ivy
-
Compteur de contenus
157 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par ivy
-
rha, saloperie ! c'était trop beau pour être vrai pas de souci pour essayer tout ce que vous me dites déjà, je vous suis immensément redevable pour tout le temps que vous passez sur ce problème. merci infiniment be-bop-a-lula ? voici : ComboFix 07-12-02.7 - ivy 2007-12-08 12:38:03.7 - NTFSx86 Running from: C:\Documents and Settings\ivy\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\ivy\Bureau\CFScript.txt * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Fichiers communs\Services\IQLZNYq.exe C:\WINDOWS\system32\12.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_MEMSWEEP2 -------\LEGACY_SYSWPG -------\MEMSWEEP2 -------\SysWpg ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))))))) . 2007-12-06 20:08 . 2007-12-07 13:06 250 --a------ C:\WINDOWS\gmer.ini 2007-12-05 12:50 . 2007-12-05 12:50 <REP> d-------- C:\Documents and Settings\ivy\Application Data\SLAutoSave 2007-12-03 20:18 . 2007-12-03 20:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-03 11:26 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2007-12-03 11:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-12-03 11:26 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-03 11:26 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2007-12-03 10:26 . 2007-12-03 10:26 <REP> d-------- C:\Deckard 2007-12-02 17:06 . 2007-12-02 17:06 <REP> d-------- C:\WINDOWS\report 2007-12-02 17:04 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Backup 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\VPTNFILE.855 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\LPT$VPN.855 2007-12-02 17:04 . 2007-12-02 17:04 1,899,383 --a------ C:\WINDOWS\tsc.ptn 2007-12-02 17:04 . 2007-12-02 17:04 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-12-02 17:04 . 2007-12-02 17:04 267,845 --a------ C:\WINDOWS\tsc.exe 2007-12-02 17:04 . 2007-12-02 17:04 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-12-02 17:04 . 2007-12-02 17:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-12-02 17:04 . 2007-12-02 18:49 823 --a------ C:\WINDOWS\tsc.ini 2007-12-02 17:02 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Temp 2007-12-02 17:02 . 2007-12-02 17:02 <REP> d-------- C:\WINDOWS\AU_Log 2007-12-02 17:02 . 2007-12-02 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-12-02 17:02 . 2007-12-02 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-12-02 17:02 . 2007-12-02 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-12-02 17:02 . 2007-12-02 17:02 170 --a------ C:\WINDOWS\GetServer.ini 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\UC.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\RAR.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\LHA.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\ARJ.PIF 2007-12-01 17:32 . 2007-12-01 17:33 387 --a------ C:\WINDOWS\wincmd.ini 2007-11-30 11:54 . 2007-12-05 10:50 <REP> d-------- C:\Documents and Settings\ivy\Application Data\OpenOffice.org2 2007-11-30 11:43 . 2007-11-30 11:44 <REP> d-------- C:\Program Files\OpenOffice.org 2.3 2007-11-19 22:51 . 2007-11-30 11:40 <REP> d-------- C:\Program Files\Java 2007-11-19 22:50 . 2007-11-19 22:50 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-11-18 20:55 . 2007-12-01 22:15 <REP> d-------- C:\Documents and Settings\ivy\Application Data\Grisoft 2007-11-18 20:54 . 2007-11-18 20:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-18 20:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-18 18:35 . 2007-11-18 18:35 <REP> d-------- C:\Program Files\Trend Micro 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-16 19:16 . 2004-10-20 15:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-16 19:16 . 2004-10-20 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-16 19:16 . 2007-12-01 21:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-16 17:44 . 2007-11-16 17:45 <REP> d-------- C:\Program Files\process-explorer_process_explorer_10.21_anglais_14566 2007-11-16 17:02 . 2007-11-16 17:02 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-10 23:23 . 2007-11-10 23:23 0 --a------ C:\WINDOWS\oodcnt.INI 2007-11-10 23:22 . 2007-11-10 23:22 <REP> d-------- C:\WINDOWS\system32\oodag 2007-11-09 11:06 . 2007-11-09 11:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-11-08 18:49 . 2007-11-10 21:56 <REP> d-------- C:\Program Files\EClea2_0 2007-11-08 18:00 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-08 15:50 . 2007-11-08 15:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-08 15:02 . 2007-11-08 15:02 23 --ahs---- C:\WINDOWS\system32\fccbbcc8_g.dll 2007-11-08 15:02 . 2007-11-08 15:02 23 --a------ C:\WINDOWS\system32\cbbcbbdafed_g.ocx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 19:56 2,834 ----a-w C:\Program Files\RegSearch.txt 2007-12-05 19:54 916 ----a-w C:\Program Files\Options.txt 2007-12-05 19:54 352,768 ----a-w C:\Program Files\regsearch.exe 2007-12-05 19:54 2,560 ----a-w C:\Program Files\History.txt 2007-12-05 15:28 --------- d-----w C:\Program Files\BSW 2007-12-03 21:33 863 ----a-w C:\Program Files\i_view32.ini 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Lavasoft 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Image Zone Express 2007-12-01 21:15 --------- d-----w C:\Documents and Settings\ivy\Application Data\HP 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\dvdcss 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\AdobeUM 2007-11-08 14:45 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-07 06:54 71,680 ----a-w C:\WINDOWS\ST5UNST.EXE 2007-07-30 08:53 765 -c--a-w C:\Program Files\i_languages.txt 2007-07-30 08:53 62,543 -c--a-w C:\Program Files\i_changes.txt 2007-07-30 08:53 5,734 -c--a-w C:\Program Files\i_plugins.txt 2007-07-30 08:53 456,704 ----a-w C:\Program Files\i_view32.exe 2007-07-30 08:53 29,184 -c--a-w C:\Program Files\iv_uninstall.exe 2007-07-30 08:53 272,616 -c--a-w C:\Program Files\i_view32.chm 2007-07-30 08:53 2,235 -c--a-w C:\Program Files\i_about.txt 2007-07-30 08:53 11,737 -c--a-w C:\Program Files\i_options.txt . ((((((((((((((((((((((((((((( snapshot@2007-12-03_17.54.09,42 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE + 2007-12-06 19:08:44 585,791 ----a-w C:\WINDOWS\gmer.dll + 2007-12-06 19:04:28 581,632 ----a-w C:\WINDOWS\gmer.exe + 2007-12-06 19:08:45 70,001 ----a-w C:\WINDOWS\system32\drivers\gmer.sys - 2003-07-25 09:14:34 458,752 ----a-w C:\WINDOWS\system32\eraser.dll + 2007-07-28 21:05:06 640,336 ----a-w C:\WINDOWS\system32\Eraser.dll + 2007-12-08 11:46:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_604.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2004-07-15 10:42 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-12 22:18] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 1 (0x1) "NoFavoritesMenu"= 1 (0x1) S2 SysWpg;SysWpg;"C:\Program Files\Fichiers communs\Services\IQLZNYq.exe" S4 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys *Newly Created Service* - SYSWPG . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-08 12:48:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-08 12:54:24 - machine was rebooted C:\ComboFix2.txt ... 2007-12-08 08:21 C:\ComboFix3.txt ... 2007-12-07 12:27 . --- E O F --- merci
-
salut charles, salut les amis ce matin, grâce à sfp, aucun souci pour uploader le fichier qui posait problème voici le rapport demandé : ComboFix 07-12-02.7 - ivy 2007-12-08 8:05:52.6 - NTFSx86 Running from: C:\Documents and Settings\ivy\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\ivy\Bureau\CFScript.txt * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Fichiers communs\Services\IQLZNYq.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SYSWPG -------\SysWpg ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))))))) . 2007-12-06 20:08 . 2007-12-07 13:06 250 --a------ C:\WINDOWS\gmer.ini 2007-12-05 12:50 . 2007-12-05 12:50 <REP> d-------- C:\Documents and Settings\ivy\Application Data\SLAutoSave 2007-12-03 20:18 . 2007-12-03 20:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-03 11:26 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2007-12-03 11:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-12-03 11:26 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-03 11:26 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2007-12-03 10:26 . 2007-12-03 10:26 <REP> d-------- C:\Deckard 2007-12-02 17:06 . 2007-12-02 17:06 <REP> d-------- C:\WINDOWS\report 2007-12-02 17:04 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Backup 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\VPTNFILE.855 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\LPT$VPN.855 2007-12-02 17:04 . 2007-12-02 17:04 1,899,383 --a------ C:\WINDOWS\tsc.ptn 2007-12-02 17:04 . 2007-12-02 17:04 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-12-02 17:04 . 2007-12-02 17:04 267,845 --a------ C:\WINDOWS\tsc.exe 2007-12-02 17:04 . 2007-12-02 17:04 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-12-02 17:04 . 2007-12-02 17:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-12-02 17:04 . 2007-12-02 18:49 823 --a------ C:\WINDOWS\tsc.ini 2007-12-02 17:02 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Temp 2007-12-02 17:02 . 2007-12-02 17:02 <REP> d-------- C:\WINDOWS\AU_Log 2007-12-02 17:02 . 2007-12-02 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-12-02 17:02 . 2007-12-02 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-12-02 17:02 . 2007-12-02 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-12-02 17:02 . 2007-12-02 17:02 170 --a------ C:\WINDOWS\GetServer.ini 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\UC.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\RAR.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\LHA.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\ARJ.PIF 2007-12-01 17:32 . 2007-12-01 17:33 387 --a------ C:\WINDOWS\wincmd.ini 2007-11-30 11:54 . 2007-12-05 10:50 <REP> d-------- C:\Documents and Settings\ivy\Application Data\OpenOffice.org2 2007-11-30 11:43 . 2007-11-30 11:44 <REP> d-------- C:\Program Files\OpenOffice.org 2.3 2007-11-19 22:51 . 2007-11-30 11:40 <REP> d-------- C:\Program Files\Java 2007-11-19 22:50 . 2007-11-19 22:50 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-11-18 20:55 . 2007-12-01 22:15 <REP> d-------- C:\Documents and Settings\ivy\Application Data\Grisoft 2007-11-18 20:54 . 2007-11-18 20:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-18 20:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-18 18:35 . 2007-11-18 18:35 <REP> d-------- C:\Program Files\Trend Micro 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-16 19:16 . 2004-10-20 15:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-16 19:16 . 2004-10-20 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-16 19:16 . 2007-12-01 21:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-16 17:44 . 2007-11-16 17:45 <REP> d-------- C:\Program Files\process-explorer_process_explorer_10.21_anglais_14566 2007-11-16 17:02 . 2007-11-16 17:02 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-10 23:23 . 2007-11-10 23:23 0 --a------ C:\WINDOWS\oodcnt.INI 2007-11-10 23:22 . 2007-11-10 23:22 <REP> d-------- C:\WINDOWS\system32\oodag 2007-11-09 11:06 . 2007-11-09 11:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-11-08 18:49 . 2007-11-10 21:56 <REP> d-------- C:\Program Files\EClea2_0 2007-11-08 18:00 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-08 15:50 . 2007-11-08 15:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-08 15:02 . 2007-11-08 15:02 23 --ahs---- C:\WINDOWS\system32\fccbbcc8_g.dll 2007-11-08 15:02 . 2007-11-08 15:02 23 --a------ C:\WINDOWS\system32\cbbcbbdafed_g.ocx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 19:56 2,834 ----a-w C:\Program Files\RegSearch.txt 2007-12-05 19:54 916 ----a-w C:\Program Files\Options.txt 2007-12-05 19:54 352,768 ----a-w C:\Program Files\regsearch.exe 2007-12-05 19:54 2,560 ----a-w C:\Program Files\History.txt 2007-12-05 15:28 --------- d-----w C:\Program Files\BSW 2007-12-03 21:33 863 ----a-w C:\Program Files\i_view32.ini 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Lavasoft 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Image Zone Express 2007-12-01 21:15 --------- d-----w C:\Documents and Settings\ivy\Application Data\HP 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\dvdcss 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\AdobeUM 2007-11-08 14:45 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-07 06:54 71,680 ----a-w C:\WINDOWS\ST5UNST.EXE 2007-07-30 08:53 765 -c--a-w C:\Program Files\i_languages.txt 2007-07-30 08:53 62,543 -c--a-w C:\Program Files\i_changes.txt 2007-07-30 08:53 5,734 -c--a-w C:\Program Files\i_plugins.txt 2007-07-30 08:53 456,704 ----a-w C:\Program Files\i_view32.exe 2007-07-30 08:53 29,184 -c--a-w C:\Program Files\iv_uninstall.exe 2007-07-30 08:53 272,616 -c--a-w C:\Program Files\i_view32.chm 2007-07-30 08:53 2,235 -c--a-w C:\Program Files\i_about.txt 2007-07-30 08:53 11,737 -c--a-w C:\Program Files\i_options.txt . ((((((((((((((((((((((((((((( snapshot@2007-12-03_17.54.09,42 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE + 2007-12-06 19:08:44 585,791 ----a-w C:\WINDOWS\gmer.dll + 2007-12-06 19:04:28 581,632 ----a-w C:\WINDOWS\gmer.exe + 2007-12-06 19:08:45 70,001 ----a-w C:\WINDOWS\system32\drivers\gmer.sys - 2003-07-25 09:14:34 458,752 ----a-w C:\WINDOWS\system32\eraser.dll + 2007-07-28 21:05:06 640,336 ----a-w C:\WINDOWS\system32\Eraser.dll + 2007-12-08 07:13:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e4.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2004-07-15 10:42 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-12 22:18] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 1 (0x1) "NoFavoritesMenu"= 1 (0x1) S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\12.tmp S4 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys *Newly Created Service* - SYSWPG . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-08 08:15:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-08 8:20:59 - machine was rebooted C:\ComboFix2.txt ... 2007-12-07 12:27 C:\ComboFix3.txt ... 2007-12-05 18:50 . --- E O F --- merci, et bon week-end à tous
-
coucou ! et hop ! ComboFix 07-12-02.7 - ivy 2007-12-07 12:09:22.5 - NTFSx86 Running from: C:\Documents and Settings\ivy\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\ivy\Bureau\CFScript.txt * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Fichiers communs\Services\IQLZNYq.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SYSWPG -------\SysWpg ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))))))) . 2007-12-07 08:29 . 2007-12-07 08:29 <REP> d-------- C:\Program Files\Eraser 2007-12-07 08:29 . 2007-12-07 08:29 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{74D61F17-FFC2-41AF-96E5-1DCB0631B6D1} 2007-12-06 20:08 . 2007-12-06 20:08 250 --a------ C:\WINDOWS\gmer.ini 2007-12-05 12:50 . 2007-12-05 12:50 <REP> d-------- C:\Documents and Settings\ivy\Application Data\SLAutoSave 2007-12-03 20:18 . 2007-12-03 20:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-03 11:26 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2007-12-03 11:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-12-03 11:26 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-03 11:26 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2007-12-03 10:26 . 2007-12-03 10:26 <REP> d-------- C:\Deckard 2007-12-02 17:06 . 2007-12-02 17:06 <REP> d-------- C:\WINDOWS\report 2007-12-02 17:04 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Backup 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\VPTNFILE.855 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\LPT$VPN.855 2007-12-02 17:04 . 2007-12-02 17:04 1,899,383 --a------ C:\WINDOWS\tsc.ptn 2007-12-02 17:04 . 2007-12-02 17:04 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-12-02 17:04 . 2007-12-02 17:04 267,845 --a------ C:\WINDOWS\tsc.exe 2007-12-02 17:04 . 2007-12-02 17:04 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-12-02 17:04 . 2007-12-02 17:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-12-02 17:04 . 2007-12-02 18:49 823 --a------ C:\WINDOWS\tsc.ini 2007-12-02 17:02 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Temp 2007-12-02 17:02 . 2007-12-02 17:02 <REP> d-------- C:\WINDOWS\AU_Log 2007-12-02 17:02 . 2007-12-02 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-12-02 17:02 . 2007-12-02 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-12-02 17:02 . 2007-12-02 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-12-02 17:02 . 2007-12-02 17:02 170 --a------ C:\WINDOWS\GetServer.ini 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\UC.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\RAR.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\LHA.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\ARJ.PIF 2007-12-01 17:32 . 2007-12-01 17:33 387 --a------ C:\WINDOWS\wincmd.ini 2007-11-30 11:54 . 2007-12-05 10:50 <REP> d-------- C:\Documents and Settings\ivy\Application Data\OpenOffice.org2 2007-11-30 11:43 . 2007-11-30 11:44 <REP> d-------- C:\Program Files\OpenOffice.org 2.3 2007-11-19 22:51 . 2007-11-30 11:40 <REP> d-------- C:\Program Files\Java 2007-11-19 22:50 . 2007-11-19 22:50 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-11-18 20:55 . 2007-12-01 22:15 <REP> d-------- C:\Documents and Settings\ivy\Application Data\Grisoft 2007-11-18 20:54 . 2007-11-18 20:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-18 20:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-18 18:35 . 2007-11-18 18:35 <REP> d-------- C:\Program Files\Trend Micro 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-16 19:16 . 2004-10-20 15:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-16 19:16 . 2004-10-20 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-16 19:16 . 2007-12-01 21:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-16 17:44 . 2007-11-16 17:45 <REP> d-------- C:\Program Files\process-explorer_process_explorer_10.21_anglais_14566 2007-11-16 17:02 . 2007-11-16 17:02 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-10 23:23 . 2007-11-10 23:23 0 --a------ C:\WINDOWS\oodcnt.INI 2007-11-10 23:22 . 2007-11-10 23:22 <REP> d-------- C:\WINDOWS\system32\oodag 2007-11-09 11:06 . 2007-11-09 11:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-11-08 18:49 . 2007-11-10 21:56 <REP> d-------- C:\Program Files\EClea2_0 2007-11-08 18:00 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-08 15:50 . 2007-11-08 15:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-08 15:02 . 2007-11-08 15:02 23 --ahs---- C:\WINDOWS\system32\fccbbcc8_g.dll 2007-11-08 15:02 . 2007-11-08 15:02 23 --a------ C:\WINDOWS\system32\cbbcbbdafed_g.ocx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 19:56 2,834 ----a-w C:\Program Files\RegSearch.txt 2007-12-05 19:54 916 ----a-w C:\Program Files\Options.txt 2007-12-05 19:54 352,768 ----a-w C:\Program Files\regsearch.exe 2007-12-05 19:54 2,560 ----a-w C:\Program Files\History.txt 2007-12-05 15:28 --------- d-----w C:\Program Files\BSW 2007-12-03 21:33 863 ----a-w C:\Program Files\i_view32.ini 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Lavasoft 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Image Zone Express 2007-12-01 21:15 --------- d-----w C:\Documents and Settings\ivy\Application Data\HP 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\dvdcss 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\AdobeUM 2007-11-08 14:45 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-07 06:54 71,680 ----a-w C:\WINDOWS\ST5UNST.EXE 2007-07-30 08:53 765 -c--a-w C:\Program Files\i_languages.txt 2007-07-30 08:53 62,543 -c--a-w C:\Program Files\i_changes.txt 2007-07-30 08:53 5,734 -c--a-w C:\Program Files\i_plugins.txt 2007-07-30 08:53 456,704 ----a-w C:\Program Files\i_view32.exe 2007-07-30 08:53 29,184 -c--a-w C:\Program Files\iv_uninstall.exe 2007-07-30 08:53 272,616 -c--a-w C:\Program Files\i_view32.chm 2007-07-30 08:53 2,235 -c--a-w C:\Program Files\i_about.txt 2007-07-30 08:53 11,737 -c--a-w C:\Program Files\i_options.txt . ((((((((((((((((((((((((((((( snapshot@2007-12-03_17.54.09,42 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE + 2007-12-06 19:08:44 585,791 ----a-w C:\WINDOWS\gmer.dll + 2007-12-06 19:04:28 581,632 ----a-w C:\WINDOWS\gmer.exe + 2007-12-06 19:08:45 70,001 ----a-w C:\WINDOWS\system32\drivers\gmer.sys - 2003-07-25 09:14:34 458,752 ----a-w C:\WINDOWS\system32\eraser.dll + 2007-07-28 21:05:06 640,336 ----a-w C:\WINDOWS\system32\Eraser.dll + 2007-07-28 21:05:04 112,976 ----a-w C:\WINDOWS\system32\Eraserl.exe + 2007-07-28 21:05:08 292,176 ----a-w C:\WINDOWS\system32\Erasext.dll + 2007-12-07 11:19:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Eraser"="C:\Program Files\Eraser\eraser.exe" [2007-07-28 22:05] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2004-07-15 10:42 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-12 22:18] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 1 (0x1) "NoFavoritesMenu"= 1 (0x1) *Newly Created Service* - SYSWPG . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-07 12:21:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-07 12:27:18 - machine was rebooted C:\ComboFix2.txt ... 2007-12-05 18:50 C:\ComboFix3.txt ... 2007-12-05 18:25 . --- E O F --- merci
