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll 0x02910000 0x11a000 1.05.0000.0008 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x02790000 0x8e000 6.84.0083.0007 C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll 0x02820000 0xa5000 6.84.0100.0004 C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll 0x01290000 0xb000 6.84.0051.0000 C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr 0x02e00000 0x87000 6.84.0015.0001 C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x011f0000 0xd000 7.00.0009.0050 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 968 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 0D02-04AA Répertoire de C:\WINDOWS\system32 25/03/2006 05:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 43 334 950 912 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 0D02-04AA Répertoire de C:\WINDOWS\Downloaded Program Files 02/11/2007 13:52 <REP> . 02/11/2007 13:52 <REP> .. 02/07/2007 15:44 941 688 asquared.ocx 07/12/2004 17:07 32 bdcore.dll 25/05/2006 01:21 118 784 bdupd.dll 17/05/2006 13:29 241 CabSA.inf 29/10/2007 17:51 <REP> CONFLICT.1 29/06/2006 10:09 65 desktop.ini 26/07/2002 01:13 24 576 dwusplay.dll 26/07/2002 01:13 196 608 dwusplay.exe 25/05/2006 01:21 53 248 ipsupd.dll 27/07/2004 23:48 323 584 isusweb.dll 16/03/2005 12:34 7 407 lang.ini 07/12/2004 17:07 32 libfn.dll 14/03/2005 14:38 126 live.ini 26/05/2005 04:19 293 muweb.inf 01/06/2006 02:57 1 331 oscan8.inf 01/06/2006 02:54 471 040 oscan8.ocx 31/05/2006 04:15 10 oscan81.ocx_x 17/05/2006 13:32 161 480 rufsi.dll 14/03/2005 14:58 7 073 scanoptions.tsi 14/02/2007 15:30 144 setup.inf 09/11/2006 14:36 5 019 swflash.inf 20 fichier(s) 2 312 781 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 29/10/2007 17:51 <REP> . 29/10/2007 17:51 <REP> .. 17/05/2006 14:29 241 CabSA.inf 17/05/2006 14:32 161 480 rufsi.dll 2 fichier(s) 161 721 octets Total des fichiers listés : 22 fichier(s) 2 474 502 octets 5 Rép(s) 43 334 946 816 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Invitrogen\\Vector NTI Advance 10\\Vector NTI 10.exe"="C:\\Program Files\\Invitrogen\\Vector NTI Advance 10\\Vector NTI 10.exe:*:Enabled:Vector NTI 10.0.1" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 232 - spoolsv.exe 280 - avguard.exe 312 - ehtray.exe 536 - SynTPEnh.exe 552 - QPService.exe 776 - QLBCTRL.exe 872 - winampa.exe 928 - csrss.exe 932 - HPWUTBX.exe 944 - msdtc.exe 968 - winlogon.exe 1012 - services.exe 1024 - lsass.exe 1148 - avgnt.exe 1176 - svchost.exe 1256 - svchost.exe 1368 - ctfmon.exe 1380 - GoogleToolbarNo 1388 - msnmsgr.exe 1400 - svchost.exe 1440 - svchost.exe 1496 - wmpnscfg.exe 1656 - HPWebcam.exe 1736 - svchost.exe 1796 - IEXPLORE.EXE 1852 - explorer.exe 1944 - aawservice.exe 2352 - sched.exe 2440 - ehSched.exe 2452 - hpqimzone.exe 2516 - svchost.exe 2684 - MDM.EXE 2764 - nvsvc32.exe 2812 - svchost.exe 2824 - svchost.exe 2864 - mqsvc.exe 2892 - dllhost.exe 3124 - mcrdsvc.exe 3368 - wmpnetwk.exe 3492 - alg.exe 3560 - mqtgsvc.exe 4012 - ServiceLayer.ex 5596 - cmd.exe Total number of processes = 44 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll F7987000 - \WINDOWS\system32\KDCOM.DLL F7897000 - \WINDOWS\system32\BOOTVID.dll F7357000 - ACPI.sys F7989000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F7346000 - pci.sys F7487000 - isapnp.sys F7497000 - ohci1394.sys F74A7000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F789B000 - compbatt.sys F789F000 - \WINDOWS\system32\DRIVERS\BATTC.SYS F7A4F000 - pciide.sys F7707000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F798B000 - intelide.sys F798D000 - viaide.sys F798F000 - aliide.sys F7328000 - pcmcia.sys F74B7000 - MountMgr.sys F7309000 - ftdisk.sys F7991000 - dmload.sys F72E3000 - dmio.sys F78A3000 - ACPIEC.sys F7A50000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS F770F000 - PartMgr.sys F74C7000 - VolSnap.sys F72CB000 - atapi.sys F71F5000 - iaStor.sys F74D7000 - disk.sys F74E7000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F71D5000 - fltMgr.sys F71C3000 - sr.sys F7717000 - PxHelp20.sys F71AC000 - KSecDD.sys F7199000 - WudfPf.sys F710C000 - Ntfs.sys F70DF000 - NDIS.sys F70CE000 - Serial.sys F70B3000 - Mup.sys F7517000 - \SystemRoot\system32\DRIVERS\nic1394.sys F7537000 - \SystemRoot\system32\DRIVERS\intelppm.sys F700A000 - \SystemRoot\system32\DRIVERS\CmBatt.sys F7006000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys F613C000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys F6128000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F6103000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F5F61000 - \SystemRoot\system32\DRIVERS\NETw3x32.sys F5F35000 - \SystemRoot\system32\DRIVERS\e1e5132.sys