-
salut charles. ta boîte mp semble pleine, je n'arrive pas à t'envoyer ma réponse... c'est le message d'erreur que j'ai en tout cas). merci et bonne journée
-
coucou ! je n'ai pas de rapport à fournir car : "gmer hasn't found any system modification" (il me semble qu'il a sauté le dossier qu'on a évoqué un peu plus tôt). avast n'a pas moufté non plus. instructions ? merci
-
et hop, le rapport catchme ! catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 (ne t'inquiète pas, je suis ailleurs sur le net, malgré les recommandations de charles , j'ai cette fenêtre en fond, je fais des refresh de temps en temps pour venir aux nouvelles. ne vous sentez pas obligés de me répondre rapidement parce que vous me voyez en ligne, je ne suis pas forcément vraiment là ). merci
-
salut qc, merci pour ton aide, à toi aussi avant le scan, j'ai coché : verify the digital signature of the process modules et copy suspicious files to SuspiciousFiles sub-directory automatically, j'espère que j'ai bien fait (sinon je re-scanne, pas de souci ). voici le rapport : 2007-12-05,21:57:27 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation] <nwiz><nwiz.exe /install> [NVIDIA Corporation] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation] <Smapp><C:\Program Files\Analog Devices\SoundMAX\SMTray.exe> [Analog Devices, Inc.] <WinPatrol><C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe> [(Verified)BillP Studios] <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software] <HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.] <ZoneAlarm Client><"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.] <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD] <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation] ================================== Startup Folders [avast! Antivirus] <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\avast! Antivirus.lnk --> C:\PROGRA~1\ALWILS~1\Avast4\ashAvast.exe [ALWIL Software]><N> [Lancement rapide d'Adobe Reader] <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N> [ZoneAlarm Security] <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ZoneAlarm Security.lnk --> C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe [Zone Labs, LLC]><N> ================================== Services [Adobe LM Service / Adobe LM Service][Running/Auto Start] <"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems> [ASP.NET State Service / aspnet_state][Stopped/Manual Start] <C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\aspnet_state.exe><Microsoft Corporation> [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software> [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software> [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.> [.NET Runtime Optimization Service v2.0.50215_X86 / clr_optimization_v2.0.50215_32][Stopped/Manual Start] <C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe><Microsoft Corporation> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation> [Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start] <C:\WINDOWS\system32\HPZipm12.exe><HP> [SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start] <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.> [SysWpg / SysWpg][Stopped/Auto Start] <"C:\Program Files\Fichiers communs\Services\IQLZNYq.exe"><N/A> [TrueVector Internet Monitor / vsmon][Stopped/Auto Start] <C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC> ================================== Drivers [General Purpose USB Driver (adildr.sys) / ADILOADER][Stopped/Disabled] <System32\Drivers\adildr.sys><N/A> [USB ADSL LAN Adapter / adiusbae][Stopped/Disabled] <System32\DRIVERS\adiusbae.sys><N/A> [USB ADSL WAN Adapter / adiusbaw][Stopped/Disabled] <System32\DRIVERS\adiusbaw.sys><N/A> [aeaudio / aeaudio][Running/Manual Start] <system32\drivers\aeaudio.sys><Andrea Electronics Corporation> [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.> [catchme / catchme][Running/Manual Start] <\??\C:\DOCUME~1\ivy\LOCALS~1\Temp\catchme.sys><N/A> [ENTECH / ENTECH][Stopped/Manual Start] <\??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS><EnTech Taiwan> [Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet / FETNDIS][Running/Manual Start] <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.> [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] <system32\DRIVERS\HPZid412.sys><HP> [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] <system32\DRIVERS\HPZipr12.sys><HP> [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] <system32\DRIVERS\HPZius12.sys><HP> [Logitech SetPoint Keyboard Driver / L8042Kbd][Stopped/Manual Start] <system32\DRIVERS\L8042Kbd.sys><Logitech Inc.> [SetPoint PS/2 Mouse Filter Driver / L8042mou][Stopped/Manual Start] <system32\DRIVERS\L8042mou.Sys><Logitech Inc.> [SetPoint HID Mouse Filter Driver / LHidKe][Stopped/Manual Start] <system32\DRIVERS\LHidKE.Sys><Logitech Inc.> [SetPoint Mouse Filter Driver / LMouKE][Stopped/Manual Start] <system32\DRIVERS\LMouKE.Sys><Logitech Inc.> [MEMSWEEP2 / MEMSWEEP2][Stopped/Manual Start] <\??\C:\WINDOWS\system32\12.tmp><N/A> [nv / nv][Running/Manual Start] <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions> [Secdrv / Secdrv][Stopped/Disabled] <System32\DRIVERS\secdrv.sys><N/A> [smwdm / smwdm][Running/Manual Start] <system32\drivers\smwdm.sys><Analog Devices, Inc.> [srescan / srescan][Running/Boot Start] <\SystemRoot\system32\ZoneLabs\srescan.sys><Zone Labs, LLC> [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation> [vsdatant / vsdatant][Running/System Start] <System32\vsdatant.sys><Zone Labs, LLC> ================================== Browser Add-ons [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [HouseCall Control] {74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, N/A> [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.6.0_02] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [SOActiveX Class] {67F2A879-82D5-4A6D-8CC5-FFB3C114B69D} <C:\Program Files\OpenOffice.org 2.3\program\so_activex.dll, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [HouseCall Control] {74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, N/A> [Windows Media Services DRM Storage object] {760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\drmstor.dll, Microsoft Corporation> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.> [Class] {F7926370-35B1-5898-2C17-271B3308D990} <, N/A> [Convertir les liens sélectionnés en fichier Adobe PDF] <26370-35B1-5898-2C17-271B3308D990}, N/A> [E&xporter vers Microsoft Excel] <res://c:\program files\microsoft office\office11\excel.exe/3000, N/A> [Ouvrir le cadre dans une nouvelle fenêtre] <C:\WINDOWS\web\OpenFrame.htm, N/A> ================================== Running Processes [PID: 568 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 620 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 644 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [PID: 696 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [PID: 708 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [PID: 864 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [PID: 960 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [PID: 1052 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [PID: 1096 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [PID: 1328 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [PID: 1468 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 1524 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 1584 / ivy][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [C:\PROGRA~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL] [BillP Studios, 1.2.0.0] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll] [Zone Labs, LLC, 7.0.337.000] [C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll] [Zone Labs Inc., 5.3.017.000] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll] [Sun Microsystems, Inc., 2.03] [C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll] [Sun Microsystems, Inc., 2.03] [C:\Program Files\OpenOffice.org 2.3\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120] [C:\Program Files\OpenOffice.org 2.3\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [PID: 1968 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 5.01.00.011] [C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.003] [C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 5.01.00.011] [C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 5.01.00.011] [C:\WINDOWS\system32\hpz3l3xu.dll] [Hewlett-Packard Company, 60.051.644.00] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp3xu.dll] [Hewlett-Packard Corporation, 60.051.644.00] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [PID: 896 / SYSTEM][C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe] [Adobe Systems, 2.65.010] [PID: 1348 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466] [C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466] [PID: 1408 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.6177] [PID: 1544 / SYSTEM][C:\WINDOWS\system32\HPZipm12.exe] [HP, 10, 1, 1, 6] [PID: 1912 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0] [PID: 332 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [PID: 2156 / SERVICE LOCAL][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)] [PID: 2168 / ivy][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [C:\WINDOWS\System32\NvMcTray.dll] [NVIDIA Corporation, 6.14.10.6177] [C:\PROGRA~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL] [BillP Studios, 1.2.0.0] [C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.10.6177] [PID: 2180 / ivy][C:\Program Files\Analog Devices\SoundMAX\SMTray.exe] [Analog Devices, Inc., 3, 2, 17, 0] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [PID: 2192 / ivy][C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe] [BillP Studios, 9, 8, 1, 0] [C:\PROGRA~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL] [BillP Studios, 1.2.0.0] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [PID: 2216 / ivy][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL] [BillP Studios, 1.2.0.0] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [C:\Program Files\Alwil Software\Avast4\AavmGuih.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 2252 / ivy][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Co., 53.0.13.000] [PID: 2364 / ivy][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [C:\PROGRA~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL] [BillP Studios, 1.2.0.0] [PID: 2372 / ivy][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5] [C:\PROGRA~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL] [BillP Studios, 1.2.0.0] [PID: 3840 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 3944 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 2076 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [PID: 2980 / ivy][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRA~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL] [BillP Studios, 1.2.0.0] [PID: 3420 / ivy][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\PROGRA~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL] [BillP Studios, 1.2.0.0] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.9.2006121800] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.30.5] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50215.44 (beta2.050215-4400)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorie.dll] [Microsoft Corporation, 2.0.50215.44 (beta2.050215-4400)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\MSVCR80.dll] [Microsoft Corporation, 8.00.50215.44] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorld.dll] [Microsoft Corporation, 2.0.50215.44 (beta2.050215-4400)] [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 10.1r11] [PID: 2324 / ivy][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [C:\PROGRA~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL] [BillP Studios, 1.2.0.0] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.9.2006121800] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll] [Sun Microsystems, Inc., 2.03] [C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll] [Sun Microsystems, Inc., 2.03] [C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120] [C:\Program Files\OpenOffice.org 2.3\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36] [PID: 3728 / ivy][C:\Documents and Settings\ivy\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [C:\PROGRA~1\BILLPS~1\WINPAT~1\PATROLPRO.DLL] [BillP Studios, 1.2.0.0] [C:\Documents and Settings\ivy\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== Process Privileges Scan Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1408, C:\WINDOWS\SYSTEM32\NVSVC32.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2180, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMTRAY.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2252, C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE] ================================== API HOOK N/A ================================== Hidden Process N/A ================================== merci
-
mince, mais pardon, je prends connaissance de ce message avec encore plus d'une heure de retard... voici le rapport Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 05/12/2007 20:56:23 for strings: ; 'syswpg' ; 'lpt5.rjh' ; 'biuya1.dll' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYSWPG] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYSWPG00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYSWPG00] "Service"="SysWpg" "DeviceDesc"="SysWpg" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SYSWPG00\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SYSWPG] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SYSWPG00] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SYSWPG00] "Service"="SysWpg" "DeviceDesc"="SysWpg" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSWPG] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSWPG00] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSWPG00] "Service"="SysWpg" "DeviceDesc"="SysWpg" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SYSWPG00\Control] [HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\IEHelpers] "biuya1.dll"="900" ; End Of The Log... merci
-
premier fichier : Fichier fccbbcc8_g.dll reçu le 2007.12.05 19:12:15 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 0/32 (0%) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2007.12.5.0 2007.12.05 - AntiVir 7.6.0.34 2007.12.05 - Authentium 4.93.8 2007.12.05 - Avast 4.7.1098.0 2007.12.05 - AVG 7.5.0.503 2007.12.05 - BitDefender 7.2 2007.12.05 - CAT-QuickHeal 9.00 2007.12.05 - ClamAV 0.91.2 2007.12.05 - DrWeb 4.44.0.09170 2007.12.05 - eSafe 7.0.15.0 2007.12.05 - eTrust-Vet 31.3.5353 2007.12.05 - Ewido 4.0 2007.12.05 - FileAdvisor 1 2007.12.05 - Fortinet 3.14.0.0 2007.12.05 - F-Prot 4.4.2.54 2007.12.05 - F-Secure 6.70.13030.0 2007.12.05 - Ikarus T3.1.1.12 2007.12.05 - Kaspersky 7.0.0.125 2007.12.05 - McAfee 5178 2007.12.05 - Microsoft 1.3007 2007.12.05 - NOD32v2 2704 2007.12.05 - Norman 5.80.02 2007.12.05 - Panda 9.0.0.4 2007.12.04 - Prevx1 V2 2007.12.05 - Rising 20.21.20.00 2007.12.05 - Sophos 4.24.0 2007.12.05 - Sunbelt 2.2.907.0 2007.12.05 - Symantec 10 2007.12.05 - TheHacker 6.2.9.150 2007.12.05 - VBA32 3.12.2.5 2007.12.04 - VirusBuster 4.3.26:9 2007.12.05 - Webwasher-Gateway 6.6.2 2007.12.05 - Information additionnelle File size: 23 bytes MD5: 3ae82af6a3a4c192a395c38b92b752ac SHA1: 8ea4cb9b35cfd037051e0e7398e6a92d8320a673 PEiD: - second fichier : Fichier cbbcbbdafed_g.ocx reçu le 2007.12.05 19:26:04 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 0/32 (0%) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2007.12.5.0 2007.12.05 - AntiVir 7.6.0.34 2007.12.05 - Authentium 4.93.8 2007.12.05 - Avast 4.7.1098.0 2007.12.05 - AVG 7.5.0.503 2007.12.05 - BitDefender 7.2 2007.12.05 - CAT-QuickHeal 9.00 2007.12.05 - ClamAV 0.91.2 2007.12.05 - DrWeb 4.44.0.09170 2007.12.05 - eSafe 7.0.15.0 2007.12.05 - eTrust-Vet 31.3.5353 2007.12.05 - Ewido 4.0 2007.12.05 - FileAdvisor 1 2007.12.05 - Fortinet 3.14.0.0 2007.12.05 - F-Prot 4.4.2.54 2007.12.05 - F-Secure 6.70.13030.0 2007.12.05 - Ikarus T3.1.1.12 2007.12.05 - Kaspersky 7.0.0.125 2007.12.05 - McAfee 5178 2007.12.05 - Microsoft 1.3007 2007.12.05 - NOD32v2 2701 2007.12.05 - Norman 5.80.02 2007.12.05 - Panda 9.0.0.4 2007.12.04 - Prevx1 V2 2007.12.05 - Rising 20.21.20.00 2007.12.05 - Sophos 4.24.0 2007.12.05 - Sunbelt 2.2.907.0 2007.12.05 - Symantec 10 2007.12.05 - TheHacker 6.2.9.150 2007.12.05 - VBA32 3.12.2.5 2007.12.04 - VirusBuster 4.3.26:9 2007.12.05 - Webwasher-Gateway 6.6.2 2007.12.05 - Information additionnelle File size: 23 bytes MD5: 3b5fea550477e26ba59e32d0805c614d SHA1: 894e258f65bedb94749fdcf58454d6456983980f PEiD: - merci
-