F77A7000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F5F12000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F77AF000 - \SystemRoot\system32\DRIVERS\usbehci.sys F5F01000 - \SystemRoot\system32\DRIVERS\sdbus.sys F77B7000 - \SystemRoot\system32\DRIVERS\rimmptsk.sys F7547000 - \SystemRoot\system32\DRIVERS\rimsptsk.sys F5EB5000 - \SystemRoot\system32\DRIVERS\rixdptsk.sys F7953000 - \SystemRoot\system32\DRIVERS\cpqbttn.sys F7557000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F77BF000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F7567000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F77C7000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F5E85000 - \SystemRoot\system32\DRIVERS\SynTP.sys F79BB000 - \SystemRoot\system32\DRIVERS\USBD.SYS F77CF000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7577000 - \SystemRoot\system32\DRIVERS\imapi.sys F7587000 - \SystemRoot\system32\DRIVERS\cdrom.sys F7597000 - \SystemRoot\system32\DRIVERS\redbook.sys F5E62000 - \SystemRoot\system32\DRIVERS\ks.sys F7B7B000 - \SystemRoot\system32\DRIVERS\audstub.sys F75A7000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F6C07000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F5E4B000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F75B7000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F75C7000 - \SystemRoot\system32\DRIVERS\raspptp.sys F77D7000 - \SystemRoot\system32\DRIVERS\TDI.SYS F5E3A000 - \SystemRoot\system32\DRIVERS\psched.sys F6550000 - \SystemRoot\system32\DRIVERS\msgpc.sys F77DF000 - \SystemRoot\system32\DRIVERS\ptilink.sys F77E7000 - \SystemRoot\system32\DRIVERS\raspti.sys F5E09000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F6540000 - \SystemRoot\system32\DRIVERS\termdd.sys F79BD000 - \SystemRoot\system32\DRIVERS\swenum.sys F5DB0000 - \SystemRoot\system32\DRIVERS\update.sys F6BEB000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F6BE7000 - \SystemRoot\system32\DRIVERS\kbdhid.sys F6530000 - \SystemRoot\System32\Drivers\NDProxy.SYS F23B1000 - \SystemRoot\system32\drivers\CHDAud.sys F238D000 - \SystemRoot\system32\drivers\portcls.sys F76E7000 - \SystemRoot\system32\drivers\drmk.sys F235A000 - \SystemRoot\system32\DRIVERS\HSFHWAZL.sys F2266000 - \SystemRoot\system32\DRIVERS\HSF_DPV.sys F21B4000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys F784F000 - \SystemRoot\System32\Drivers\Modem.SYS F5C87000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7A2F000 - \SystemRoot\System32\Drivers\i2omgmt.SYS F7A31000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7BB7000 - \SystemRoot\System32\Drivers\Null.SYS F7A33000 - \SystemRoot\System32\Drivers\Beep.SYS F77EF000 - \SystemRoot\System32\drivers\vga.sys F7A35000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7A37000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F77F7000 - \SystemRoot\System32\Drivers\Msfs.SYS F77FF000 - \SystemRoot\System32\Drivers\Npfs.SYS F796F000 - \SystemRoot\system32\DRIVERS\rasacd.sys F06F4000 - \SystemRoot\system32\DRIVERS\ipsec.sys F069C000 - \SystemRoot\system32\DRIVERS\tcpip.sys F0674000 - \SystemRoot\system32\DRIVERS\netbt.sys F0653000 - \SystemRoot\system32\DRIVERS\ipnat.sys F0631000 - \SystemRoot\System32\drivers\afd.sys F183D000 - \SystemRoot\system32\DRIVERS\netbios.sys F182D000 - \SystemRoot\system32\DRIVERS\wanarp.sys F7A39000 - \SystemRoot\system32\DRIVERS\eabfiltr.sys F7807000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F0606000 - \SystemRoot\system32\DRIVERS\rdbss.sys F0597000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F6520000 - \SystemRoot\system32\DRIVERS\arp1394.sys F6510000 - \SystemRoot\System32\Drivers\Fips.SYS F6500000 - \SystemRoot\system32\DRIVERS\avipbb.sys F7A3B000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys F0574000 - \SystemRoot\System32\Drivers\Fastfat.SYS F781F000 - \SystemRoot\system32\DRIVERS\usbprint.sys F64E0000 - \SystemRoot\system32\DRIVERS\snp2uvc.sys F64D0000 - \SystemRoot\system32\DRIVERS\STREAM.SYS F7827000 - \SystemRoot\system32\DRIVERS\sncduvc.SYS F64C0000 - \SystemRoot\System32\Drivers\LHidUsbK.Sys F782F000 - \SystemRoot\system32\DRIVERS\LHidKE.Sys F0A9F000 - \SystemRoot\system32\DRIVERS\mouhid.sys F0563000 - \SystemRoot\system32\DRIVERS\LMouKE.Sys F048D000 - \SystemRoot\System32\Drivers\dump_iaStor.sys BF800000 - \SystemRoot\System32\win32k.sys F5DA0000 - \SystemRoot\System32\drivers\Dxapi.sys F783F000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7ABB000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll BA250000 - \SystemRoot\system32\DRIVERS\nwlnkipx.sys BAC6C000 - \SystemRoot\system32\DRIVERS\nwlnknb.sys BA2CE000 - \SystemRoot\system32\DRIVERS\ndisuio.sys F7677000 - \SystemRoot\system32\DRIVERS\nwlnkspx.sys B98AD000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys B9830000 - \SystemRoot\system32\DRIVERS\mrxdav.sys B97F3000 - \SystemRoot\system32\drivers\wdmaud.sys BAC7C000 - \SystemRoot\system32\drivers\sysaudio.sys B9650000 - \SystemRoot\System32\Drivers\SENTINEL.SYS B8F96000 - \SystemRoot\System32\Drivers\Cdfs.SYS B8999000 - \SystemRoot\System32\Drivers\HTTP.sys B877E000 - \SystemRoot\system32\DRIVERS\srv.sys B875E000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys B7D03000 - \??\C:\WINDOWS\system32\drivers\mqac.sys B7CD1000 - \??\C:\WINDOWS\system32\drivers\RMCast.sys F778F000 - \SystemRoot\System32\Drivers\TDTCP.SYS B73EB000 - \SystemRoot\System32\Drivers\RDPWD.SYS F7BB4000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 152 Liste des programmes installes ABI Prism 7000 ABI Prism 7000 Ad-Aware 2007 Adobe Flash Player 9 ActiveX Adobe Photoshop 5.0 Limited Edition Adobe Reader 7.0.9 - Français Amélioration de nos services Amélioration de nos services Avira AntiVir PersonalEdition Classic BioEdit BioEdit BufferChm CCleaner (remove only) Cn3D 4.1 Conexant HD Audio Connexion Facile à Internet Connexion Facile à Internet Correctif n° 2 pour Windows XP Édition Media Center 2005 Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB888795) Correctif pour Windows XP (KB891593) Correctif pour Windows XP (KB896256) Correctif pour Windows XP (KB899337) Correctif pour Windows XP (KB899510) Correctif pour Windows XP (KB902841) Correctif pour Windows XP (KB909095) Correctif pour Windows XP (KB910728) Correctif pour Windows XP (KB912436) Correctif Windows XP - KB873333 Correctif Windows XP - KB873339 Correctif Windows XP - KB883667 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885855 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888113 Correctif Windows XP - KB888239 Correctif Windows XP - KB888302 Correctif Windows XP - KB890546 Correctif Windows XP - KB890859 Correctif Windows XP - KB891220 Correctif Windows XP - KB891781 Correctif Windows XP - KB892559 Correctif Windows XP - KB895961 CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_OnlineProjectsConfig CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config cp_PosterPrintConfig cp_UpdateProjectsConfig CueTour DAMBE Destinations DeviceManagementQFolder dnaTools Xplorer 2.0 EndNote Eudora FinchTV FullDPAppQFolder Google Toolbar for Internet Explorer HijackThis 2.0.0 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB926239) HP Help and Support HP Imaging Device Functions 6.0 HP Officejet Pro Série K550 HP Pavilion Webcam HP Photosmart Premier Software 6.0 HP Quick Launch Buttons 6.10 A2 HP QuickPlay 2.3 HP Update HP User Guides 0036 HP Wireless Assistant 2.00 G2 HpSdpAppCoreApp InstantShareDevices Intel® PRO Network Connections Drivers ISI ResearchSoft - Export Helper J2SE Runtime Environment 5.0 Update 6 Java SE Runtime Environment 6 Update 1 Lasergene 7 v7.1.0 Lecteur Windows Media 11 LightScribe 1.4.97.1 Logitech SetPoint Macromedia Flash Player 8 Macromedia Shockwave Player MEGA 3.1 Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office 2000 Small Business Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.5 Microsoft Works Misc Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows XP (KB893066) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901190) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB903235) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928090) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB929969) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931768) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933566) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937143) Mise à jour de sécurité pour Windows XP (KB938127) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB939653) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour pour Lecteur Windows Media 10 (KB910393) Mise à jour pour Lecteur Windows Media 10 (KB913800) Mise à jour pour Lecteur Windows Media 10 (KB926251) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB896727) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911164) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB912945) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) MSN MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Nero 6 Ultra Edition NetWaiting Nokia Connectivity Cable Driver Nokia PC Suite Nokia PC Suite NVIDIA Drivers OptionalContentQFolder Otto Package de pilotes Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) Package de pilotes Windows - Nokia Modem (02/15/2007 3.1) Package de pilotes Windows - Nokia Modem (02/15/2007 3.1) Package de pilotes Windows - Nokia Modem (05/24/2007 6.84.0.1) PC Connectivity Solution PhotoGallery RandMap RDP-V2 Beta 08 RDP-V2 Beta 08 (C:\Program