je m'en suis fait un deuxième dans la foulée, j'ai l'impression que ça a encore enlevé des trucs (il y a eu reboot). avant de relancer le scan, je suis : - venue ici via les favoris depuis linternaute (page de démarrage) - allée voir mes mails sur le webmail de yahoo.fr - allée sur un forum de bricolage par une notification de réponse que j'avais eue sur yahoo (oui, parce que je n'ai plus d'eau chaude depuis un mois, non plus, et si quelqu'un sur zebulon pouvait m'aider... ). c'est tout ce que j'ai fait sur le net, et sur l'ordi. voici le nouveau rapport : ComboFix 07-12-02.7 - ivy 2007-12-05 18:34:44.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.217 [GMT 1:00] Running from: C:\Documents and Settings\ivy\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\ivy\Bureau\CFScript.txt * Created a new restore point FILE C:\Program Files\Fichiers communs\ErLfjM.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))))))) . 2007-12-05 12:50 . 2007-12-05 13:08 <REP> d-------- C:\Program Files\12Ghosts 2007-12-05 12:50 . 2007-12-05 12:50 <REP> d-------- C:\Documents and Settings\ivy\Application Data\SLAutoSave 2007-12-03 20:18 . 2007-12-03 20:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-03 11:26 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2007-12-03 11:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-12-03 11:26 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-03 11:26 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2007-12-03 10:26 . 2007-12-03 10:26 <REP> d-------- C:\Deckard 2007-12-02 17:06 . 2007-12-02 17:06 <REP> d-------- C:\WINDOWS\report 2007-12-02 17:04 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Backup 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\VPTNFILE.855 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\LPT$VPN.855 2007-12-02 17:04 . 2007-12-02 17:04 1,899,383 --a------ C:\WINDOWS\tsc.ptn 2007-12-02 17:04 . 2007-12-02 17:04 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-12-02 17:04 . 2007-12-02 17:04 267,845 --a------ C:\WINDOWS\tsc.exe 2007-12-02 17:04 . 2007-12-02 17:04 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-12-02 17:04 . 2007-12-02 17:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-12-02 17:04 . 2007-12-02 18:49 823 --a------ C:\WINDOWS\tsc.ini 2007-12-02 17:02 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Temp 2007-12-02 17:02 . 2007-12-02 17:02 <REP> d-------- C:\WINDOWS\AU_Log 2007-12-02 17:02 . 2007-12-02 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-12-02 17:02 . 2007-12-02 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-12-02 17:02 . 2007-12-02 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-12-02 17:02 . 2007-12-02 17:02 170 --a------ C:\WINDOWS\GetServer.ini 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\UC.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\RAR.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\LHA.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\ARJ.PIF 2007-12-01 17:32 . 2007-12-01 17:33 387 --a------ C:\WINDOWS\wincmd.ini 2007-11-30 11:54 . 2007-12-05 10:50 <REP> d-------- C:\Documents and Settings\ivy\Application Data\OpenOffice.org2 2007-11-30 11:43 . 2007-11-30 11:44 <REP> d-------- C:\Program Files\OpenOffice.org 2.3 2007-11-19 22:51 . 2007-11-30 11:40 <REP> d-------- C:\Program Files\Java 2007-11-19 22:50 . 2007-11-19 22:50 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-11-18 20:55 . 2007-12-01 22:15 <REP> d-------- C:\Documents and Settings\ivy\Application Data\Grisoft 2007-11-18 20:54 . 2007-11-18 20:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft 2007-11-18 20:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-18 18:35 . 2007-11-18 18:35 <REP> d-------- C:\Program Files\Trend Micro 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-16 19:16 . 2004-10-20 15:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-16 19:16 . 2004-10-20 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-16 19:16 . 2007-12-01 21:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-16 17:44 . 2007-11-16 17:45 <REP> d-------- C:\Program Files\process-explorer_process_explorer_10.21_anglais_14566 2007-11-16 17:02 . 2007-11-16 17:02 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-10 23:23 . 2007-11-10 23:23 0 --a------ C:\WINDOWS\oodcnt.INI 2007-11-10 23:22 . 2007-11-10 23:22 <REP> d-------- C:\WINDOWS\system32\oodag 2007-11-09 11:06 . 2007-11-09 11:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7 2007-11-08 18:49 . 2007-11-10 21:56 <REP> d-------- C:\Program Files\EClea2_0 2007-11-08 18:00 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-08 15:50 . 2007-11-08 15:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-11-08 15:02 . 2007-11-08 15:02 23 --ahs---- C:\WINDOWS\system32\fccbbcc8_g.dll 2007-11-08 15:02 . 2007-11-08 15:02 23 --a------ C:\WINDOWS\system32\cbbcbbdafed_g.ocx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 15:28 --------- d-----w C:\Program Files\BSW 2007-12-03 21:33 863 ----a-w C:\Program Files\i_view32.ini 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Lavasoft 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Image Zone Express 2007-12-01 21:15 --------- d-----w C:\Documents and Settings\ivy\Application Data\HP 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\dvdcss 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\AdobeUM 2007-11-08 14:45 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-07 06:54 71,680 ----a-w C:\WINDOWS\ST5UNST.EXE 2007-07-30 08:53 765 -c--a-w C:\Program Files\i_languages.txt 2007-07-30 08:53 62,543 -c--a-w C:\Program Files\i_changes.txt 2007-07-30 08:53 5,734 -c--a-w C:\Program Files\i_plugins.txt 2007-07-30 08:53 456,704 ----a-w C:\Program Files\i_view32.exe 2007-07-30 08:53 29,184 -c--a-w C:\Program Files\iv_uninstall.exe 2007-07-30 08:53 272,616 -c--a-w C:\Program Files\i_view32.chm 2007-07-30 08:53 2,235 -c--a-w C:\Program Files\i_about.txt 2007-07-30 08:53 11,737 -c--a-w C:\Program Files\i_options.txt . ((((((((((((((((((((((((((((( snapshot@2007-12-03_17.54.09,42 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE + 2007-12-05 17:42:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2004-07-15 10:42 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-12 22:18] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09] C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ avast! Antivirus.lnk - C:\Program Files\Alwil Software\Avast4\ashAvast.exe [2006-10-02 11:03:20] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] ZoneAlarm Security.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-03-30 02:29:36] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 1 (0x1) "NoFavoritesMenu"= 1 (0x1) S4 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys *Newly Created Service* - SYSWPG . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 18:43:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-05 18:50:11 - machine was rebooted C:\ComboFix2.txt ... 2007-12-05 18:25 C:\ComboFix3.txt ... 2007-12-05 15:33 . --- E O F --- merci
-
du mieux ? quand j'ai vu ce que j'ai vu cet après-midi (la fois d'avant, je n'avais pas regardé), j'ai un peu froid dans le dos, brrrrr. cependant, le scan de ce soir a été beaucoup beaucoup beaucoup plus rapide que d'habitude :P (en revanche, j'ai essayé de télécharger le gromozon removal tool juste avant de poster ce message, la page ne m'est toujours pas accessible). voici le rapport : ComboFix 07-12-02.7 - ivy 2007-12-05 18:09:08.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.208 [GMT 1:00] Running from: C:\Documents and Settings\ivy\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\ivy\Bureau\CFScript.txt * Created a new restore point FILE C:\Program Files\Fichiers communs\ErLfjM.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Fichiers communs\ErLfjM.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SYSWPG -------\SysWpg ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))))))) . 2007-12-05 12:50 . 2007-12-05 13:08 <REP> d-------- C:\Program Files\12Ghosts 2007-12-05 12:50 . 2007-12-05 12:50 <REP> d-------- C:\Documents and Settings\ivy\Application Data\SLAutoSave 2007-12-03 20:18 . 2007-12-03 20:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-03 11:26 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2007-12-03 11:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-12-03 11:26 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-03 11:26 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2007-12-03 10:26 . 2007-12-03 10:26 <REP> d-------- C:\Deckard 2007-12-02 17:06 . 2007-12-02 17:06 <REP> d-------- C:\WINDOWS\report 2007-12-02 17:04 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Backup 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\VPTNFILE.855 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\LPT$VPN.855 2007-12-02 17:04 . 2007-12-02 17:04 1,899,383 --a------ C:\WINDOWS\tsc.ptn 2007-12-02 17:04 . 2007-12-02 17:04 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-12-02 17:04 . 2007-12-02 17:04 267,845 --a------ C:\WINDOWS\tsc.exe 2007-12-02 17:04 . 2007-12-02 17:04 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-12-02 17:04 . 2007-12-02 17:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-12-02 17:04 . 2007-12-02 18:49 823 --a------ C:\WINDOWS\tsc.ini 2007-12-02 17:02 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Temp 2007-12-02 17:02 . 2007-12-02 17:02 <REP> d-------- C:\WINDOWS\AU_Log 2007-12-02 17:02 . 2007-12-02 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-12-02 17:02 . 2007-12-02 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-12-02 17:02 . 2007-12-02 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-12-02 17:02 . 2007-12-02 17:02 170 --a------ C:\WINDOWS\GetServer.ini 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\UC.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\RAR.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\LHA.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\ARJ.PIF 2007-12-01 17:32 . 2007-12-01 17:33 387 --a------ C:\WINDOWS\wincmd.ini 2007-11-30 11:54 . 2007-12-05 10:50 <REP> d-------- C:\Documents and Settings\ivy\Application Data\OpenOffice.org2 2007-11-30 11:43 . 2007-11-30 11:44 <REP> d-------- C:\Program Files\OpenOffice.org 2.3 2007-11-19 22:51 . 2007-11-30 11:40 <REP> d-------- C:\Program Files\Java 2007-11-19 22:50 . 2007-11-19 22:50 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-11-18 20:55 . 2007-12-01 22:15 <REP> d-------- C:\Documents and Settings\ivy\Application Data\Grisoft 2007-11-18 20:54 . 2007-11-18 20:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft 2007-11-18 20:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-18 18:35 . 2007-11-18 18:35 <REP> d-------- C:\Program Files\Trend Micro 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-16 19:16 . 2004-10-20 15:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-16 19:16 . 2004-10-20 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-16 19:16 . 2007-12-01 21:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-16 17:44 . 2007-11-16 17:45 <REP> d-------- C:\Program Files\process-explorer_process_explorer_10.21_anglais_14566 2007-11-16 17:02 . 2007-11-16 17:02 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-10 23:23 . 2007-11-10 23:23 0 --a------ C:\WINDOWS\oodcnt.INI 2007-11-10 23:22 . 2007-11-10 23:22 <REP> d-------- C:\WINDOWS\system32\oodag 2007-11-09 11:06 . 2007-11-09 11:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7 2007-11-08 18:49 . 2007-11-10 21:56 <REP> d-------- C:\Program Files\EClea2_0 2007-11-08 18:00 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-08 15:50 . 2007-11-08 15:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-11-08 15:02 . 2007-11-08 15:02 23 --ahs---- C:\WINDOWS\system32\fccbbcc8_g.dll 2007-11-08 15:02 . 2007-11-08 15:02 23 --a------ C:\WINDOWS\system32\cbbcbbdafed_g.ocx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 15:28 --------- d-----w C:\Program Files\BSW 2007-12-03 21:33 863 ----a-w C:\Program Files\i_view32.ini 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Lavasoft 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Image Zone Express 2007-12-01 21:15 --------- d-----w C:\Documents and Settings\ivy\Application Data\HP 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\dvdcss 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\AdobeUM 2007-11-08 14:45 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-07 06:54 71,680 ----a-w C:\WINDOWS\ST5UNST.EXE 2007-07-30 08:53 765 -c--a-w C:\Program Files\i_languages.txt 2007-07-30 08:53 62,543 -c--a-w C:\Program Files\i_changes.txt 2007-07-30 08:53 5,734 -c--a-w C:\Program Files\i_plugins.txt 2007-07-30 08:53 456,704 ----a-w C:\Program Files\i_view32.exe 2007-07-30 08:53 29,184 -c--a-w C:\Program Files\iv_uninstall.exe 2007-07-30 08:53 272,616 -c--a-w C:\Program Files\i_view32.chm 2007-07-30 08:53 2,235 -c--a-w C:\Program Files\i_about.txt 2007-07-30 08:53 11,737 -c--a-w C:\Program Files\i_options.txt . ((((((((((((((((((((((((((((( snapshot@2007-12-03_17.54.09,42 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE + 2007-12-05 17:17:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_640.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2004-07-15 10:42 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-12 22:18] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09] C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ avast! Antivirus.lnk - C:\Program Files\Alwil Software\Avast4\ashAvast.exe [2006-10-02 11:03:20] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] ZoneAlarm Security.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-03-30 02:29:36] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 1 (0x1) "NoFavoritesMenu"= 1 (0x1) S4 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys *Newly Created Service* - SYSWPG . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 18:17:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-05 18:25:01 - machine was rebooted C:\ComboFix2.txt ... 2007-12-05 15:33 C:\ComboFix3.txt ... 2007-12-03 17:58 . --- E O F --- merci
-
voici le rapport combofix : ComboFix 07-12-02.7 - ivy 2007-12-05 14:28:12.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.149 [GMT 1:00] Running from: C:\Documents and Settings\ivy\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\ivy\Bureau\CFScript.txt * Created a new restore point FILE C:\DOCUME~1\ivy\MENUDM~1\PROGRA~1\DMARRA~1\Explorateur Windows.lnk C:\Program Files\Fichiers communs\Microsoft Shared\ABR.exe C:\Program Files\Fichiers communs\Microsoft Shared\aKflkn.exe C:\Program Files\Fichiers communs\Microsoft Shared\aqv.exe C:\Program Files\Fichiers communs\Microsoft Shared\FAD.exe C:\Program Files\Fichiers communs\Microsoft Shared\faS.exe C:\Program Files\Fichiers communs\Microsoft Shared\FlVmWNf.exe C:\Program Files\Fichiers communs\Microsoft Shared\Fqzsos.exe C:\Program Files\Fichiers communs\Microsoft Shared\kaH.exe C:\Program Files\Fichiers communs\Microsoft Shared\KjD.exe C:\Program Files\Fichiers communs\Microsoft Shared\KomNgk.exe C:\Program Files\Fichiers communs\Microsoft Shared\Laf.exe C:\Program Files\Fichiers communs\Microsoft Shared\ODHqAvS.exe C:\Program Files\Fichiers communs\Microsoft Shared\OQV.exe C:\Program Files\Fichiers communs\Microsoft Shared\oYFfB.exe C:\Program Files\Fichiers communs\Microsoft Shared\qIiCos.exe C:\Program Files\Fichiers communs\Microsoft Shared\qIivxO.exe C:\Program Files\Fichiers communs\Microsoft Shared\QIY.exe C:\Program Files\Fichiers communs\Microsoft Shared\RhYi.exe C:\Program Files\Fichiers communs\Microsoft Shared\SnB.exe C:\Program Files\Fichiers communs\Microsoft Shared\twpiP.exe C:\Program Files\Fichiers communs\Microsoft Shared\ULr.exe C:\Program Files\Fichiers communs\Microsoft Shared\UXb.exe C:\Program Files\Fichiers communs\Microsoft Shared\xmL.exe C:\Program Files\Fichiers communs\Microsoft Shared\YWbUPU.exe C:\Program Files\Fichiers communs\rFj.exe C:\Program Files\Fichiers communs\Services\ADVp.exe C:\Program Files\Fichiers communs\Services\BjYIu.exe C:\Program Files\Fichiers communs\Services\Bkj.exe C:\Program Files\Fichiers communs\Services\bRF.exe C:\Program Files\Fichiers communs\Services\BtM.exe C:\Program Files\Fichiers communs\Services\CgR.exe C:\Program Files\Fichiers communs\Services\CNJYKL.exe C:\Program Files\Fichiers communs\Services\CqEqzg.exe C:\Program Files\Fichiers communs\Services\CQv.exe C:\Program Files\Fichiers communs\Services\Cslvn.exe C:\Program Files\Fichiers communs\Services\Cxq.exe C:\Program Files\Fichiers communs\Services\cXR.exe C:\Program Files\Fichiers communs\Services\CZL.exe C:\Program Files\Fichiers communs\Services\dByOO.exe C:\Program Files\Fichiers communs\Services\DDE.exe C:\Program Files\Fichiers communs\Services\DIf.exe C:\Program Files\Fichiers communs\Services\dseOjSp.exe C:\Program Files\Fichiers communs\Services\Dsvv.exe C:\Program Files\Fichiers communs\Services\eby.exe C:\Program Files\Fichiers communs\Services\eGQNS.exe C:\Program Files\Fichiers communs\Services\EnfiyOm.exe C:\Program Files\Fichiers communs\Services\EoVifJ.exe C:\Program Files\Fichiers communs\Services\epR.exe C:\Program Files\Fichiers communs\Services\eQpsFF.exe C:\Program Files\Fichiers communs\Services\ESk.exe C:\Program Files\Fichiers communs\Services\evPmnHA.exe C:\Program Files\Fichiers communs\Services\EXogh.exe C:\Program Files\Fichiers communs\Services\fGp.exe C:\Program Files\Fichiers communs\Services\fMHoUZN.exe C:\Program Files\Fichiers communs\Services\fzjOiAB.exe C:\Program Files\Fichiers communs\Services\GCN.exe C:\Program Files\Fichiers communs\Services\gqL.exe C:\Program Files\Fichiers communs\Services\GuLT.exe C:\Program Files\Fichiers communs\Services\GYq.exe C:\Program Files\Fichiers communs\Services\gzjJA.exe C:\Program Files\Fichiers communs\Services\hDvsK.exe C:\Program Files\Fichiers communs\Services\HMP.exe C:\Program Files\Fichiers communs\Services\HTs.exe C:\Program Files\Fichiers communs\Services\hzt.exe C:\Program Files\Fichiers communs\Services\IdK.exe C:\Program Files\Fichiers communs\Services\iEscIZL.exe C:\Program Files\Fichiers communs\Services\iMVs.exe C:\Program Files\Fichiers communs\Services\IQLZNYq.exe C:\Program Files\Fichiers communs\Services\Jti.exe C:\Program Files\Fichiers communs\Services\jZaTb.exe C:\Program Files\Fichiers communs\Services\Kgp.exe C:\Program Files\Fichiers communs\Services\KOkeLR.exe C:\Program Files\Fichiers communs\Services\KpE.exe C:\Program Files\Fichiers communs\Services\kZt.exe C:\Program Files\Fichiers communs\Services\lAZdR.exe C:\Program Files\Fichiers communs\Services\LdD.exe C:\Program Files\Fichiers communs\Services\LgosMv.exe C:\Program Files\Fichiers communs\Services\LNT.exe C:\Program Files\Fichiers communs\Services\loLlmaS.exe C:\Program Files\Fichiers communs\Services\lOUf.exe C:\Program Files\Fichiers communs\Services\lqyxSzp.exe C:\Program Files\Fichiers communs\Services\LrN.exe C:\Program Files\Fichiers communs\Services\lsS.exe C:\Program Files\Fichiers communs\Services\lUPBuV.exe C:\Program Files\Fichiers communs\Services\lxo.exe C:\Program Files\Fichiers communs\Services\mfR.exe C:\Program Files\Fichiers communs\Services\MjbNcK.exe C:\Program Files\Fichiers communs\Services\MnWfcu.exe C:\Program Files\Fichiers communs\Services\moK.exe C:\Program Files\Fichiers communs\Services\MUS.exe C:\Program Files\Fichiers communs\Services\MXy.exe C:\Program Files\Fichiers communs\Services\mzplZJj.exe C:\Program Files\Fichiers communs\Services\nCV.exe C:\Program Files\Fichiers communs\Services\nEV.exe C:\Program Files\Fichiers communs\Services\NhjwZv.exe C:\Program Files\Fichiers communs\Services\NnRChAa.exe C:\Program Files\Fichiers communs\Services\NTXUA.exe C:\Program Files\Fichiers communs\Services\nUFUc.exe C:\Program Files\Fichiers communs\Services\nVtXfio.exe C:\Program Files\Fichiers communs\Services\oAq.exe C:\Program Files\Fichiers communs\Services\oIf.exe C:\Program Files\Fichiers communs\Services\oJg.exe C:\Program Files\Fichiers communs\Services\OSZ.exe C:\Program Files\Fichiers communs\Services\Otk.exe C:\Program Files\Fichiers communs\Services\oub.exe C:\Program Files\Fichiers communs\Services\pAZ.exe C:\Program Files\Fichiers communs\Services\PDk.exe C:\Program Files\Fichiers communs\Services\PRPVmnV.exe C:\Program Files\Fichiers communs\Services\PSv.exe C:\Program Files\Fichiers communs\Services\qiTYrW.exe C:\Program Files\Fichiers communs\Services\QLL.exe C:\Program Files\Fichiers communs\Services\QlwNOHk.exe C:\Program Files\Fichiers communs\Services\qPjDCl.exe C:\Program Files\Fichiers communs\Services\QrvKaLj.exe C:\Program Files\Fichiers communs\Services\qTW.exe C:\Program Files\Fichiers communs\Services\qWeUp.exe C:\Program Files\Fichiers communs\Services\RraXVeK.exe C:\Program Files\Fichiers communs\Services\rWQ.exe C:\Program Files\Fichiers