Files\RDP-V2 Beta 08\) Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Sequencher 4.7 SimPlot SkinsHP1 Soft Data Fax Modem with SmartCP Sonic Audio Module Sonic Copy Module Sonic Data Module Sonic Express Labeler Sonic MyDVD Plus Sonic Update Manager Sonic_PrimoSDK SonicAC3Encoder SonicMPEGEncoder Spybot - Search & Destroy Synaptics Pointing Device Driver Toolbox UGuide Unload V10CC V10CNT V10COM V10DT V10NQ V10PFAM VD Codec Pack 0.8 Vector NTI 10 VideoLAN VLC media player 0.8.1 WebFldrs XP Winamp (remove only) Windows Genuine Advantage Validation Tool Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Live Sign-in Assistant Windows Media Connect Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows XP Media Center Edition 2005 KB925766 WinGene WinPep Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 0D02-04AA Répertoire de C:\Program Files 03/11/2007 17:29 <REP> . 03/11/2007 17:29 <REP> .. 22/01/2007 22:00 <REP> ABI Prism 7000 22/01/2007 21:51 <REP> Adobe 17/02/2007 15:25 <REP> Ahead 29/10/2007 20:48 <REP> Alwil Software 02/11/2007 20:56 <REP> Antivir 02/11/2007 21:07 <REP> Avira 31/10/2007 21:42 <REP> CCleaner 29/10/2007 15:55 <REP> ChromasPro 02/03/2007 09:42 <REP> Cincom 31/10/2006 05:16 <REP> ComPlus Applications 30/10/2006 20:57 <REP> CONEXANT 02/11/2007 15:56 <REP> cwshredder 29/06/2007 13:01 <REP> DAMBE 22/08/2007 17:16 <REP> DIFX 02/07/2007 13:12 <REP> DNASTAR 01/03/2007 17:19 <REP> dnaTools Xplorer 25/09/2007 08:07 <REP> EndNote 30/10/2007 19:04 <REP> Fichiers communs 30/10/2006 20:44 <REP> FrenchOtto 31/10/2007 22:10 <REP> GemMasterFrench 24/07/2007 10:19 <REP> Gene Codes 01/03/2007 17:11 <REP> Geospiza 14/02/2007 22:01 <REP> Google 05/01/2007 23:00 <REP> Hewlett-Packard 03/11/2007 15:42 <REP> HiJackThis 26/02/2007 14:17 <REP> HP 05/01/2007 22:33 <REP> HPQ 02/03/2007 12:08 <REP> Informax Installations 30/10/2007 03:03 <REP> Internet Explorer 02/03/2007 12:08 <REP> Invitrogen 13/06/2007 09:19 <REP> Java 30/10/2007 19:05 <REP> Lavasoft 22/01/2007 21:57 <REP> Logitech 06/03/2007 11:57 <REP> MEGA 3.1 15/02/2007 10:05 <REP> Messenger 25/05/2007 15:09 <REP> Microsoft CAPICOM 2.1.0.2 28/02/2007 19:32 <REP> microsoft frontpage 28/02/2007 19:32 <REP> Microsoft Office 06/01/2007 00:45 <REP> Microsoft Visual Studio 06/01/2007 00:45 <REP> Microsoft Works 06/01/2007 00:45 <REP> Microsoft.NET 31/10/2006 05:16 <REP> Movie Maker 13/02/2007 19:58 <REP> MSN 31/10/2006 05:16 <REP> MSN Gaming Zone 21/02/2007 18:14 <REP> MSN Messenger 14/02/2007 19:14 <REP> MSXML 4.0 22/01/2007 21:58 <REP> MUSICMATCH 18/01/2007 19:27 <REP> NCBI 31/10/2006 05:16 <REP> NetMeeting 30/10/2006 20:57 <REP> NetWaiting 22/08/2007 17:17 <REP> Nokia 31/10/2006 05:16 <REP> Online Services 14/06/2007 09:03 <REP> Outlook Express 22/08/2007 17:12 <REP> PC Connectivity Solution 03/08/2007 10:19 <REP> Qualcomm 18/01/2007 20:26 <REP> RaySoft 03/08/2007 15:17 <REP> RDP3 22/08/2007 11:48 <REP> RDP-V2 Beta 08 30/10/2006 20:56 <REP> Services en ligne 31/10/2006 05:16 <REP> Sonic 30/10/2007 17:28 <REP> Spybot - Search & Destroy 29/10/2007 20:47 <REP> Symantec AntiVirus 30/10/2006 20:48 <REP> Synaptics 03/03/2007 21:23 <REP> VDCodecPack0.8 02/03/2007 12:01 <REP> Vector NTI 10 Distributive 03/03/2007 21:24 <REP> VideoLAN 18/01/2007 21:13 <REP> Winamp 31/05/2007 14:55 <REP> Windows Media Connect 2 31/05/2007 15:09 <REP> Windows Media Player 31/10/2006 05:16 <REP> Windows NT 31/10/2006 05:16 <REP> Windows Plus 18/01/2007 19:28 <REP> WinPep 31/10/2006 05:16 <REP> xerox 0 fichier(s) 0 octets 75 Rép(s) 43 275 653 120 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 0D02-04AA Répertoire de C:\Program Files\fichiers communs 30/10/2007 19:04 <REP> . 30/10/2007 19:04 <REP> .. 01/03/2007 11:38 <REP> Adobe 17/02/2007 15:25 <REP> Ahead 06/01/2007 00:46 <REP> DESIGNER 31/10/2006 05:16 <REP> HP 02/03/2007 12:12 <REP> Informax 30/10/2006 20:39 <REP> InstallShield 31/10/2006 05:16 <REP> Java 17/02/2007 15:27 <REP> LightScribe 22/01/2007 21:57 <REP> Logitech 27/06/2007 14:11 <REP> Microsoft Shared 31/10/2006 05:16 <REP> MSSoap 22/08/2007 17:17 <REP> Nokia 31/10/2006 05:16 <REP> ODBC 22/08/2007 17:17 <REP> PCSuite 22/01/2007 22:02 <REP> Risxtd 31/10/2006 05:16 <REP> Services 31/10/2006 05:16 <REP> Sonic Shared 31/10/2006 05:16 <REP> SpeechEngines 31/10/2006 05:16 <REP> SureThing Shared 03/11/2007 17:28 <REP> Symantec Shared 14/06/2007 09:03 <REP> System 31/10/2006 05:16 <REP> TiVo Shared 30/10/2007 19:04 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 25 Rép(s) 43 275 653 120 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 0D02-04AA Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 06/01/2007 00:46 <REP> . 06/01/2007 00:46 <REP> .. 