communs\Services\sEO.exe C:\Program Files\Fichiers communs\Services\Slh.exe C:\Program Files\Fichiers communs\Services\sPEOYeg.exe C:\Program Files\Fichiers communs\Services\SrvUL.exe C:\Program Files\Fichiers communs\Services\suZoTDb.exe C:\Program Files\Fichiers communs\Services\SwI.exe C:\Program Files\Fichiers communs\Services\sYL.exe C:\Program Files\Fichiers communs\Services\taH.exe C:\Program Files\Fichiers communs\Services\tGyXr.exe C:\Program Files\Fichiers communs\Services\TnIScS.exe C:\Program Files\Fichiers communs\Services\twF.exe C:\Program Files\Fichiers communs\Services\uAbqK.exe C:\Program Files\Fichiers communs\Services\UDduDb.exe C:\Program Files\Fichiers communs\Services\ulKQr.exe C:\Program Files\Fichiers communs\Services\UMJDi.exe C:\Program Files\Fichiers communs\Services\UoUkWh.exe C:\Program Files\Fichiers communs\Services\UUs.exe C:\Program Files\Fichiers communs\Services\uvwFx.exe C:\Program Files\Fichiers communs\Services\uWL.exe C:\Program Files\Fichiers communs\Services\vrhHg.exe C:\Program Files\Fichiers communs\Services\vYiMT.exe C:\Program Files\Fichiers communs\Services\wlZ.exe C:\Program Files\Fichiers communs\Services\wUn.exe C:\Program Files\Fichiers communs\Services\XgMY.exe C:\Program Files\Fichiers communs\Services\xWDpYlO.exe C:\Program Files\Fichiers communs\Services\xWTLBQ.exe C:\Program Files\Fichiers communs\Services\YdYBvGl.exe C:\Program Files\Fichiers communs\Services\yhf.exe C:\Program Files\Fichiers communs\Services\ykO.exe C:\Program Files\Fichiers communs\Services\yOWxG.exe C:\Program Files\Fichiers communs\Services\ZIQbW.exe C:\Program Files\Fichiers communs\Services\ZlvjTCt.exe C:\Program Files\Fichiers communs\Services\zTg.exe C:\Program Files\Fichiers communs\sXwjvl.exe C:\Program Files\Fichiers communs\System\ABfZKW.exe C:\Program Files\Fichiers communs\System\AIE.exe C:\Program Files\Fichiers communs\System\AIxohTY.exe C:\Program Files\Fichiers communs\System\aXbZpqL.exe C:\Program Files\Fichiers communs\System\bAw.exe C:\Program Files\Fichiers communs\System\BHXOJJ.exe C:\Program Files\Fichiers communs\System\BNP.exe C:\Program Files\Fichiers communs\System\bZN.exe C:\Program Files\Fichiers communs\System\CHSiOkV.exe C:\Program Files\Fichiers communs\System\dkr.exe C:\Program Files\Fichiers communs\System\duc.exe C:\Program Files\Fichiers communs\System\dZqcBp.exe C:\Program Files\Fichiers communs\System\efE.exe C:\Program Files\Fichiers communs\System\EFO.exe C:\Program Files\Fichiers communs\System\eip.exe C:\Program Files\Fichiers communs\System\eJn.exe C:\Program Files\Fichiers communs\System\ENToyj.exe C:\Program Files\Fichiers communs\System\equ.exe C:\Program Files\Fichiers communs\System\EuM.exe C:\Program Files\Fichiers communs\System\ewcyxk.exe C:\Program Files\Fichiers communs\System\FLi.exe C:\Program Files\Fichiers communs\System\fNIEMK.exe C:\Program Files\Fichiers communs\System\FpR.exe C:\Program Files\Fichiers communs\System\FUU.exe C:\Program Files\Fichiers communs\System\fvIN.exe C:\Program Files\Fichiers communs\System\gfP.exe C:\Program Files\Fichiers communs\System\GJK.exe C:\Program Files\Fichiers communs\System\gxM.exe C:\Program Files\Fichiers communs\System\hol.exe C:\Program Files\Fichiers communs\System\hPj.exe C:\Program Files\Fichiers communs\System\hRiYV.exe C:\Program Files\Fichiers communs\System\icPZg.exe C:\Program Files\Fichiers communs\System\ImhSY.exe C:\Program Files\Fichiers communs\System\iqoJ.exe C:\Program Files\Fichiers communs\System\IyE.exe C:\Program Files\Fichiers communs\System\JAX.exe C:\Program Files\Fichiers communs\System\JdRMuS.exe C:\Program Files\Fichiers communs\System\jGu.exe C:\Program Files\Fichiers communs\System\jhiUu.exe C:\Program Files\Fichiers communs\System\jJzCrXl.exe C:\Program Files\Fichiers communs\System\JLK.exe C:\Program Files\Fichiers communs\System\Jlp.exe C:\Program Files\Fichiers communs\System\jPe.exe C:\Program Files\Fichiers communs\System\Kbh.exe C:\Program Files\Fichiers communs\System\KhKfFv.exe C:\Program Files\Fichiers communs\System\KiAtOUH.exe C:\Program Files\Fichiers communs\System\Kilq.exe C:\Program Files\Fichiers communs\System\kSRO.exe C:\Program Files\Fichiers communs\System\KsvR.exe C:\Program Files\Fichiers communs\System\KUjqVcN.exe C:\Program Files\Fichiers communs\System\KyPy.exe C:\Program Files\Fichiers communs\System\laY.exe C:\Program Files\Fichiers communs\System\lsHlHJ.exe C:\Program Files\Fichiers communs\System\MBjYf.exe C:\Program Files\Fichiers communs\System\mBk.exe C:\Program Files\Fichiers communs\System\mEy.exe C:\Program Files\Fichiers communs\System\MiGY.exe C:\Program Files\Fichiers communs\System\mIt.exe C:\Program Files\Fichiers communs\System\MLv.exe C:\Program Files\Fichiers communs\System\Mph.exe C:\Program Files\Fichiers communs\System\MSlWIV.exe C:\Program Files\Fichiers communs\System\mvJoEns.exe C:\Program Files\Fichiers communs\System\NKAmCtH.exe C:\Program Files\Fichiers communs\System\nLRmIR.exe C:\Program Files\Fichiers communs\System\NMX.exe C:\Program Files\Fichiers communs\System\NqnaXn.exe C:\Program Files\Fichiers communs\System\NWFP.exe C:\Program Files\Fichiers communs\System\OjVcRp.exe C:\Program Files\Fichiers communs\System\OSo.exe C:\Program Files\Fichiers communs\System\otHaS.exe C:\Program Files\Fichiers communs\System\OyvFZ.exe C:\Program Files\Fichiers communs\System\pYK.exe C:\Program Files\Fichiers communs\System\QCqSpx.exe C:\Program Files\Fichiers communs\System\QNCoY.exe C:\Program Files\Fichiers communs\System\qvl.exe C:\Program Files\Fichiers communs\System\qWN.exe C:\Program Files\Fichiers communs\System\qye.exe C:\Program Files\Fichiers communs\System\qzK.exe C:\Program Files\Fichiers communs\System\rHsZv.exe C:\Program Files\Fichiers communs\System\RJKFOr.exe C:\Program Files\Fichiers communs\System\rlNgd.exe C:\Program Files\Fichiers communs\System\RTJGH.exe C:\Program Files\Fichiers communs\System\Rwn.exe C:\Program Files\Fichiers communs\System\RyVdnJ.exe C:\Program Files\Fichiers communs\System\rZBSI.exe C:\Program Files\Fichiers communs\System\sfxQ.exe C:\Program Files\Fichiers communs\System\SHWYFr.exe C:\Program Files\Fichiers communs\System\Std.exe C:\Program Files\Fichiers communs\System\sWbP.exe C:\Program Files\Fichiers communs\System\sXdTbj.exe C:\Program Files\Fichiers communs\System\Syuwj.exe C:\Program Files\Fichiers communs\System\TBX.exe C:\Program Files\Fichiers communs\System\tclWlz.exe C:\Program Files\Fichiers communs\System\teLzg.exe C:\Program Files\Fichiers communs\System\TNkgjj.exe C:\Program Files\Fichiers communs\System\tTC.exe C:\Program Files\Fichiers communs\System\UDvJH.exe C:\Program Files\Fichiers communs\System\UFP.exe C:\Program Files\Fichiers communs\System\UGF.exe C:\Program Files\Fichiers communs\System\UKI.exe C:\Program Files\Fichiers communs\System\uOa.exe C:\Program Files\Fichiers communs\System\Upm.exe C:\Program Files\Fichiers communs\System\USArLT.exe C:\Program Files\Fichiers communs\System\uTCUuI.exe C:\Program Files\Fichiers communs\System\uXB.exe C:\Program Files\Fichiers communs\System\viP.exe C:\Program Files\Fichiers communs\System\vixifu.exe C:\Program Files\Fichiers communs\System\VQcEs.exe C:\Program Files\Fichiers communs\System\VQm.exe C:\Program Files\Fichiers communs\System\VRv.exe C:\Program Files\Fichiers communs\System\wBvblAK.exe C:\Program Files\Fichiers communs\System\wda.exe C:\Program Files\Fichiers communs\System\wekR.exe C:\Program Files\Fichiers communs\System\WwP.exe C:\Program Files\Fichiers communs\System\wYFI.exe C:\Program Files\Fichiers communs\System\wyR.exe C:\Program Files\Fichiers communs\System\Wze.exe C:\Program Files\Fichiers communs\System\wZI.exe C:\Program Files\Fichiers communs\System\XhP.exe C:\Program Files\Fichiers communs\System\Xop.exe C:\Program Files\Fichiers communs\System\XWp.exe C:\Program Files\Fichiers communs\System\YbTGsu.exe C:\Program Files\Fichiers communs\System\YdD.exe C:\Program Files\Fichiers communs\System\yJa.exe C:\Program Files\Fichiers communs\System\yrJRxxY.exe C:\Program Files\Fichiers communs\System\yYfVBnh.exe C:\Program Files\Fichiers communs\System\yYv.exe C:\Program Files\Fichiers communs\System\ZNc.exe C:\Program Files\Fichiers communs\trV.exe C:\Program Files\Fichiers communs\uHFiI.exe C:\Program Files\Windows NT\AZWgXH.exe C:\Program Files\Windows NT\BdS.exe C:\Program Files\Windows NT\BIa.exe C:\Program Files\Windows NT\bmyzkP.exe C:\Program Files\Windows NT\BYDxiW.exe C:\Program Files\Windows NT\CbZ.exe C:\Program Files\Windows NT\cGXDims.exe C:\Program Files\Windows NT\CQGC.exe C:\Program Files\Windows NT\czLuC.exe C:\Program Files\Windows NT\Dgtu.exe C:\Program Files\Windows NT\djq.exe C:\Program Files\Windows NT\dOa.exe C:\Program Files\Windows NT\dsALfM.exe C:\Program Files\Windows NT\Eap.exe C:\Program Files\Windows NT\EBamZD.exe C:\Program Files\Windows NT\Ejzu.exe C:\Program Files\Windows NT\ekTHRM.exe C:\Program Files\Windows NT\fbC.exe C:\Program Files\Windows NT\FjP.exe C:\Program Files\Windows NT\Fny.exe C:\Program Files\Windows NT\FTyPCdC.exe C:\Program Files\Windows NT\gRvgy.exe C:\Program Files\Windows NT\grzp.exe C:\Program Files\Windows NT\HSMzef.exe C:\Program Files\Windows NT\IkRK.exe C:\Program Files\Windows NT\iuf.exe C:\Program Files\Windows NT\ixJR.exe C:\Program Files\Windows NT\jCD.exe C:\Program Files\Windows NT\jMrjh.exe C:\Program Files\Windows NT\Joocfm.exe C:\Program Files\Windows NT\jze.exe C:\Program Files\Windows NT\kEknr.exe C:\Program Files\Windows NT\KgwYjx.exe C:\Program Files\Windows NT\KmW.exe C:\Program Files\Windows NT\KsClOfv.exe C:\Program Files\Windows NT\Kzg.exe C:\Program Files\Windows NT\lpg.exe C:\Program Files\Windows NT\lZfNVmX.exe C:\Program Files\Windows NT\Mgj.exe C:\Program Files\Windows NT\MOxW.exe C:\Program Files\Windows NT\mTBoVkL.exe C:\Program Files\Windows NT\Myj.exe C:\Program Files\Windows NT\nEjoHu.exe C:\Program Files\Windows NT\NMZ.exe C:\Program Files\Windows NT\ogHoQvD.exe C:\Program Files\Windows NT\oNM.exe C:\Program Files\Windows NT\oOG.exe C:\Program Files\Windows NT\oxl.exe C:\Program Files\Windows NT\ozXOpPD.exe C:\Program Files\Windows NT\PQA.exe C:\Program Files\Windows NT\pUeeL.exe C:\Program Files\Windows NT\PUh.exe C:\Program Files\Windows NT\Pyq.exe C:\Program Files\Windows NT\qiJfn.exe C:\Program Files\Windows NT\qjGhsg.exe C:\Program Files\Windows NT\qjRn.exe C:\Program Files\Windows NT\qSH.exe C:\Program Files\Windows NT\rGgBN.exe C:\Program Files\Windows NT\RJu.exe C:\Program Files\Windows NT\rQj.exe C:\Program Files\Windows NT\RtE.exe C:\Program Files\Windows NT\SgmGXW.exe C:\Program Files\Windows NT\sLB.exe C:\Program Files\Windows NT\tDh.exe C:\Program Files\Windows NT\tSYjwr.exe C:\Program Files\Windows NT\txTDxY.exe C:\Program Files\Windows NT\VnumAi.exe C:\Program Files\Windows NT\vUn.exe C:\Program Files\Windows NT\VzzzOg.exe C:\Program Files\Windows NT\wAUHwC.exe C:\Program Files\Windows NT\WCY.exe C:\Program Files\Windows NT\WhG.exe C:\Program Files\Windows NT\WIBuA.exe C:\Program Files\Windows NT\wqC.exe C:\Program Files\Windows NT\wxe.exe C:\Program Files\Windows NT\wzLYwEV.exe C:\Program Files\Windows NT\xHdTg.exe C:\Program Files\Windows NT\YFE.exe C:\Program Files\Windows NT\yMixM.exe C:\Program Files\Windows NT\yrx.exe C:\Program Files\Windows NT\YVR.exe C:\Program Files\Windows NT\ZoV.exe c:\windows\system32\pliftgwd.ver . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\ivy\MENUDM~1\PROGRA~1\DMARRA~1\Explorateur Windows.lnk C:\Program Files\Fichiers communs\Microsoft Shared\ABR.exe C:\Program Files\Fichiers communs\Microsoft Shared\aKflkn.exe C:\Program Files\Fichiers communs\Microsoft Shared\aqv.exe C:\Program Files\Fichiers communs\Microsoft Shared\FAD.exe C:\Program Files\Fichiers communs\Microsoft Shared\faS.exe C:\Program Files\Fichiers communs\Microsoft Shared\FlVmWNf.exe C:\Program Files\Fichiers communs\Microsoft Shared\Fqzsos.exe C:\Program Files\Fichiers communs\Microsoft Shared\kaH.exe C:\Program Files\Fichiers communs\Microsoft Shared\KjD.exe C:\Program Files\Fichiers communs\Microsoft Shared\KomNgk.exe C:\Program Files\Fichiers communs\Microsoft Shared\Laf.exe C:\Program Files\Fichiers communs\Microsoft Shared\ODHqAvS.exe C:\Program Files\Fichiers communs\Microsoft Shared\OQV.exe C:\Program Files\Fichiers communs\Microsoft Shared\oYFfB.exe C:\Program Files\Fichiers communs\Microsoft Shared\qIiCos.exe C:\Program Files\Fichiers communs\Microsoft Shared\qIivxO.exe C:\Program Files\Fichiers communs\Microsoft Shared\QIY.exe C:\Program Files\Fichiers communs\Microsoft Shared\RhYi.exe C:\Program Files\Fichiers communs\Microsoft Shared\SnB.exe C:\Program Files\Fichiers communs\Microsoft Shared\twpiP.exe C:\Program Files\Fichiers communs\Microsoft Shared\ULr.exe C:\Program Files\Fichiers communs\Microsoft Shared\UXb.exe C:\Program Files\Fichiers communs\Microsoft Shared\xmL.exe C:\Program Files\Fichiers communs\Microsoft Shared\YWbUPU.exe C:\Program Files\Fichiers communs\rFj.exe C:\Program Files\Fichiers communs\Services\ADVp.exe C:\Program Files\Fichiers communs\Services\BjYIu.exe C:\Program Files\Fichiers communs\Services\Bkj.exe C:\Program Files\Fichiers communs\Services\bRF.exe C:\Program Files\Fichiers communs\Services\BtM.exe C:\Program Files\Fichiers communs\Services\CgR.exe C:\Program Files\Fichiers communs\Services\CNJYKL.exe C:\Program Files\Fichiers communs\Services\CqEqzg.exe C:\Program Files\Fichiers communs\Services\CQv.exe C:\Program Files\Fichiers communs\Services\Cslvn.exe C:\Program Files\Fichiers communs\Services\Cxq.exe C:\Program Files\Fichiers communs\Services\cXR.exe C:\Program Files\Fichiers communs\Services\CZL.exe C:\Program Files\Fichiers communs\Services\dByOO.exe C:\Program Files\Fichiers communs\Services\DDE.exe C:\Program Files\Fichiers communs\Services\DIf.exe C:\Program Files\Fichiers communs\Services\dseOjSp.exe C:\Program Files\Fichiers communs\Services\Dsvv.exe C:\Program Files\Fichiers communs\Services\eby.exe C:\Program Files\Fichiers communs\Services\eGQNS.exe C:\Program Files\Fichiers communs\Services\EnfiyOm.exe C:\Program Files\Fichiers communs\Services\EoVifJ.exe C:\Program Files\Fichiers communs\Services\epR.exe C:\Program Files\Fichiers communs\Services\eQpsFF.exe C:\Program Files\Fichiers communs\Services\ESk.exe C:\Program Files\Fichiers communs\Services\evPmnHA.exe C:\Program Files\Fichiers communs\Services\EXogh.exe C:\Program Files\Fichiers communs\Services\fGp.exe C:\Program Files\Fichiers communs\Services\fMHoUZN.exe C:\Program Files\Fichiers communs\Services\fzjOiAB.exe C:\Program Files\Fichiers communs\Services\GCN.exe C:\Program Files\Fichiers communs\Services\gqL.exe C:\Program Files\Fichiers communs\Services\GuLT.exe C:\Program Files\Fichiers communs\Services\GYq.exe C:\Program Files\Fichiers communs\Services\gzjJA.exe C:\Program Files\Fichiers communs\Services\hDvsK.exe C:\Program Files\Fichiers communs\Services\HMP.exe C:\Program Files\Fichiers communs\Services\HTs.exe C:\Program Files\Fichiers communs\Services\hzt.exe C:\Program Files\Fichiers communs\Services\IdK.exe C:\Program Files\Fichiers communs\Services\iEscIZL.exe C:\Program Files\Fichiers communs\Services\iMVs.exe C:\Program Files\Fichiers communs\Services\IQLZNYq.exe C:\Program Files\Fichiers communs\Services\Jti.exe C:\Program Files\Fichiers communs\Services\jZaTb.exe C:\Program Files\Fichiers communs\Services\Kgp.exe C:\Program Files\Fichiers communs\Services\KOkeLR.exe C:\Program Files\Fichiers communs\Services\KpE.exe C:\Program Files\Fichiers communs\Services\kZt.exe C:\Program Files\Fichiers communs\Services\lAZdR.exe C:\Program Files\Fichiers communs\Services\LdD.exe C:\Program Files\Fichiers communs\Services\LgosMv.exe C:\Program Files\Fichiers communs\Services\LNT.exe C:\Program Files\Fichiers communs\Services\loLlmaS.exe C:\Program Files\Fichiers communs\Services\lOUf.exe C:\Program Files\Fichiers communs\Services\lqyxSzp.exe C:\Program Files\Fichiers communs\Services\LrN.exe C:\Program Files\Fichiers communs\Services\lsS.exe C:\Program Files\Fichiers communs\Services\lUPBuV.exe C:\Program Files\Fichiers communs\Services\lxo.exe C:\Program Files\Fichiers communs\Services\mfR.exe C:\Program Files\Fichiers communs\Services\MjbNcK.exe C:\Program Files\Fichiers communs\Services\MnWfcu.exe C:\Program Files\Fichiers communs\Services\moK.exe C:\Program Files\Fichiers communs\Services\MUS.exe C:\Program Files\Fichiers communs\Services\MXy.exe C:\Program Files\Fichiers communs\Services\mzplZJj.exe C:\Program Files\Fichiers communs\Services\nCV.exe C:\Program Files\Fichiers communs\Services\nEV.exe C:\Program Files\Fichiers communs\Services\NhjwZv.exe C:\Program Files\Fichiers communs\Services\NnRChAa.exe C:\Program Files\Fichiers communs\Services\NTXUA.exe C:\Program Files\Fichiers communs\Services\nUFUc.exe C:\Program Files\Fichiers communs\Services\nVtXfio.exe C:\Program Files\Fichiers communs\Services\oAq.exe C:\Program Files\Fichiers communs\Services\oIf.exe C:\Program Files\Fichiers communs\Services\oJg.exe C:\Program Files\Fichiers communs\Services\OSZ.exe C:\Program Files\Fichiers communs\Services\Otk.exe C:\Program Files\Fichiers communs\Services\oub.exe C:\Program Files\Fichiers communs\Services\pAZ.exe C:\Program Files\Fichiers communs\Services\PDk.exe C:\Program Files\Fichiers communs\Services\PRPVmnV.exe C:\Program Files\Fichiers communs\Services\PSv.exe C:\Program Files\Fichiers communs\Services\qiTYrW.exe C:\Program Files\Fichiers communs\Services\QLL.exe C:\Program Files\Fichiers communs\Services\QlwNOHk.exe C:\Program Files\Fichiers communs\Services\qPjDCl.exe C:\Program Files\Fichiers communs\Services\QrvKaLj.exe C:\Program Files\Fichiers communs\Services\qTW.exe C:\Program Files\Fichiers communs\Services\qWeUp.exe C:\Program Files\Fichiers communs\Services\RraXVeK.exe C:\Program Files\Fichiers communs\Services\rWQ.exe C:\Program Files\Fichiers communs\Services\sEO.exe C:\Program Files\Fichiers communs\Services\Slh.exe C:\Program Files\Fichiers communs\Services\sPEOYeg.exe C:\Program Files\Fichiers communs\Services\SrvUL.exe C:\Program Files\Fichiers communs\Services\suZoTDb.exe C:\Program Files\Fichiers communs\Services\SwI.exe C:\Program Files\Fichiers communs\Services\sYL.exe C:\Program Files\Fichiers communs\Services\taH.exe C:\Program Files\Fichiers communs\Services\tGyXr.exe C:\Program Files\Fichiers communs\Services\TnIScS.exe C:\Program Files\Fichiers communs\Services\twF.exe C:\Program Files\Fichiers communs\Services\uAbqK.exe C:\Program Files\Fichiers communs\Services\UDduDb.exe C:\Program Files\Fichiers communs\Services\ulKQr.exe C:\Program Files\Fichiers communs\Services\UMJDi.exe C:\Program Files\Fichiers communs\Services\UoUkWh.exe C:\Program Files\Fichiers communs\Services\UUs.exe C:\Program Files\Fichiers communs\Services\uvwFx.exe C:\Program Files\Fichiers communs\Services\uWL.exe C:\Program Files\Fichiers communs\Services\vrhHg.exe C:\Program Files\Fichiers communs\Services\vYiMT.exe C:\Program Files\Fichiers communs\Services\wlZ.exe C:\Program Files\Fichiers communs\Services\wUn.exe C:\Program Files\Fichiers communs\Services\XgMY.exe C:\Program Files\Fichiers communs\Services\xWDpYlO.exe C:\Program Files\Fichiers communs\Services\xWTLBQ.exe C:\Program Files\Fichiers communs\Services\YdYBvGl.exe C:\Program Files\Fichiers communs\Services\yhf.exe C:\Program Files\Fichiers communs\Services\ykO.exe C:\Program Files\Fichiers communs\Services\yOWxG.exe C:\Program Files\Fichiers communs\Services\ZIQbW.exe C:\Program Files\Fichiers communs\Services\ZlvjTCt.exe C:\Program Files\Fichiers communs\Services\zTg.exe C:\Program Files\Fichiers communs\sXwjvl.exe C:\Program Files\Fichiers communs\System\ABfZKW.exe C:\Program Files\Fichiers communs\System\AIE.exe C:\Program Files\Fichiers communs\System\AIxohTY.exe C:\Program Files\Fichiers communs\System\aXbZpqL.exe C:\Program Files\Fichiers communs\System\bAw.exe C:\Program Files\Fichiers communs\System\BHXOJJ.exe C:\Program Files\Fichiers communs\System\BNP.exe C:\Program Files\Fichiers communs\System\bZN.exe C:\Program Files\Fichiers communs\System\CHSiOkV.exe C:\Program Files\Fichiers communs\System\dkr.exe C:\Program Files\Fichiers communs\System\duc.exe C:\Program Files\Fichiers communs\System\dZqcBp.exe C:\Program Files\Fichiers communs\System\efE.exe C:\Program Files\Fichiers communs\System\EFO.exe C:\Program Files\Fichiers communs\System\eip.exe C:\Program Files\Fichiers communs\System\eJn.exe C:\Program Files\Fichiers communs\System\ENToyj.exe C:\Program Files\Fichiers communs\System\equ.exe C:\Program Files\Fichiers communs\System\EuM.exe C:\Program Files\Fichiers communs\System\ewcyxk.exe C:\Program Files\Fichiers communs\System\FLi.exe C:\Program Files\Fichiers communs\System\fNIEMK.exe C:\Program Files\Fichiers communs\System\FpR.exe C:\Program Files\Fichiers communs\System\FUU.exe C:\Program Files\Fichiers communs\System\fvIN.exe C:\Program Files\Fichiers communs\System\gfP.exe C:\Program Files\Fichiers communs\System\GJK.exe C:\Program Files\Fichiers communs\System\gxM.exe C:\Program Files\Fichiers communs\System\hol.exe C:\Program Files\Fichiers communs\System\hPj.exe C:\Program Files\Fichiers communs\System\hRiYV.exe C:\Program Files\Fichiers communs\System\icPZg.exe C:\Program Files\Fichiers communs\System\ImhSY.exe C:\Program Files\Fichiers communs\System\iqoJ.exe C:\Program Files\Fichiers communs\System\IyE.exe C:\Program Files\Fichiers communs\System\JAX.exe C:\Program Files\Fichiers communs\System\JdRMuS.exe C:\Program Files\Fichiers communs\System\jGu.exe C:\Program Files\Fichiers communs\System\jhiUu.exe C:\Program Files\Fichiers communs\System\jJzCrXl.exe C:\Program Files\Fichiers communs\System\JLK.exe C:\Program Files\Fichiers communs\System\Jlp.exe C:\Program Files\Fichiers communs\System\jPe.exe C:\Program Files\Fichiers communs\System\Kbh.exe C:\Program Files\Fichiers communs\System\KhKfFv.exe C:\Program Files\Fichiers communs\System\KiAtOUH.exe C:\Program Files\Fichiers communs\System\Kilq.exe C:\Program Files\Fichiers communs\System\kSRO.exe C:\Program Files\Fichiers communs\System\KsvR.exe C:\Program Files\Fichiers communs\System\KUjqVcN.exe C:\Program Files\Fichiers communs\System\KyPy.exe C:\Program Files\Fichiers communs\System\laY.exe C:\Program Files\Fichiers communs\System\lsHlHJ.exe C:\Program Files\Fichiers communs\System\MBjYf.exe C:\Program Files\Fichiers communs\System\mBk.exe C:\Program Files\Fichiers communs\System\mEy.exe C:\Program Files\Fichiers communs\System\MiGY.exe C:\Program Files\Fichiers communs\System\mIt.exe C:\Program Files\Fichiers communs\System\MLv.exe C:\Program Files\Fichiers communs\System\Mph.exe C:\Program Files\Fichiers communs\System\MSlWIV.exe C:\Program Files\Fichiers communs\System\mvJoEns.exe C:\Program Files\Fichiers communs\System\NKAmCtH.exe C:\Program Files\Fichiers communs\System\nLRmIR.exe C:\Program Files\Fichiers communs\System\NMX.exe C:\Program Files\Fichiers communs\System\NqnaXn.exe C:\Program Files\Fichiers communs\System\NWFP.exe C:\Program Files\Fichiers communs\System\OjVcRp.exe C:\Program Files\Fichiers communs\System\OSo.exe C:\Program Files\Fichiers communs\System\otHaS.exe C:\Program Files\Fichiers communs\System\OyvFZ.exe C:\Program Files\Fichiers communs\System\pYK.exe C:\Program Files\Fichiers communs\System\QCqSpx.exe C:\Program Files\Fichiers communs\System\QNCoY.exe C:\Program Files\Fichiers communs\System\qvl.exe C:\Program Files\Fichiers communs\System\qWN.exe C:\Program Files\Fichiers communs\System\qye.exe C:\Program Files\Fichiers communs\System\qzK.exe C:\Program Files\Fichiers communs\System\rHsZv.exe C:\Program Files\Fichiers communs\System\RJKFOr.exe C:\Program Files\Fichiers communs\System\rlNgd.exe C:\Program Files\Fichiers communs\System\RTJGH.exe C:\Program Files\Fichiers communs\System\Rwn.exe C:\Program Files\Fichiers communs\System\RyVdnJ.exe C:\Program Files\Fichiers communs\System\rZBSI.exe C:\Program Files\Fichiers communs\System\sfxQ.exe C:\Program Files\Fichiers communs\System\SHWYFr.exe C:\Program Files\Fichiers communs\System\Std.exe C:\Program Files\Fichiers communs\System\sWbP.exe C:\Program Files\Fichiers communs\System\sXdTbj.exe C:\Program Files\Fichiers communs\System\Syuwj.exe C:\Program Files\Fichiers communs\System\TBX.exe C:\Program Files\Fichiers communs\System\tclWlz.exe C:\Program Files\Fichiers communs\System\teLzg.exe C:\Program Files\Fichiers communs\System\TNkgjj.exe C:\Program Files\Fichiers communs\System\tTC.exe C:\Program Files\Fichiers communs\System\UDvJH.exe C:\Program Files\Fichiers communs\System\UFP.exe C:\Program Files\Fichiers communs\System\UGF.exe C:\Program Files\Fichiers communs\System\UKI.exe C:\Program Files\Fichiers communs\System\uOa.exe C:\Program Files\Fichiers communs\System\Upm.exe C:\Program Files\Fichiers communs\System\USArLT.exe C:\Program Files\Fichiers communs\System\uTCUuI.exe C:\Program Files\Fichiers communs\System\uXB.exe C:\Program Files\Fichiers communs\System\viP.exe C:\Program Files\Fichiers communs\System\vixifu.exe C:\Program Files\Fichiers communs\System\VQcEs.exe C:\Program Files\Fichiers communs\System\VQm.exe C:\Program Files\Fichiers communs\System\VRv.exe C:\Program Files\Fichiers communs\System\wBvblAK.exe C:\Program Files\Fichiers communs\System\wda.exe C:\Program Files\Fichiers communs\System\wekR.exe C:\Program Files\Fichiers communs\System\WwP.exe C:\Program Files\Fichiers communs\System\wYFI.exe C:\Program Files\Fichiers communs\System\wyR.exe C:\Program Files\Fichiers communs\System\Wze.exe C:\Program Files\Fichiers communs\System\wZI.exe C:\Program Files\Fichiers communs\System\XhP.exe C:\Program Files\Fichiers communs\System\Xop.exe C:\Program Files\Fichiers communs\System\XWp.exe C:\Program Files\Fichiers communs\System\YbTGsu.exe C:\Program Files\Fichiers communs\System\YdD.exe C:\Program Files\Fichiers communs\System\yJa.exe C:\Program Files\Fichiers communs\System\yrJRxxY.exe C:\Program Files\Fichiers communs\System\yYfVBnh.exe C:\Program Files\Fichiers communs\System\yYv.exe C:\Program Files\Fichiers communs\System\ZNc.exe C:\Program Files\Fichiers communs\trV.exe C:\Program Files\Fichiers communs\uHFiI.exe C:\Program Files\Windows NT\AZWgXH.exe C:\Program Files\Windows NT\BdS.exe C:\Program Files\Windows NT\BIa.exe C:\Program Files\Windows NT\bmyzkP.exe C:\Program Files\Windows NT\BYDxiW.exe C:\Program Files\Windows NT\CbZ.exe C:\Program Files\Windows NT\cGXDims.exe C:\Program Files\Windows NT\CQGC.exe C:\Program Files\Windows NT\czLuC.exe C:\Program Files\Windows NT\Dgtu.exe C:\Program Files\Windows NT\djq.exe C:\Program Files\Windows NT\dOa.exe C:\Program Files\Windows NT\dsALfM.exe C:\Program Files\Windows NT\Eap.exe C:\Program Files\Windows NT\EBamZD.exe C:\Program Files\Windows NT\Ejzu.exe C:\Program Files\Windows NT\ekTHRM.exe C:\Program Files\Windows NT\fbC.exe C:\Program Files\Windows NT\FjP.exe C:\Program Files\Windows NT\Fny.exe C:\Program Files\Windows NT\FTyPCdC.exe C:\Program Files\Windows NT\gRvgy.exe C:\Program Files\Windows NT\grzp.exe C:\Program Files\Windows NT\HSMzef.exe C:\Program Files\Windows NT\IkRK.exe C:\Program Files\Windows NT\iuf.exe C:\Program Files\Windows NT\ixJR.exe C:\Program Files\Windows NT\jCD.exe C:\Program Files\Windows NT\jMrjh.exe C:\Program Files\Windows NT\Joocfm.exe C:\Program Files\Windows NT\jze.exe C:\Program Files\Windows NT\kEknr.exe C:\Program Files\Windows NT\KgwYjx.exe C:\Program Files\Windows NT\KmW.exe C:\Program Files\Windows NT\KsClOfv.exe C:\Program Files\Windows NT\Kzg.exe C:\Program Files\Windows NT\lpg.exe C:\Program Files\Windows NT\lZfNVmX.exe C:\Program Files\Windows NT\Mgj.exe C:\Program Files\Windows NT\MOxW.exe C:\Program Files\Windows NT\mTBoVkL.exe C:\Program Files\Windows NT\Myj.exe C:\Program Files\Windows NT\nEjoHu.exe C:\Program Files\Windows NT\NMZ.exe C:\Program Files\Windows NT\ogHoQvD.exe C:\Program Files\Windows NT\oNM.exe C:\Program Files\Windows NT\oOG.exe C:\Program Files\Windows NT\oxl.exe C:\Program Files\Windows NT\ozXOpPD.exe C:\Program Files\Windows NT\PQA.exe C:\Program Files\Windows NT\pUeeL.exe C:\Program Files\Windows NT\PUh.exe C:\Program Files\Windows NT\Pyq.exe C:\Program Files\Windows NT\qiJfn.exe C:\Program Files\Windows NT\qjGhsg.exe C:\Program Files\Windows NT\qjRn.exe C:\Program Files\Windows NT\qSH.exe C:\Program Files\Windows NT\rGgBN.exe C:\Program Files\Windows NT\RJu.exe C:\Program Files\Windows NT\rQj.exe C:\Program Files\Windows NT\RtE.exe C:\Program Files\Windows NT\SgmGXW.exe C:\Program Files\Windows NT\sLB.exe C:\Program Files\Windows NT\tDh.exe C:\Program Files\Windows NT\tSYjwr.exe C:\Program Files\Windows NT\txTDxY.exe C:\Program Files\Windows NT\VnumAi.exe C:\Program Files\Windows NT\vUn.exe C:\Program Files\Windows NT\VzzzOg.exe C:\Program Files\Windows NT\wAUHwC.exe C:\Program Files\Windows NT\WCY.exe C:\Program Files\Windows NT\WhG.exe C:\Program Files\Windows NT\WIBuA.exe C:\Program Files\Windows NT\wqC.exe C:\Program Files\Windows NT\wxe.exe C:\Program Files\Windows NT\wzLYwEV.exe C:\Program Files\Windows NT\xHdTg.exe C:\Program Files\Windows NT\YFE.exe C:\Program Files\Windows NT\yMixM.exe C:\Program Files\Windows NT\yrx.exe C:\Program Files\Windows NT\YVR.exe C:\Program Files\Windows NT\ZoV.exe C:\WINDOWS\biuya1.dll C:\WINDOWS\system32\lpt5.rjh . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))))))) . 2007-12-05 12:50 . 2007-12-05 13:08 <REP> d-------- C:\Program Files\12Ghosts 2007-12-05 12:50 . 2007-12-05 12:50 <REP> d-------- C:\Documents and Settings\ivy\Application Data\SLAutoSave 2007-12-05 12:50 . 2007-12-05 12:50 <REP> d-------- C:\DOCUME~1\ivy\APPLIC~1\SLAutoSave 2007-12-03 20:18 . 2007-12-03 20:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-03 11:26 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2007-12-03 11:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-12-03 11:26 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-03 11:26 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2007-12-03 10:26 . 2007-12-03 10:26 <REP> d-------- C:\Deckard 2007-12-02 17:06 . 2007-12-02 17:06 <REP> d-------- C:\WINDOWS\report 2007-12-02 17:04 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Backup 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\VPTNFILE.855 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\LPT$VPN.855 2007-12-02 17:04 . 2007-12-02 17:04 1,899,383 --a------ C:\WINDOWS\tsc.ptn 2007-12-02 17:04 . 2007-12-02 17:04 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-12-02 17:04 . 2007-12-02 17:04 267,845 --a------ C:\WINDOWS\tsc.exe 2007-12-02 17:04 . 2007-12-02 17:04 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-12-02 17:04 . 2007-12-02 17:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-12-02 17:04 . 2007-12-02 18:49 823 --a------ C:\WINDOWS\tsc.ini 2007-12-02 17:02 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Temp 2007-12-02 17:02 . 2007-12-02 17:02 <REP> d-------- C:\WINDOWS\AU_Log 2007-12-02 17:02 . 2007-12-02 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-12-02 17:02 . 2007-12-02 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-12-02 17:02 . 2007-12-02 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-12-02 17:02 . 2007-12-02 17:02 170 --a------ C:\WINDOWS\GetServer.ini 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\UC.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\RAR.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\LHA.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\ARJ.PIF 2007-12-01 17:32 . 2007-12-01 17:33 387 --a------ C:\WINDOWS\wincmd.ini 2007-11-30 11:54 . 2007-12-05 10:50 <REP> d-------- C:\Documents and Settings\ivy\Application Data\OpenOffice.org2 2007-11-30 11:54 . 2007-12-05 10:50 <REP> d-------- C:\DOCUME~1\ivy\APPLIC~1\OpenOffice.org2 2007-11-30 11:43 . 2007-11-30 11:44 <REP> d-------- C:\Program Files\OpenOffice.org 2.3 2007-11-19 22:51 . 2007-11-30 11:40 <REP> d-------- C:\Program Files\Java 2007-11-19 22:50 . 2007-11-19 22:50 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-11-18 20:55 . 2007-12-01 22:15 <REP> d-------- C:\Documents and Settings\ivy\Application Data\Grisoft 2007-11-18 20:55 . 2007-12-01 22:15 <REP> d-------- C:\DOCUME~1\ivy\APPLIC~1\Grisoft 2007-11-18 20:54 . 2007-11-18 20:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft 2007-11-18 20:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-18 18:35 . 2007-11-18 18:35 <REP> d-------- C:\Program Files\Trend Micro 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-16 19:16 . 2004-10-20 15:56 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-16 19:16 . 2004-10-20 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-16 19:16 . 2007-12-01 21:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-16 17:44 . 2007-11-16 17:45 <REP> d-------- C:\Program Files\process-explorer_process_explorer_10.21_anglais_14566 2007-11-16 17:02 . 2007-11-16 17:02 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-10 23:23 . 2007-11-10 23:23 0 --a------ C:\WINDOWS\oodcnt.INI 2007-11-10 23:22 . 2007-11-10 23:22 <REP> d-------- C:\WINDOWS\system32\oodag 2007-11-09 11:06 . 2007-11-09 11:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7 2007-11-08 18:49 . 2007-11-10 21:56 <REP> d-------- C:\Program Files\EClea2_0 2007-11-08 18:00 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-08 15:50 . 2007-11-08 15:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-11-08 15:02 . 2007-11-08 15:02 23 --ahs---- C:\WINDOWS\system32\fccbbcc8_g.dll 2007-11-08 15:02 . 2007-11-08 15:02 23 --a------ C:\WINDOWS\system32\cbbcbbdafed_g.ocx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-04 08:56 --------- d-----w C:\Program Files\BSW 2007-12-03 21:33 863 ----a-w C:\Program Files\i_view32.ini 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Lavasoft 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Image Zone Express 2007-12-01 21:16 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\Lavasoft 2007-12-01 21:16 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\Image Zone Express 2007-12-01 21:15 --------- d-----w C:\Documents and Settings\ivy\Application Data\HP 2007-12-01 21:15 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\HP 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\dvdcss 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\AdobeUM 2007-12-01 21:13 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\dvdcss 2007-12-01 21:13 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\AdobeUM 2007-11-08 14:45 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-07 06:54 71,680 ----a-w C:\WINDOWS\ST5UNST.EXE 2007-07-30 08:53 765 -c--a-w C:\Program Files\i_languages.txt 2007-07-30 08:53 62,543 -c--a-w C:\Program Files\i_changes.txt 2007-07-30 08:53 5,734 -c--a-w C:\Program Files\i_plugins.txt 2007-07-30 08:53 456,704 ----a-w C:\Program Files\i_view32.exe 2007-07-30 08:53 29,184 -c--a-w C:\Program Files\iv_uninstall.exe 2007-07-30 08:53 272,616 -c--a-w C:\Program Files\i_view32.chm 2007-07-30 08:53 2,235 -c--a-w C:\Program Files\i_about.txt 2007-07-30 08:53 11,737 -c--a-w C:\Program Files\i_options.txt 2004-08-19 23:09 119,808 ------w C:\Program Files\Fichiers communs\ErLfjM.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-03_17.54.09,42 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-05 14:25:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_61c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA05DE13-58D8-4FD0-F3AC-CA637FBCBE9F}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2004-07-15 10:42 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-12 22:18] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09] C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ avast! Antivirus.lnk - C:\Program Files\Alwil Software\Avast4\ashAvast.exe [2006-10-02 11:03:20] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] ZoneAlarm Security.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-03-30 02:29:36] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 1 (0x1) "NoFavoritesMenu"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=\\?\C:\WINDOWS\system32\lpt5.rjh S2 SysWpg;SysWpg;"C:\Program Files\Fichiers communs\Services\IQLZNYq.exe" S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\12.tmp S4 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 15:27:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-05 15:33:36 - machine was rebooted C:\ComboFix2.txt ... 2007-12-03 17:58 . --- E O F --- merci
-
ok merci. hm effectivement, j'ai dû le supprimer pour essayer de gagner de la place, désolée (je suis passé de 20% de libre à 2% du jour au lendemain, sans rien faire à part télécharger les logiciels conseillés par charles qui, il me semble, n'étaient pas aussi lourds...). merci, bon après-midi
-
yes ! merci pour le coup de main malekal, j'essaie de suite EDIT : mais je n'arrive toujours pas à charger combofix : page indisponible... merci
-
salut euh, je n'ai pas accès à ATF Cleaner non plus page indisponible, réessayer plus tard ^^ merci
-
coucou ! ai fait la manip dans le misc. tool section de HJT, ça me donne un message d'erreur : "Impossible de créer le fichier C:\Windows\System32\drivers\etc\hosts. Vérifiez que le nom et le chemin d'accès son corrects". quand je recommence, ça me dit que le fichier est déjà présent, est-ce que je veux le remplacer. je suis allée voir, ça y est bien (le nom "drivers\etc" me semble bizarre mais bon ). il se passe des trucs tout de même. par exemple, l'écran devient tout gris pâle, illisible, mais juste à l'endroit du fichier ou de HJT (tout le reste, autour, est parfaitement normal). non, sincèrement, je ne crois pas avoir fait de téléchargements ces temps-ci, à part les logiciels de sécurité. google.com en revanche, ça me parle : je l'ai vu dans la base des registres. j'étais étonnée car ça fait quasi un an que je n'utilise plus le google webmail notifier (et je n'utilise aucun autre service de google à part les recherches en ligne ). j'avais désinstallé le logiciel, et je pensais qu'il avait laissé des traces dans la BdR... je vais réfléchir à mes téléchargements : quelques images (genre pour mon avatar ici ) oui, sûr. rien provenant de google, sûre aussi. pas de logiciels hors sécurité (noms et liens trouvés sur zebulon ), pas de films, pas de musique, rien. je vais quand même me creuser la tête pour savoir si je n'oublie rien... en tout cas, merci encore pour l'aide, bien évidemment, mais aussi pour ces explications toujours aussi limpides, du vrai bonheur
-
ok, merci (pas de souci pour la sauvegarde, j'avais déjà commencé "au cas où"...). à aujourd'hui alors bonne nuit pour de vrai
-
hm, problème toutes les pages qui propose le "gromozon rootkit removal tool" me sont inaccessibles. j'ai le message classique d'IE qui dit que la page est temporairement indisponible (tous les sites marchent, aucun problème avec IE) et que je dois réessayer plus tard. mais ça ne marche jamais. en cherchant une autre source de téléchargement sur google, j'ai vu que d'autres gens avaient un problème similaire : impossible d'accéder à l'outil lorsqu'ils étaient infestés. j'ai trouvé ce site, mais j'ai un peu peur (je n'ai rien fait, j'attends le feu vert... ou rouge ) : http://thepiratebay.org/tor/3538707/Gromoz...it_Removal_Tool c'est écrit "télécharger ce torrent" (torrent ???). voilà, j'attends les instructions. merci.