06/01/2007 00:45 <REP> 1033 06/01/2007 00:45 <REP> 1036 11/07/2003 10:15 1 292 872 MSONSEXT.DLL 15/07/2003 06:52 35 896 MSOSV.DLL 03/06/1999 19:09 122 937 MSOWS409.DLL 07/03/2001 14:00 127 033 MSOWS40c.DLL 11/07/2003 02:25 80 448 PKMWS.DLL 5 fichier(s) 1 659 186 octets 4 Rép(s) 43 275 653 120 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 0D02-04AA Répertoire de C:\ 30/10/2007 18:58 19 755 376 aaw2007.exe 29/10/2007 19:05 38 912 AntiBrontokA-en.exe 30/10/2007 11:21 407 680 aswclnr.exe 30/10/2007 17:58 2 628 288 ccleaner_ccleaner_2.01.507_francais_14492.exe 05/06/2000 08:44 475 648 clustalx.exe 29/10/2007 15:55 91 136 f-sasser.exe 29/10/2007 18:39 151 696 FxSasser(2).exe 29/10/2007 15:32 151 696 FxSasser.exe 08/09/2005 15:26 299 008 muscle.exe 29/10/2007 19:18 17 521 856 setupfre.exe 26/09/2002 04:41 319 488 SetupSysDriver.exe 29/10/2007 18:04 7 467 056 spybotsd15.exe 12 fichier(s) 49 307 840 octets 0 Rép(s) 43 275 653 120 octets libres c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{52FBAE98-D389-4281-8C14-21B4046CCB4E}\ARPPRODUCTICON.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{B16AF568-A644-483C-A6DA-5028CD019C8C}\ARPPRODUCTICON.exe c:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_fre_web.exe c:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe c:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe c:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe c:\Documents and Settings\Audrey.GILDA-HP\Application Data\Microsoft\Installer\{52FBAE98-D389-4281-8C14-21B4046CCB4E}\ARPPRODUCTICON.exe c:\Documents and Settings\Audrey.GILDA-HP\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe c:\Documents and Settings\Audrey.GILDA-HP\Application Data\Microsoft\Installer\{B16AF568-A644-483C-A6DA-5028CD019C8C}\ARPPRODUCTICON.exe c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{52FBAE98-D389-4281-8C14-21B4046CCB4E}\ARPPRODUCTICON.exe c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{B16AF568-A644-483C-A6DA-5028CD019C8C}\ARPPRODUCTICON.exe c:\Documents and Settings\Gilda\muscle.exe c:\Documents and Settings\Gilda\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Gilda\Application Data\Microsoft\Installer\{52FBAE98-D389-4281-8C14-21B4046CCB4E}\ARPPRODUCTICON.exe c:\Documents and Settings\Gilda\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe c:\Documents and Settings\Gilda\Application Data\Microsoft\Installer\{B16AF568-A644-483C-A6DA-5028CD019C8C}\ARPPRODUCTICON.exe c:\Documents and Settings\Gilda\Application Data\Microsoft\Installer\{C8BBE093-BB83-4D74-81A6-DA6AD235523F}\_39a7198a.exe c:\Documents and Settings\Gilda\Application Data\U3\temp\cleanup.exe c:\Documents and Settings\Gilda\Bureau\aswclear.exe c:\Documents and Settings\Gilda\Bureau\ChromasPro\ChromasPro.exe c:\Documents and Settings\Gilda\Bureau\PREPA XP\dotnetfx.exe c:\Documents and Settings\Gilda\Bureau\Réparation\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\Gilda\Bureau\Réparation\f-sasser.exe c:\Documents and Settings\Gilda\Bureau\Réparation\FxSasser.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\Norton_Removal_Tool.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Gilda\Bureau\Zebulon\DiagHelp\DiagHelp\tar.exe c:\Documents and Settings\Gilda\Mes documents\Ancien PC\Mes Doc Ancien PC\DT5_TEMP\blastall.exe c:\Documents and Settings\Gilda\Mes documents\Ancien PC\Mes Doc Ancien PC\DT5_TEMP\blastcl3.exe c:\Documents and Settings\Gilda\Mes documents\Ancien PC\Mes Doc Ancien PC\DT5_TEMP\clustalw.exe c:\Documents and Settings\Gilda\Mes documents\Ancien PC\Mes Doc Ancien PC\DT5_TEMP\clustalx.exe c:\Documents and Settings\Gilda\Mes documents\Ancien PC\Mes Doc Ancien PC\DT5_TEMP\convert_trace.exe c:\Documents and Settings\Gilda\Mes documents\Ancien PC\Mes Doc Ancien PC\DT5_TEMP\formatdb.exe c:\Documents and Settings\Gilda\Mes documents\Ancien PC\Mes Doc Ancien PC\puzzle\tree-puzzle-5.2\src\puzzle.exe c:\Documents and Settings\Gilda\Mes documents\Ancien PC\Mes Doc Ancien PC\treeview\_ISDEL.EXE c:\Documents and Settings\Gilda\Mes documents\Ancien PC\Mes Doc Ancien PC\treeview\SETUP.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\ALZip.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\CGS12_TBYB_EN.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\CorelDRAWGraphicsSuite12.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Eudora501.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\GATCViewerSetup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\INSTMSIA.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\INSTMSIW.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\intk32.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\ioware-w32-x86-402.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\j2re-1_4_1_02-windows-i586-i.