-
j'ajoute un petit truc au passage : hier, j'avais 20% d'espace libre sur le disque dur. aujourd'hui, il ne me reste que 2%. bien évidemment, je n'ai rien téléchargé à part les logiciels recommandés ici-même easy cleaner n'arrive pas à effacer certains fichiers inutiles : (les dossiers historique, fichiers et cookies de IE sont normalement propres) : Nom Taille Type Modifié Attr. Version du fichier Version du produit C:\Documents and Settings\ivy\Local Settings\Historique\History.IE5 0 04/12/2007 00:52:22 S C:\Documents and Settings\ivy\Local Settings\Historique\History.IE5\MSHist012007120420071205 0 04/12/2007 00:02:04 S C:\Documents and Settings\ivy\Local Settings\Temporary Internet Files\Content.IE5 0 03/12/2007 22:48:50 S C:\Documents and Settings\ivy\Local Settings\Temporary Internet Files\Content.IE5\IPVKT4JE 0 Dossier 04/12/2007 01:06:52 S C:\WINDOWS\Temp\ZLT0348e.TMP 256 Fichier TMP 03/12/2007 12:38:24 A C:\WINDOWS\Temp\ZLT034c5.TMP 256 Fichier TMP 03/12/2007 12:38:42 A C:\Documents and Settings\ivy\Local Settings\Temp\Perflib_Perfdata_2ee0.dat 16384 Fichier DAT 03/12/2007 19:16:38 A C:\Documents and Settings\ivy\Local Settings\Historique\History.IE5\index.dat 278528 04/12/2007 00:59:44 A C:\Documents and Settings\ivy\Local Settings\Temporary Internet Files\Content.IE5\index.dat 2260992 Fichier DAT 04/12/2007 01:05:06 A C:\System Volume Information\catalog.wci\propstor.bk1 4198912 Fichier BK1 04/12/2007 01:09:50 A C:\System Volume Information\catalog.wci\propstor.bk2 4198912 Fichier BK2 04/12/2007 01:09:52 A voilà, c'est probablement lié au reste (oh mince, en voulant poster, je viens de voir le message de 23h41. je regarde ça immédiatement). merci
-
rho, saloperie (les éléments infectieux) ! bon, voici le rapport kaspersky ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, December 03, 2007 9:51:50 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 3/12/2007 Kaspersky Anti-Virus database records: 471314 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 32450 Number of viruses found: 2 Number of infected objects: 2 Number of suspicious objects: 0 Duration of the scan process: 01:20:52 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\backup\DOCUME~1\ivy\LOCALS~1\Temp\joboemfaDR2V1PE.dll Infected: Trojan.Win32.Inject.mf skipped C:\Documents and Settings\ivy\Cookies\index.dat Object is locked skipped C:\Documents and Settings\ivy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\ivy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\ivy\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\ivy\Local Settings\Temp\Perflib_Perfdata_2ee0.dat Object is locked skipped C:\Documents and Settings\ivy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\ivy\NTUSER.DAT Object is locked skipped C:\Documents and Settings\ivy\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped C:\Program Files\Fichiers communs\ErLfjM.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\ABR.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\aKflkn.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\aqv.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\FAD.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\faS.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\FlVmWNf.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\Fqzsos.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\kaH.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\KjD.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\KomNgk.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\Laf.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\ODHqAvS.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\OQV.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\oYFfB.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\qIiCos.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\qIivxO.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\QIY.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\RhYi.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\SnB.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\twpiP.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\ULr.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\UXb.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\xmL.exe Object is locked skipped C:\Program Files\Fichiers communs\Microsoft Shared\YWbUPU.exe Object is locked skipped C:\Program Files\Fichiers communs\rFj.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\ADVp.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\BjYIu.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\Bkj.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\bRF.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\BtM.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\CgR.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\CNJYKL.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\CqEqzg.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\CQv.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\Cslvn.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\Cxq.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\cXR.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\CZL.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\dByOO.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\DDE.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\DIf.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\dseOjSp.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\Dsvv.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\eby.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\eGQNS.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\EnfiyOm.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\EoVifJ.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\epR.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\eQpsFF.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\ESk.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\evPmnHA.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\EXogh.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\fGp.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\fMHoUZN.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\fzjOiAB.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\GCN.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\gqL.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\GuLT.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\GYq.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\gzjJA.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\hDvsK.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\HMP.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\HTs.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\hzt.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\IdK.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\iEscIZL.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\iMVs.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\IQLZNYq.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\Jti.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\jZaTb.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\Kgp.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\KOkeLR.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\KpE.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\kZt.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\lAZdR.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\LdD.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\LgosMv.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\LNT.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\loLlmaS.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\lOUf.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\lqyxSzp.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\LrN.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\lsS.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\lUPBuV.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\lxo.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\mfR.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\MjbNcK.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\MnWfcu.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\moK.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\MUS.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\MXy.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\mzplZJj.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\nCV.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\nEV.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\NhjwZv.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\NnRChAa.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\NTXUA.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\nUFUc.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\nVtXfio.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\oAq.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\oIf.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\oJg.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\OSZ.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\Otk.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\oub.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\pAZ.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\PDk.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\PRPVmnV.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\PSv.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\qiTYrW.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\QLL.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\QlwNOHk.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\qPjDCl.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\QrvKaLj.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\qTW.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\qWeUp.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\RraXVeK.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\rWQ.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\sEO.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\Slh.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\sPEOYeg.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\SrvUL.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\suZoTDb.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\SwI.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\sYL.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\taH.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\tGyXr.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\TnIScS.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\twF.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\uAbqK.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\UDduDb.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\ulKQr.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\UMJDi.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\UoUkWh.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\UUs.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\uvwFx.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\uWL.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\vrhHg.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\vYiMT.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\wlZ.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\wUn.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\XgMY.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\xWDpYlO.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\xWTLBQ.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\YdYBvGl.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\yhf.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\ykO.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\yOWxG.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\ZIQbW.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\ZlvjTCt.exe Object is locked skipped C:\Program Files\Fichiers communs\Services\zTg.exe Object is locked skipped C:\Program Files\Fichiers communs\sXwjvl.exe Object is locked skipped C:\Program Files\Fichiers communs\System\ABfZKW.exe Object is locked skipped C:\Program Files\Fichiers communs\System\AIE.exe Object is locked skipped C:\Program Files\Fichiers communs\System\AIxohTY.exe Object is locked skipped C:\Program Files\Fichiers communs\System\aXbZpqL.exe Object is locked skipped C:\Program Files\Fichiers communs\System\bAw.exe Object is locked skipped C:\Program Files\Fichiers communs\System\BHXOJJ.exe Object is locked skipped C:\Program Files\Fichiers communs\System\BNP.exe Object is locked skipped C:\Program Files\Fichiers communs\System\bZN.exe Object is locked skipped C:\Program Files\Fichiers communs\System\CHSiOkV.exe Object is locked skipped C:\Program Files\Fichiers communs\System\dkr.exe Object is locked skipped C:\Program Files\Fichiers communs\System\duc.exe Object is locked skipped C:\Program Files\Fichiers communs\System\dZqcBp.exe Object is locked skipped C:\Program Files\Fichiers communs\System\efE.exe Object is locked skipped C:\Program Files\Fichiers communs\System\EFO.exe Object is locked skipped C:\Program Files\Fichiers communs\System\eip.exe Object is locked skipped C:\Program Files\Fichiers communs\System\eJn.exe Object is locked skipped C:\Program Files\Fichiers communs\System\ENToyj.exe Object is locked skipped C:\Program Files\Fichiers communs\System\equ.exe Object is locked skipped C:\Program Files\Fichiers communs\System\EuM.exe Object is locked skipped C:\Program Files\Fichiers communs\System\ewcyxk.exe Object is locked skipped C:\Program Files\Fichiers communs\System\FLi.exe Object is locked skipped C:\Program Files\Fichiers communs\System\fNIEMK.exe Object is locked skipped C:\Program Files\Fichiers communs\System\FpR.exe Object is locked skipped C:\Program Files\Fichiers communs\System\FUU.exe Object is locked skipped C:\Program Files\Fichiers communs\System\fvIN.exe Object is locked skipped C:\Program Files\Fichiers communs\System\gfP.exe Object is locked skipped C:\Program Files\Fichiers communs\System\GJK.exe Object is locked skipped C:\Program Files\Fichiers communs\System\gxM.exe Object is locked skipped C:\Program Files\Fichiers communs\System\hol.exe Object is locked skipped C:\Program Files\Fichiers communs\System\hPj.exe Object is locked skipped C:\Program Files\Fichiers communs\System\hRiYV.exe Object is locked skipped C:\Program Files\Fichiers communs\System\icPZg.exe Object is locked skipped C:\Program Files\Fichiers communs\System\ImhSY.exe Object is locked skipped C:\Program Files\Fichiers communs\System\iqoJ.exe Object is locked skipped C:\Program Files\Fichiers communs\System\IyE.exe Object is locked skipped C:\Program Files\Fichiers communs\System\JAX.exe Object is locked skipped C:\Program Files\Fichiers communs\System\JdRMuS.exe Object is locked skipped C:\Program Files\Fichiers communs\System\jGu.exe Object is locked skipped C:\Program Files\Fichiers communs\System\jhiUu.exe Object is locked skipped C:\Program Files\Fichiers communs\System\jJzCrXl.exe Object is locked skipped C:\Program Files\Fichiers communs\System\JLK.exe Object is locked skipped C:\Program Files\Fichiers communs\System\Jlp.exe Object is locked skipped C:\Program Files\Fichiers communs\System\jPe.exe Object is locked skipped C:\Program Files\Fichiers communs\System\Kbh.exe Object is locked skipped C:\Program Files\Fichiers communs\System\KhKfFv.exe Object is locked skipped C:\Program Files\Fichiers communs\System\KiAtOUH.exe Object is locked skipped C:\Program Files\Fichiers communs\System\Kilq.exe Object is locked skipped C:\Program Files\Fichiers communs\System\kSRO.exe Object is locked skipped C:\Program Files\Fichiers communs\System\KsvR.exe Object is locked skipped C:\Program Files\Fichiers communs\System\KUjqVcN.exe Object is locked skipped C:\Program Files\Fichiers communs\System\KyPy.exe Object is locked skipped C:\Program Files\Fichiers communs\System\laY.exe Object is locked skipped C:\Program Files\Fichiers communs\System\lsHlHJ.exe Object is locked skipped C:\Program Files\Fichiers communs\System\MBjYf.exe Object is locked skipped C:\Program Files\Fichiers communs\System\mBk.exe Object is locked skipped C:\Program Files\Fichiers communs\System\mEy.exe Object is locked skipped C:\Program Files\Fichiers communs\System\MiGY.exe Object is locked skipped C:\Program Files\Fichiers communs\System\mIt.exe Object is locked skipped C:\Program Files\Fichiers communs\System\MLv.exe Object is locked skipped C:\Program Files\Fichiers communs\System\Mph.exe Object is locked skipped C:\Program Files\Fichiers communs\System\MSlWIV.exe Object is locked skipped C:\Program Files\Fichiers communs\System\mvJoEns.exe Object is locked skipped C:\Program Files\Fichiers communs\System\NKAmCtH.exe Object is locked skipped C:\Program Files\Fichiers communs\System\nLRmIR.exe Object is locked skipped C:\Program Files\Fichiers communs\System\NMX.exe Object is locked skipped C:\Program Files\Fichiers communs\System\NqnaXn.exe Object is locked skipped C:\Program Files\Fichiers communs\System\NWFP.exe Object is locked skipped C:\Program Files\Fichiers communs\System\OjVcRp.exe Object is locked skipped C:\Program Files\Fichiers communs\System\OSo.exe Object is locked skipped C:\Program Files\Fichiers communs\System\otHaS.exe Object is locked skipped C:\Program Files\Fichiers communs\System\OyvFZ.exe Object is locked skipped C:\Program Files\Fichiers communs\System\pYK.exe Object is locked skipped C:\Program Files\Fichiers communs\System\QCqSpx.exe Object is locked skipped C:\Program Files\Fichiers communs\System\QNCoY.exe Object is locked skipped C:\Program Files\Fichiers communs\System\qvl.exe Object is locked skipped C:\Program Files\Fichiers communs\System\qWN.exe Object is locked skipped C:\Program Files\Fichiers communs\System\qye.exe Object is locked skipped C:\Program Files\Fichiers communs\System\qzK.exe Object is locked skipped C:\Program Files\Fichiers communs\System\rHsZv.exe Object is locked skipped C:\Program Files\Fichiers communs\System\RJKFOr.exe Object is locked skipped C:\Program Files\Fichiers communs\System\rlNgd.exe Object is locked skipped C:\Program Files\Fichiers communs\System\RTJGH.exe Object is locked skipped C:\Program Files\Fichiers communs\System\Rwn.exe Object is locked skipped C:\Program Files\Fichiers communs\System\RyVdnJ.exe Object is locked skipped C:\Program Files\Fichiers communs\System\rZBSI.exe Object is locked skipped C:\Program Files\Fichiers communs\System\sfxQ.exe Object is locked skipped C:\Program Files\Fichiers communs\System\SHWYFr.exe Object is locked skipped C:\Program Files\Fichiers