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\mp10setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Nero-7.0.1.4b_fra.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Nokia_PC_Suite_6_84_10_3_fre_web.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\SETUP.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\SetupSysDriver.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\TreeExplorer.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\UNWISE.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\winamp52_full_emusic-7plus.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\WM9Codecs.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\wz90fr.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\FsecureNEW-version\a.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\FsecureNEW-version\autorun.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Acrobat\win32\AdbeRdr60_fra.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\CentralQ\QConsole\instmsiw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\CentralQ\QConsole\setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\CentralQ\QServer\instmsiw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\CentralQ\QServer\setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Reporting\Install.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Reporting\Agents\instmsiw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Reporting\Agents\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Reporting\MSDE\setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Reporting\MSDE\Msi\InstMsi.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Reporting\MSDE\Msi\InstMsi20.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Reporting\MSDE\Msi\InstMsiW.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Reporting\MSDE\Msi\InstMsiW20.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Reporting\Reporting\instmsiw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Reporting\Reporting\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\SETUP.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\AMS2\WINNT\amsremote.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\AMS2\WINNT\instmsiw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\AMS2\WINNT\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN32\instmsiw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN32\LUSETUP.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN32\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN32\VPREMOTE.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN32VISTA\LUSETUP.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN32VISTA\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN32VISTA\VPREMOTE.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN32VISTA\WindowsInstaller-KB893803-x86.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN64\LUSETUP.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN64\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN64\VPREMOTE.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN64VISTA\LUSETUP.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN64VISTA\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN64VISTA\VPREMOTE.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\CLIENTS\WIN64VISTA\WindowsInstaller-KB893803-x86.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\REPORTING\instmsiw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\REPORTING\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\REPORTING\VPRemote.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\SERVER\NETWARE\LOGIN\OSVER.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\SERVER\NETWARE\LOGIN\vp_log32.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\SERVER\WINNT\instmsiw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\SERVER\WINNT\LUSETUP.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\SERVER\WINNT\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\AVServer\SERVER\WINNT\VPREMOTE.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\ClientRemote\ClientRemote.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Rollout\ClientRemote\VPREMOTE.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SAV\instmsiw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SAV\LUSETUP.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SAV\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SAVVISTA\LUSETUP.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SAVVISTA\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SAVVISTA\WindowsInstaller-KB893803-x86.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SAVWin64\x64\LUSETUP.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SAVWin64\x64\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SAVWin64VISTA\x64\LUSETUP.