communs\System\Std.exe Object is locked skipped C:\Program Files\Fichiers communs\System\sWbP.exe Object is locked skipped C:\Program Files\Fichiers communs\System\sXdTbj.exe Object is locked skipped C:\Program Files\Fichiers communs\System\Syuwj.exe Object is locked skipped C:\Program Files\Fichiers communs\System\TBX.exe Object is locked skipped C:\Program Files\Fichiers communs\System\tclWlz.exe Object is locked skipped C:\Program Files\Fichiers communs\System\teLzg.exe Object is locked skipped C:\Program Files\Fichiers communs\System\TNkgjj.exe Object is locked skipped C:\Program Files\Fichiers communs\System\tTC.exe Object is locked skipped C:\Program Files\Fichiers communs\System\UDvJH.exe Object is locked skipped C:\Program Files\Fichiers communs\System\UFP.exe Object is locked skipped C:\Program Files\Fichiers communs\System\UGF.exe Object is locked skipped C:\Program Files\Fichiers communs\System\UKI.exe Object is locked skipped C:\Program Files\Fichiers communs\System\uOa.exe Object is locked skipped C:\Program Files\Fichiers communs\System\Upm.exe Object is locked skipped C:\Program Files\Fichiers communs\System\USArLT.exe Object is locked skipped C:\Program Files\Fichiers communs\System\uTCUuI.exe Object is locked skipped C:\Program Files\Fichiers communs\System\uXB.exe Object is locked skipped C:\Program Files\Fichiers communs\System\viP.exe Object is locked skipped C:\Program Files\Fichiers communs\System\vixifu.exe Object is locked skipped C:\Program Files\Fichiers communs\System\VQcEs.exe Object is locked skipped C:\Program Files\Fichiers communs\System\VQm.exe Object is locked skipped C:\Program Files\Fichiers communs\System\VRv.exe Object is locked skipped C:\Program Files\Fichiers communs\System\wBvblAK.exe Object is locked skipped C:\Program Files\Fichiers communs\System\wda.exe Object is locked skipped C:\Program Files\Fichiers communs\System\wekR.exe Object is locked skipped C:\Program Files\Fichiers communs\System\WwP.exe Object is locked skipped C:\Program Files\Fichiers communs\System\wYFI.exe Object is locked skipped C:\Program Files\Fichiers communs\System\wyR.exe Object is locked skipped C:\Program Files\Fichiers communs\System\Wze.exe Object is locked skipped C:\Program Files\Fichiers communs\System\wZI.exe Object is locked skipped C:\Program Files\Fichiers communs\System\XhP.exe Object is locked skipped C:\Program Files\Fichiers communs\System\Xop.exe Object is locked skipped C:\Program Files\Fichiers communs\System\XWp.exe Object is locked skipped C:\Program Files\Fichiers communs\System\YbTGsu.exe Object is locked skipped C:\Program Files\Fichiers communs\System\YdD.exe Object is locked skipped C:\Program Files\Fichiers communs\System\yJa.exe Object is locked skipped C:\Program Files\Fichiers communs\System\yrJRxxY.exe Object is locked skipped C:\Program Files\Fichiers communs\System\yYfVBnh.exe Object is locked skipped C:\Program Files\Fichiers communs\System\yYv.exe Object is locked skipped C:\Program Files\Fichiers communs\System\ZNc.exe Object is locked skipped C:\Program Files\Fichiers communs\trV.exe Object is locked skipped C:\Program Files\Fichiers communs\uHFiI.exe Object is locked skipped C:\Program Files\Windows NT\AZWgXH.exe Object is locked skipped C:\Program Files\Windows NT\BdS.exe Object is locked skipped C:\Program Files\Windows NT\BIa.exe Object is locked skipped C:\Program Files\Windows NT\bmyzkP.exe Object is locked skipped C:\Program Files\Windows NT\BYDxiW.exe Object is locked skipped C:\Program Files\Windows NT\CbZ.exe Object is locked skipped C:\Program Files\Windows NT\cGXDims.exe Object is locked skipped C:\Program Files\Windows NT\CQGC.exe Object is locked skipped C:\Program Files\Windows NT\czLuC.exe Object is locked skipped C:\Program Files\Windows NT\Dgtu.exe Object is locked skipped C:\Program Files\Windows NT\djq.exe Object is locked skipped C:\Program Files\Windows NT\dOa.exe Object is locked skipped C:\Program Files\Windows NT\dsALfM.exe Object is locked skipped C:\Program Files\Windows NT\Eap.exe Object is locked skipped C:\Program Files\Windows NT\EBamZD.exe Object is locked skipped C:\Program Files\Windows NT\Ejzu.exe Object is locked skipped C:\Program Files\Windows NT\ekTHRM.exe Object is locked skipped C:\Program Files\Windows NT\fbC.exe Object is locked skipped C:\Program Files\Windows NT\FjP.exe Object is locked skipped C:\Program Files\Windows NT\Fny.exe Object is locked skipped C:\Program Files\Windows NT\FTyPCdC.exe Object is locked skipped C:\Program Files\Windows NT\gRvgy.exe Object is locked skipped C:\Program Files\Windows NT\grzp.exe Object is locked skipped C:\Program Files\Windows NT\HSMzef.exe Object is locked skipped C:\Program Files\Windows NT\IkRK.exe Object is locked skipped C:\Program Files\Windows NT\iuf.exe Object is locked skipped C:\Program Files\Windows NT\ixJR.exe Object is locked skipped C:\Program Files\Windows NT\jCD.exe Object is locked skipped C:\Program Files\Windows NT\jMrjh.exe Object is locked skipped C:\Program Files\Windows NT\Joocfm.exe Object is locked skipped C:\Program Files\Windows NT\jze.exe Object is locked skipped C:\Program Files\Windows NT\kEknr.exe Object is locked skipped C:\Program Files\Windows NT\KgwYjx.exe Object is locked skipped C:\Program Files\Windows NT\KmW.exe Object is locked skipped C:\Program Files\Windows NT\KsClOfv.exe Object is locked skipped C:\Program Files\Windows NT\Kzg.exe Object is locked skipped C:\Program Files\Windows NT\lpg.exe Object is locked skipped C:\Program Files\Windows NT\lZfNVmX.exe Object is locked skipped C:\Program Files\Windows NT\Mgj.exe Object is locked skipped C:\Program Files\Windows NT\MOxW.exe Object is locked skipped C:\Program Files\Windows NT\mTBoVkL.exe Object is locked skipped C:\Program Files\Windows NT\Myj.exe Object is locked skipped C:\Program Files\Windows NT\nEjoHu.exe Object is locked skipped C:\Program Files\Windows NT\NMZ.exe Object is locked skipped C:\Program Files\Windows NT\ogHoQvD.exe Object is locked skipped C:\Program Files\Windows NT\oNM.exe Object is locked skipped C:\Program Files\Windows NT\oOG.exe Object is locked skipped C:\Program Files\Windows NT\oxl.exe Object is locked skipped C:\Program Files\Windows NT\ozXOpPD.exe Object is locked skipped C:\Program Files\Windows NT\PQA.exe Object is locked skipped C:\Program Files\Windows NT\pUeeL.exe Object is locked skipped C:\Program Files\Windows NT\PUh.exe Object is locked skipped C:\Program Files\Windows NT\Pyq.exe Object is locked skipped C:\Program Files\Windows NT\qiJfn.exe Object is locked skipped C:\Program Files\Windows NT\qjGhsg.exe Object is locked skipped C:\Program Files\Windows NT\qjRn.exe Object is locked skipped C:\Program Files\Windows NT\qSH.exe Object is locked skipped C:\Program Files\Windows NT\rGgBN.exe Object is locked skipped C:\Program Files\Windows NT\RJu.exe Object is locked skipped C:\Program Files\Windows NT\rQj.exe Object is locked skipped C:\Program Files\Windows NT\RtE.exe Object is locked skipped C:\Program Files\Windows NT\SgmGXW.exe Object is locked skipped C:\Program Files\Windows NT\sLB.exe Object is locked skipped C:\Program Files\Windows NT\tDh.exe Object is locked skipped C:\Program Files\Windows NT\tSYjwr.exe Object is locked skipped C:\Program Files\Windows NT\txTDxY.exe Object is locked skipped C:\Program Files\Windows NT\VnumAi.exe Object is locked skipped C:\Program Files\Windows NT\vUn.exe Object is locked skipped C:\Program Files\Windows NT\VzzzOg.exe Object is locked skipped C:\Program Files\Windows NT\wAUHwC.exe Object is locked skipped C:\Program Files\Windows NT\WCY.exe Object is locked skipped C:\Program Files\Windows NT\WhG.exe Object is locked skipped C:\Program Files\Windows NT\WIBuA.exe Object is locked skipped C:\Program Files\Windows NT\wqC.exe Object is locked skipped C:\Program Files\Windows NT\wxe.exe Object is locked skipped C:\Program Files\Windows NT\wzLYwEV.exe Object is locked skipped C:\Program Files\Windows NT\xHdTg.exe Object is locked skipped C:\Program Files\Windows NT\YFE.exe Object is locked skipped C:\Program Files\Windows NT\yMixM.exe Object is locked skipped C:\Program Files\Windows NT\yrx.exe Object is locked skipped C:\Program Files\Windows NT\YVR.exe Object is locked skipped C:\Program Files\Windows NT\ZoV.exe Object is locked skipped C:\System Volume Information\catalog.wci000002.ps1 Object is locked skipped C:\System Volume Information\catalog.wci000002.ps2 Object is locked skipped C:\System Volume Information\catalog.wci010003.ci Object is locked skipped C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{947B204D-DF9D-44C1-BEBD-153D18DDFEE1}\RP38\A0038205.exe Infected: Trojan-Downloader.Win32.Agent.fpg skipped C:\System Volume Information\_restore{947B204D-DF9D-44C1-BEBD-153D18DDFEE1}\RP39\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\TEST-A3GDR2V1PE.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{C48AE079-2DBB-40D4-90DA-CB70C83A448C}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat Object is locked skipped C:\WINDOWS\Temp\ZLT0348e.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT034c5.TMP Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. merci désolée de te rajouter du travail bonne nuit
-
snif... pardon, j'essuie une petite larme. snif, snif, snif... :'( :') mon bureau avec tout plein d'icônes est revenu ! (il était tout nu tout vide depuis deux jours) j'ai retrouvé mon bouton démarrer avec plein de trucs super chouettes dedans ! et ma barre des tâches ! :P MERCI CHARLES INGALS ! pardon, je crie, mais je suis super contente. bon, soyons sérieux deux minutes : - je n'ai pas trouvé le fichier c:\windows\system32\pliftgwd.ver dans mon ordi, mais c'est celui que j'avais zigouillé avec 12shredder. je l'ai quand même envoyé à l'adresse indiquée, parce que j'avais noté le chemin... j'espère que je n'ai pas fait de bêtise - l'adresse pour combofix ne fonctionne plus, mais on peut passer par là : http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe ça a bidouillé plein de trucs, alors je suis partie manger. et quand je suis revenue, tout remarchait comme au premier jour voici le rapport : ComboFix 07-12-02.7 - ivy 2007-12-03 17:35:18.1 - NTFSx86 Running from: C:\Documents and Settings\ivy\Bureau\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))))))) . 2007-12-03 12:05 . 2007-12-03 12:06 <REP> d-------- C:\Program Files\AusLogics Disk Defrag 2007-12-03 11:26 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2007-12-03 11:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-12-03 11:26 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-12-03 11:26 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2007-12-03 10:26 . 2007-12-03 10:26 <REP> d-------- C:\Deckard 2007-12-02 17:06 . 2007-12-02 17:06 <REP> d-------- C:\WINDOWS\report 2007-12-02 17:04 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Backup 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\VPTNFILE.855 2007-12-02 17:04 . 2007-12-02 17:04 39,801,177 --a------ C:\WINDOWS\LPT$VPN.855 2007-12-02 17:04 . 2007-12-02 17:04 1,899,383 --a------ C:\WINDOWS\tsc.ptn 2007-12-02 17:04 . 2007-12-02 17:04 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2007-12-02 17:04 . 2007-12-02 17:04 267,845 --a------ C:\WINDOWS\tsc.exe 2007-12-02 17:04 . 2007-12-02 17:04 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-12-02 17:04 . 2007-12-02 17:04 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-12-02 17:04 . 2007-12-02 18:49 823 --a------ C:\WINDOWS\tsc.ini 2007-12-02 17:02 . 2007-12-02 17:04 <REP> d-------- C:\WINDOWS\AU_Temp 2007-12-02 17:02 . 2007-12-02 17:02 <REP> d-------- C:\WINDOWS\AU_Log 2007-12-02 17:02 . 2007-12-02 17:02 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-12-02 17:02 . 2007-12-02 17:02 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-12-02 17:02 . 2007-12-02 17:02 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-12-02 17:02 . 2007-12-02 17:02 170 --a------ C:\WINDOWS\GetServer.ini 2007-12-02 15:30 . 2007-12-02 15:30 827,879 --a------ C:\Program Files\DiagHelp.zip 2007-12-01 17:37 . 2007-12-01 17:37 <REP> d-------- C:\Program Files\12Ghosts 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\UC.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\RAR.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\LHA.PIF 2007-12-01 17:32 . 2007-06-21 07:01 545 --a------ C:\WINDOWS\ARJ.PIF 2007-12-01 17:32 . 2007-12-01 17:33 387 --a------ C:\WINDOWS\wincmd.ini 2007-11-30 11:54 . 2007-12-02 11:18 <REP> d-------- C:\Documents and Settings\ivy\Application Data\OpenOffice.org2 2007-11-30 11:54 . 2007-12-02 11:18 <REP> d-------- C:\DOCUME~1\ivy\APPLIC~1\OpenOffice.org2 2007-11-30 11:43 . 2007-11-30 11:44 <REP> d-------- C:\Program Files\OpenOffice.org 2.3 2007-11-19 22:51 . 2007-11-30 11:40 <REP> d-------- C:\Program Files\Java 2007-11-19 22:50 . 2007-11-19 22:50 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-11-18 20:55 . 2007-12-01 22:15 <REP> d-------- C:\Documents and Settings\ivy\Application Data\Grisoft 2007-11-18 20:55 . 2007-12-01 22:15 <REP> d-------- C:\DOCUME~1\ivy\APPLIC~1\Grisoft 2007-11-18 20:54 . 2007-11-18 20:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft 2007-11-18 20:54 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-18 18:35 . 2007-11-18 18:35 <REP> d-------- C:\Program Files\Trend Micro 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-16 19:16 . 2004-10-20 15:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-16 19:16 . 2004-10-20 16:47 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-11-16 19:16 . 2004-10-20 16:47 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-16 19:16 . 2007-12-01 21:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-16 17:02 . 2007-11-16 17:02 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-10 23:23 . 2007-11-10 23:23 0 --a------ C:\WINDOWS\oodcnt.INI 2007-11-10 23:22 . 2007-11-10 23:22 <REP> d-------- C:\WINDOWS\system32\oodag 2007-11-09 11:06 . 2007-11-09 11:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7 2007-11-08 18:16 . 2007-11-08 18:20 <REP> d-------- C:\Program Files\Safarp 2007-11-08 18:00 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-08 15:50 . 2007-11-08 15:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-11-08 15:02 . 2007-11-08 15:02 23 --ahs---- C:\WINDOWS\system32\fccbbcc8_g.dll 2007-11-08 15:02 . 2007-11-08 15:02 23 --a------ C:\WINDOWS\system32\cbbcbbdafed_g.ocx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-03 15:21 --------- d-----w C:\Program Files\BSW 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Lavasoft 2007-12-01 21:16 --------- d-----w C:\Documents and Settings\ivy\Application Data\Image Zone Express 2007-12-01 21:16 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\Lavasoft 2007-12-01 21:16 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\Image Zone Express 2007-12-01 21:15 --------- d-----w C:\Documents and Settings\ivy\Application Data\HP 2007-12-01 21:15 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\HP 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\dvdcss 2007-12-01 21:13 --------- d-----w C:\Documents and Settings\ivy\Application Data\AdobeUM 2007-12-01 21:13 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\dvdcss 2007-12-01 21:13 --------- d-----w C:\DOCUME~1\ivy\APPLIC~1\AdobeUM 2007-11-20 15:42 863 ----a-w C:\Program Files\i_view32.ini 2007-11-08 14:45 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-10-07 06:54 71,680 ----a-w C:\WINDOWS\ST5UNST.EXE 2007-07-30 08:53 765 -c--a-w C:\Program Files\i_languages.txt 2007-07-30 08:53 62,543 -c--a-w C:\Program Files\i_changes.txt 2007-07-30 08:53 5,734 -c--a-w C:\Program Files\i_plugins.txt 2007-07-30 08:53 456,704 ----a-w C:\Program Files\i_view32.exe 2007-07-30 08:53 29,184 -c--a-w C:\Program Files\iv_uninstall.exe 2007-07-30 08:53 272,616 -c--a-w C:\Program Files\i_view32.chm 2007-07-30 08:53 2,235 -c--a-w C:\Program Files\i_about.txt 2007-07-30 08:53 11,737 -c--a-w C:\Program Files\i_options.txt 2004-08-19 23:09 86,528 ------w C:\Program Files\Fichiers communs\rFj.exe 2004-08-19 23:09 79,872 ----a-w C:\Program Files\Fichiers communs\trV.exe 2004-08-19 23:09 169,984 ------w C:\Program Files\Fichiers communs\uHFiI.exe 2004-08-19 23:09 141,824 ------w C:\Program Files\Fichiers communs\sXwjvl.exe 2004-08-19 23:09 119,808 ------w C:\Program Files\Fichiers communs\ErLfjM.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA05DE13-58D8-4FD0-F3AC-CA637FBCBE9F}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2004-07-15 10:42 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-20 00:10 C:\WINDOWS\system32\rundll32.exe] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-12 22:18] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09] C:\Documents and Settings\ivy\Menu D‚marrer\Programmes\D‚marrage\ Explorateur Windows.lnk - C:\WINDOWS\explorer.exe [2002-08-29 10:45:10] C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\ avast! Antivirus.lnk - C:\Program Files\Alwil Software\Avast4\ashAvast.exe [2006-10-02 11:03:20] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] ZoneAlarm Security.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-03-30 02:29:36] C:\DOCUME~1\ivy\MENUDM~1\PROGRA~1\DMARRA~1\ Explorateur Windows.lnk - C:\WINDOWS\explorer.exe [2002-08-29 10:45:10] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsMenu"= 1 (0x1) "NoFavoritesMenu"= 1 (0x1) S4 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 17:52:27 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwQueryDirectoryFile, ZwQuerySystemInformation scanning hidden processes ... scanning hidden autostart entries ... HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs = \\?\C:\WINDOWS\system32\lpt5.rjh scanning hidden files ... C:\WINDOWS\biuya1.dll 92831 bytes executable C:\WINDOWS\system32\lpt5.rjh 165014 bytes executable ************************************************************************** . Completion time: 2007-12-03 17:58:34 . --- E O F --- voilà, je vais relire tout le forum les sujets épinglés du forum sécurité de zébulon pour essayer de prévenir d'éventuels problèmes ultérieurs (je ne pouvais plus le faire jusqu'à hier, toute tentative de ma part était bloquée). est-ce que j'ai d'autres instructions, monsieur charles ? en tout cas, encore un immense merci ! sincèrement, en lançant combofix, je n'y croyais plus trop... alors je réfléchissais pour savoir comment m'organiser sans bureau, sans barre des tâches, sans bouton démarrer... c'est pour ça que j'ai été tellement "émue" en revoyant mon bureau. oui, c'est débile, mais j'ai été réellement émue; hihi MERCI !