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SAVWin64VISTA\x64\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SAVWin64VISTA\x64\WindowsInstaller-KB893803-x86.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SSC\instmsiw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SSC\setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SymSentry\Symantec_Client_Security_Posture_Plug-in\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SymSentry\Symantec_VPN_Sentry\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SymSentry\Symantec_VPN_Sentry_for_Check_Point\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\SymSentry\Symantec_VPN_Sentry_for_Nortel_Networks\Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\Importer.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\ResetACL.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\RoamAdmn.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\Sav9UninstallFix.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\LiveUpdate\InventoryViewer.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\LiveUpdate\LUAU.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\LiveUpdate\LUSETUP.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\Nosuprt\CLNA\CmdLineNetAudit.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\Nosuprt\Get_IP\Get_IP.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\Nosuprt\Packager\instmsia.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\Nosuprt\Packager\instmsiw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\Nosuprt\Packager\PMINST.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\Nosuprt\Packager\setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\Nosuprt\Sleep\Sleep.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Antivirus Symantec\Symantec_AntiVirus_10.2_Win\CD1\Tools\UNINSTLL\av32.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Bayes Beast\Tracer v1.3.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Chromas\chromas.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\clustal W 1.8\clustalw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\java.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\javacpl.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\javaw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\javaws.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\jucheck.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\jusched.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\keytool.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\kinit.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\klist.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\ktab.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\orbd.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\pack200.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\policytool.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\rmid.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\rmiregistry.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\servertool.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\tnameserv.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Java\jre1.5.0\bin\unpack200.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Media\VDCodecPack0.8.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Media\vlc-0.8.1-win32.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Media\winamp.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Media\WinRAR.v3.50.Final.FR-Cracked.by.eMule-Paradise.com\Crack.WinRAR.v3.50.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Media\WinRAR.v3.50.Final.FR-Cracked.by.eMule-Paradise.com\WinRAR.v3.50.Final.FR.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\MEGA2\Mega2.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\Keygen_ORiON-Nero.6.6.0.14.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\Nero-6.6.0.14_Patch_FR.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\Nero-6.6.0.14_Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\PLUGiNS\InCD-4.3.14.1.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\PLUGiNS\NMP-1.4.0.33.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\PLUGiNS\NVE-3.1.0.11.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\Nero.Burning.ROM.6.6.0.14.FR.Ultra.Edition.+.Plugins.+.Keygen-By.Gu$T-91\PLUGiNS\WMAPlugin20933.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Phylip\phylipw.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Phylip\phylipwx.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Phylip\phylipwy.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\RaySoft\SimPlot\SimPlot.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Rod Page\TreeView\treev32.