-
bonjour et hop, voici le rapport de search.bat : ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon AutoRestartShell REG_DWORD 0x1 DefaultDomainName REG_SZ TEST-A3GDR2V1PE DefaultUserName REG_SZ ivy LegalNoticeCaption REG_SZ LegalNoticeText REG_SZ PowerdownAfterShutdown REG_SZ 0 ReportBootOk REG_SZ 1 Shell REG_SZ Explorer.exe ShutdownWithoutLogon REG_SZ 0 System REG_SZ Userinit REG_SZ C:\WINDOWS\system32\Userinit.exe, VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl" SfcQuota REG_DWORD 0xffffffff allocatecdroms REG_SZ 0 allocatedasd REG_SZ 0 allocatefloppies REG_SZ 0 cachedlogonscount REG_SZ 10 forceunlocklogon REG_DWORD 0x0 passwordexpirywarning REG_DWORD 0xe scremoveoption REG_SZ 0 AllowMultipleTSSessions REG_DWORD 0x1 UIHost REG_EXPAND_SZ logonui.exe LogonType REG_DWORD 0x1 Background REG_SZ 0 0 0 DebugServerCommand REG_SZ no SFCDisable REG_DWORD 0x0 WinStationsDisabled REG_SZ 0 HibernationPreviouslyEnabled REG_DWORD 0x1 ShowLogonOptions REG_DWORD 0x0 AltDefaultUserName REG_SZ ivy AltDefaultDomainName REG_SZ TEST-A3GDR2V1PE KeepRasConnections REG_SZ 0 DontDisplayLastUserName REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} <SANS NOM> REG_SZ Sans fil ProcessGroupPolicy REG_SZ ProcessWIRELESSPolicy DllName REG_EXPAND_SZ gptext.dll NoUserPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861} <SANS NOM> REG_SZ Folder Redirection ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx DllName REG_EXPAND_SZ fdeploy.dll NoMachinePolicy REG_DWORD 0x1 NoSlowLink REG_DWORD 0x1 PerUserLocalSettings REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x0 NoBackgroundPolicy REG_DWORD 0x0 GenerateGroupPolicy REG_SZ GenerateGroupPolicy EventSources REG_MULTI_SZ (Folder Redirection,Application)\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} <SANS NOM> REG_SZ Quota du disque Microsoft NoMachinePolicy REG_DWORD 0x0 NoUserPolicy REG_DWORD 0x1 NoSlowLink REG_DWORD 0x1 NoBackgroundPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 PerUserLocalSettings REG_DWORD 0x0 RequiresSuccessfulRegistry REG_DWORD 0x1 EnableAsynchronousProcessing REG_DWORD 0x0 DllName REG_EXPAND_SZ dskquota.dll ProcessGroupPolicy REG_SZ ProcessGroupPolicy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39} <SANS NOM> REG_SZ Planificateur de paquets QoS ProcessGroupPolicy REG_SZ ProcessPSCHEDPolicy DllName REG_EXPAND_SZ gptext.dll NoUserPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3} <SANS NOM> REG_SZ Scripts ProcessGroupPolicy REG_SZ ProcessScriptsGroupPolicy ProcessGroupPolicyEx REG_SZ ProcessScriptsGroupPolicyEx GenerateGroupPolicy REG_SZ GenerateScriptsGroupPolicy DllName REG_EXPAND_SZ gptext.dll NoSlowLink REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 NotifyLinkTransition REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} <SANS NOM> REG_SZ Mappage de zones Internet Explorer DllName REG_EXPAND_SZ iedkcs32.dll ProcessGroupPolicy REG_SZ ProcessGroupPolicyForZoneMap NoGPOListChanges REG_DWORD 0x1 RequiresSucessfulRegistry REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} ProcessGroupPolicy REG_SZ SceProcessSecurityPolicyGPO GenerateGroupPolicy REG_SZ SceGenerateGroupPolicy ExtensionRsopPlanningDebugLevel REG_DWORD 0x1 ProcessGroupPolicyEx REG_SZ SceProcessSecurityPolicyGPOEx ExtensionDebugLevel REG_DWORD 0x1 DllName REG_EXPAND_SZ scecli.dll <SANS NOM> REG_SZ Security NoUserPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 EnableAsynchronousProcessing REG_DWORD 0x1 MaxNoGPOListChangesInterval REG_DWORD 0x3c0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx GenerateGroupPolicy REG_SZ GenerateGroupPolicy ProcessGroupPolicy REG_SZ ProcessGroupPolicy DllName REG_EXPAND_SZ iedkcs32.dll <SANS NOM> REG_SZ Personnalisation de Internet Explorer NoSlowLink REG_DWORD 0x1 NoBackgroundPolicy REG_DWORD 0x0 NoGPOListChanges REG_DWORD 0x1 NoMachinePolicy REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} ProcessGroupPolicy REG_SZ SceProcessEFSRecoveryGPO DllName REG_EXPAND_SZ scecli.dll <SANS NOM> REG_SZ EFS recovery NoUserPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 RequiresSuccessfulRegistry REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7} <SANS NOM> REG_SZ Installation de logiciel DllName REG_EXPAND_SZ appmgmts.dll ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyObjectsEx GenerateGroupPolicy REG_SZ GenerateGroupPolicy NoBackgroundPolicy REG_DWORD 0x0 RequiresSucessfulRegistry REG_DWORD 0x0 NoSlowLink REG_DWORD 0x1 PerUserLocalSettings REG_DWORD 0x1 EventSources REG_MULTI_SZ (Application Management,Application)(MsiInstaller,Application)\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27} <SANS NOM> REG_SZ Sécurité IP ProcessGroupPolicy REG_SZ ProcessIPSECPolicy DllName REG_EXPAND_SZ gptext.dll NoUserPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Asynchronous REG_DWORD 0x0 Impersonate REG_DWORD 0x0 DllName REG_EXPAND_SZ crypt32.dll Logoff REG_SZ ChainWlxLogoffEvent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Asynchronous REG_DWORD 0x0 Impersonate REG_DWORD 0x0 DllName REG_EXPAND_SZ cryptnet.dll Logoff REG_SZ CryptnetWlxLogoffEvent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll DLLName REG_SZ cscdll.dll Logon REG_SZ WinlogonLogonEvent Logoff REG_SZ WinlogonLogoffEvent ScreenSaver REG_SZ WinlogonScreenSaverEvent Startup REG_SZ WinlogonStartupEvent Shutdown REG_SZ WinlogonShutdownEvent StartShell REG_SZ WinlogonStartShellEvent Impersonate REG_DWORD 0x0 Asynchronous REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp DLLName REG_SZ wlnotify.dll Logon REG_SZ SCardStartCertProp Logoff REG_SZ SCardStopCertProp Lock REG_SZ SCardSuspendCertProp Unlock REG_SZ SCardResumeCertProp Enabled REG_DWORD 0x1 Impersonate REG_DWORD 0x1 Asynchronous REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Asynchronous REG_DWORD 0x0 DllName REG_EXPAND_SZ wlnotify.dll Impersonate REG_DWORD 0x0 StartShell REG_SZ SchedStartShell Logoff REG_SZ SchedEventLogOff HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Logoff REG_SZ WLEventLogoff Impersonate REG_DWORD 0x0 Asynchronous REG_DWORD 0x1 DllName REG_EXPAND_SZ sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn DLLName REG_SZ WlNotify.dll Lock REG_SZ SensLockEvent Logon REG_SZ SensLogonEvent Logoff REG_SZ SensLogoffEvent Safe REG_DWORD 0x1 MaxWait REG_DWORD 0x258 StartScreenSaver REG_SZ SensStartScreenSaverEvent StopScreenSaver REG_SZ SensStopScreenSaverEvent Startup REG_SZ SensStartupEvent Shutdown REG_SZ SensShutdownEvent StartShell REG_SZ SensStartShellEvent PostShell REG_SZ SensPostShellEvent Disconnect REG_SZ SensDisconnectEvent Reconnect REG_SZ SensReconnectEvent Unlock REG_SZ SensUnlockEvent Impersonate REG_DWORD 0x1 Asynchronous REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Asynchronous REG_DWORD 0x0 DllName REG_EXPAND_SZ wlnotify.dll Impersonate REG_DWORD 0x0 Logoff REG_SZ TSEventLogoff Logon REG_SZ TSEventLogon PostShell REG_SZ TSEventPostShell Shutdown REG_SZ TSEventShutdown StartShell REG_SZ TSEventStartShell Startup REG_SZ TSEventStartup MaxWait REG_DWORD 0x258 Reconnect REG_SZ TSEventReconnect Disconnect REG_SZ TSEventDisconnect HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon DLLName REG_SZ wlnotify.dll Logon REG_SZ RegisterTicketExpiredNotificationEvent Logoff REG_SZ UnregisterTicketExpiredNotificationEvent Impersonate REG_DWORD 0x1 Asynchronous REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList HelpAssistant REG_DWORD 0x0 TsInternetUser REG_DWORD 0x0 SQLAgentCmdExec REG_DWORD 0x0 NetShowServices REG_DWORD 0x0 IWAM_ REG_DWORD 0x10000 IUSR_ REG_DWORD 0x10000 VUSR_ REG_DWORD 0x10000 ASPNET REG_DWORD 0x0 UfhIZkkIghDD REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials et le main text de DSS : Deckard's System Scanner v20071014.68 Run by ivy on 2007-12-03 10:26:54 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 2 Restore Point(s) -- 2: 2007-12-03 09:27:24 UTC - RP36 - Deckard's System Scanner Restore Point 1: 2007-12-01 19:24:18 UTC - RP35 - Point de vérification système Backed up registry hives. Performed disk cleanup. System Drive C: has 0.56 GiB (less than 15%) free. -- HijackThis (run as ivy.exe) ------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:28:57, on 03/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\cidaemon.exe C:\DOCUMENTS AND SETTINGS\IVY\BUREAU\PROCESS-EXPLORER_PROCESS_EXPLORER_10.21_ANGLAIS_14566\PROCEXP.EXE C:\Documents and Settings\ivy\Bureau\dss.exe C:\DOCUME~1\ivy\Bureau\ivy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linternaute.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Class - {BA05DE13-58D8-4FD0-F3AC-CA637FBCBE9F} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Explorateur Windows.lnk = C:\WINDOWS\explorer.exe O4 - Global Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: ZoneAlarm Security.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://c:\program files\microsoft office\office11\excel.exe/3000 O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196611154000 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwared...on_2_0_4_10.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop Component AutorunsDisabled: (no name) - (no file) -- End of file - 5774 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip> S3 MEMSWEEP2 - c:\windows\system32\12.tmp (file missing) S4 ADILOADER (General Purpose USB Driver (adildr.sys)) - c:\windows\system32\drivers\adildr.sys (file missing) S4 adiusbae (USB ADSL LAN Adapter) - c:\windows\system32\drivers\adiusbae.sys (file missing) S4 adiusbaw (USB ADSL WAN Adapter) - c:\windows\system32\drivers\adiusbaw.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 SysWpg - "c:\program files\fichiers communs\services\iqlznyq.exe" S3 clr_optimization_v2.0.50215_32 (.NET Runtime Optimization Service v2.0.50215_X86) - c:\windows\microsoft.net\framework\v2.0.50215\mscorsvw.exe <Not Verified; Microsoft Corporation; Microsoft® .NET Framework> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2007-11-03 and 2007-12-03 ----------------------------- 2007-12-02 17:06:14 0 d-------- C:\WINDOWS\report 2007-12-02 17:04:47 0 d-------- C:\WINDOWS\AU_Backup 2007-12-02 17:04:45 267845 --a------ C:\WINDOWS\tsc.exe <Not Verified; Trend Micro Inc.; TrendSystemCleaner> 2007-12-02 17:04:45 71749 --a------ C:\WINDOWS\hcextoutput.dll 2007-12-02 17:04:44 1163344 --a------ C:\WINDOWS\vsapi32.dll <Not Verified; Trend Micro Inc.; VSAPI> 2007-12-02 17:04:44 86094 --a------ C:\WINDOWS\BPMNT.dll <Not Verified; Trend Micro Inc.; VSAPI> 2007-12-02 17:02:18 0 d-------- C:\WINDOWS\AU_Temp 2007-12-02 17:02:17 0 d-------- C:\WINDOWS\AU_Log 2007-12-02 17:02:08 507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2007-12-02 17:02:06 69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32> 2007-12-02 17:02:04 286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2007-12-02 11:15:15 0 dr-h----- C:\Documents and Settings\ivy\Recent 2007-12-01 17:37:50 0 d-------- C:\Program Files\12Ghosts 2007-12-01 17:32:32 545 --a------ C:\WINDOWS\UC.PIF 2007-12-01 17:32:32 545 --a------ C:\WINDOWS\RAR.PIF 2007-12-01 17:32:32 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-12-01 17:32:32 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-12-01 17:32:32 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-12-01 17:32:32 545 --a------ C:\WINDOWS\LHA.PIF 2007-12-01 17:32:32 545 --a------ C:\WINDOWS\ARJ.PIF 2007-12-01 17:32:32 0 d-------- C:\Program Files\totalcmd 2007-11-30 11:54:40 0 d-------- C:\Documents and Settings\ivy\Application Data\OpenOffice.org2 2007-11-30 11:43:16 0 d-------- C:\Program Files\OpenOffice.org 2.3 2007-11-20 11:24:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2007-11-19 22:51:16 0 d-------- C:\Program Files\Java 2007-11-19 22:50:20 0 d-------- C:\Program Files\Fichiers communs\Java 2007-11-19 18:12:48 0 d-------- C:\Program Files\msn gaming zone 2007-11-18 20:55:07 0 d-------- C:\Documents and Settings\ivy\Application Data\Grisoft 2007-11-18 20:54:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-18 18:35:19 0 d-------- C:\Program Files\Trend Micro 2007-11-16 19:16:50 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2007-11-16 19:16:50 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-16 19:16:50 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo 2007-11-16 19:16:50 0 d--h----- C:\Documents and Settings\Administrateur\Recent 2007-11-16 19:16:50 0 d--h----- C:\Documents and Settings\Administrateur\Modèles 2007-11-16 19:16:50 0 d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-16 19:16:50 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2007-11-16 19:16:50 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings 2007-11-16 19:16:50 0 d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-16 19:16:50 0 d---s---- C:\Documents and Settings\Administrateur\Cookies 2007-11-16 19:16:50 0 d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-16 19:16:50 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data 2007-11-16 19:16:50 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft 2007-11-16 19:16:49 524288 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT 2007-11-16 17:02:02 0 d--h----- C:\WINDOWS\system32\GroupPolicy 2007-11-10 23:22:54 0 d-------- C:\WINDOWS\system32\oodag 2007-11-09 11:06:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-11-08 18:16:37 0 d-------- C:\Program Files\Safarp 2007-11-08 16:20:28 0 d-------- C:\Documents and Settings\ivy\DoctorWeb 2007-11-08 15:50:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-08 15:02:00 23 --ahs---- C:\WINDOWS\system32\fccbbcc8_g.dll -- Find3M Report --------------------------------------------------------------- 2007-12-02 15:30:50 827879 --a------ C:\Program Files\DiagHelp.zip 2007-12-01 22:16:52 0 d-------- C:\Documents and Settings\ivy\Application Data\Lavasoft 2007-12-01 22:16:46 0 d-------- C:\Documents and Settings\ivy\Application Data\Image Zone Express 2007-12-01 22:16:16 0 d-------- C:\Documents and Settings\ivy\Application Data\Identities 2007-12-01 22:15:37 0 d-------- C:\Documents and Settings\ivy\Application Data\HP 2007-12-01 22:15:30 0 d-------- C:\Documents and Settings\ivy\Application Data\Help 2007-12-01 22:14:33 0 d-------- C:\Documents and Settings\ivy\Application Data\Google 2007-12-01 22:13:56 0 d-------- C:\Documents and Settings\ivy\Application Data\dvdcss 2007-12-01 22:13:50 0 d-------- C:\Documents and Settings\ivy\Application Data\AdobeUM 2007-12-01 22:08:56 0 d-------- C:\Documents and Settings\ivy\Application Data\Adobe 2007-11-29 16:32:21 0 d-------- C:\Program Files\Fichiers communs 2007-11-27 15:21:35 0 d-------- C:\Program Files\BSW 2007-11-20 16:42:05 863 --a------ C:\Program Files\i_view32.ini 2007-11-19 18:12:50 0 d-------- C:\Program Files\Windows NT 2007-11-19 16:12:18 469544 --a----c- C:\WINDOWS\system32\perfh00C.dat 2007-11-19 16:12:18 75986 --a----c- C:\WINDOWS\system32\perfc00C.dat 2007-11-08 15:45:19 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-07 07:54:09 71680 --a------ C:\WINDOWS\ST5UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA05DE13-58D8-4FD0-F3AC-CA637FBCBE9F}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [15/07/2004 10:42] "nwiz"="nwiz.exe" [15/07/2004 10:42 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [15/07/2004 10:42] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [05/05/2003 08:57] "WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [12/12/2005 22:18] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [25/10/2007 17:20] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/05/2005 23:12] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08/03/2007 23:02] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11] C:\Documents and Settings\ivy\Menu D‚marrer\Programmes\D‚marrage\ Explorateur Windows.lnk - C:\WINDOWS\explorer.exe [29/08/2002 10:45:10] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ avast! Antivirus.lnk - C:\Program Files\Alwil Software\Avast4\ashAvast.exe [02/10/2006 11:03:20] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 21:05:26] ZoneAlarm Security.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [30/03/2007 02:29:36] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=1 (0x1) "NoRecentDocsMenu"=1 (0x1) "NoFavoritesMenu"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe] Debugger="c:\windows\system32\pliftgwd.ver" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe] Debugger="C:\DOCUMENTS AND SETTINGS\IVY\BUREAU\PROCESS-EXPLORER_PROCESS_EXPLORER_10.21_ANGLAIS_14566\PROCEXP.EXE" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-12-03 10:33:30 ------------ merci encore pour ton aide, et bonne journée
-
re-salut oui, j'ai essayé plusieurs fois pour diaghelp, en vain. je vais retenter pour le list.bat, j'ai deux fenêtres de résultats, et ça ne me dit pas que le scan est terminé, donc je ne sais pas j'ai bien fait la procédure jusqu'au bout... - la fenêtre blanche (ouverte dans le notepad) me dit : Effectué le 02/12/2007 à 19:14:45,93. Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 80C6-D21A Répertoire de C:\WINDOWS 20/08/2004 00:09 1 036 288 explorer.exe 1 fichier(s) 1 036 288 octets - la fenêtre à fond noir (je recopie, je n'arrive pas à copier coller) : C:\Documents and Settings\ivy\Bureau>CHCP 1252 Page de codes activée: 1252 C:\Documents and Settings\ivy\Bureau>echo Effectué le 02/12/2007 à 19:14:45,93. 1>>recherche.txt C:\Documents and Settings\ivy\Bureau>dir \explorer.exe /a h /s 1>>recherche.txt Fichier introuvable C:\Documents and Settings\ivy\Bureau>notepad recherche.txt merci
-
salut je n'ai pas réussi à récupérer le rapport et je ne le trouve pas sur C. le scan s'est bien déroulé et complètement. il a juste trouvé deux fichiers cachés : C:\WINDOWS\system32\lpt5.rjh C:\WINDOWS\biuya1.dll j'ai essayé de les supprimer avec 12shredder, ça me dit qu'il ne trouve pas les fichiers. merci
-
salut, merci pour ta réponse, c'est en train de scanner (j'ai eu du mal à retrouver le fichier zippé, désolée, alors j'ai exécuté à partir du site. j'ai choisi la première option, c'est "catche.me", j'espère que j'ai bien fait). pardon de ne pas avoir répondu à Phengizy : oui, j'ai exactement le même problème en mode sans échec : pas de bureau, pas de bouton démarrer, pas de barre des tâches. rien. je ne peux pas lancer l'explorateur depuis Process Explorer, j'ai un message d'erreur de windows : "windows ne trouve pas "explorer.exe". Vérifiez que vous avez entré le nom correctement et essayez à nouveau. Pour rechercher un fichier, cliquez sur le bouton Démarrer, puis Rechercher". je poste le rapport dès que je l'ai, encore merci pour votre aide