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\sequin\asn2gb.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\sequin\sequin.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\sequin\sequin.win32.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\sequin\tbl2asn.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\setup dnatools\setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Software edit chromato\chromaslite201.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Software edit chromato\DNA Baser Setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Software edit chromato\Lasergene710WinInstall.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Software edit chromato\sqeditordemo_setup.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Software edit chromato\Vector NTI Advance 10.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Software edit chromato\xplorer-2.4.2.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Systat\MACPC.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Systat\SYSTAT.EXE c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\Vector NTI\Vector NTI Advance 10.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\WinPep\WinGene.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\WinPep\WinPep.exe c:\Documents and Settings\Gilda\Mes documents\Boulot\Software\WinPep\WinGene\WinGene.exe c:\Documents and Settings\Gilda\Mes documents\Clélia\VWInstallerWin.exe c:\Documents and Settings\Gilda\Mes documents\Conneries\GoogleVideoPlayerSetup.exe c:\Documents and Settings\Gilda\Mes documents\Conneries\XS00FR.exe c:\Documents and Settings\Gilda\Mes documents\Conneries\XS01FR.exe c:\Documents and Settings\Gilda\Mes documents\MAJ\Install_Messenger.exe c:\Documents and Settings\Gilda\Mes documents\Mes images\WOLF\WolvesInst.exe c:\Documents and Settings\Gilda\Mes documents\SAV Clef USB 500 26 oct 07\EN602Patch.EXE c:\Documents and Settings\Gilda\Mes documents\SAV Clef USB 500 26 oct 07\ChromasPro\ChromasPro.exe c:\Documents and Settings\Gilda\Mes documents\SAV Clef USB 500 26 oct 07\struct\ChromasPro140.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp
  15. GlendaGabon
    Bonjour Apo , Voici les rapports requis après désinstallation d'avast et installation d'antivir + scan en mode sans échec (pas d'infection identifiée) + HijackThis au redémarrage. Ceci dit, pour être sûre de faire les choses correctement cette fois-ci , je préfère vérifier auprès de toi si ces 2 choses sont normales (où pas): 1. l'icone comme quoi il est actif ne s'affiche pas dans la barre de tache, mais le guard est signalé comme actif quand j'ouvre antivir 2. malgré le scan, "last complete system scan" est signalé comme non fait Est-ce que je dois changer d'autres paramètres configuration et refaire un scan? Merci beaucoup , Glenda. Rapport 1------------------------------------------------------------------------- AntiVir PersonalEdition Classic Report file date: vendredi 2 novembre 2007 22:28 Scanning for 913479 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Gilda Computer name: GILDA-HP Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55 ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 20:09:38 ANTIVIR3.VDF : 7.0.0.165 129536 Bytes 02/11/2007 20:09:38 AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 02/11/2007 20:09:38 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 2 novembre 2007 22:28 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '56' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: vendredi 2 novembre 2007 23:21 Used time: 53:12 min The scan has been done completely. 7570 Scanning directories 528802 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 528802 Files not concerned 13156 Archives were scanned 1 Warnings 23 Notes Rapport 2 -------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:41:31, on 03/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HiJackThis\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.10:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=pavilion&pf=laptop O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172155585390 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CIRMF_GABON O17 - HKLM\Software\..\Telephony: DomainName = CIRMF_GABON O17 - HKLM\System\CCS\Services\Tcpip\..\{2B1CF6E8-1662-45BB-A110-E539C8DDC0B4}: NameServer = 151.99.125.2,217.77.71.1,195.83.14.1,195.217.62.126,152.99.125.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CIRMF_GABON O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CIRMF_GABON O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 10\Ncbi.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe -- End of file - 12790 bytes
×
×
  • Créer...