grundahr

Effectivement ça améliore le temps de démarrage (surtout lorsqu'il y a les services qui démarrent). J'ai remis les 2 premières (nwiz et hotkey), je crois qu'elles sont liées à des fonctions particulières (réglage du contraste de l'écran et passage en mode bi-écran) Merci beaucoup

hop Logfile of HijackThis v1.99.1 Scan saved at 01:36, on 2008-06-28 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\stsystra.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Calendrier\Cld2000.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Khûbe\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [secureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [setDefPrt] "C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Cld2000.exe] "C:\Program Files\Calendrier\Cld2000.exe" O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\biolsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\biolsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\biolsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\biolsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214052950875 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214151206875 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe la question que je me pose c'est pour ces entrées : O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start la première parce que j'ai désinstallé nero depuis quelques temps déjà la deuxième parce que je ne vois pas à quoi elle correspond la troisième idem (mais ça tient sûrement à de l'ignorance de ma part)

entre Antivir réagissait toutes les 2 secondes avec combofix. Pour processguard je l'ai déjà désinstallé.

voilà le rapport : ComboFix 08-06-20.4 - Khûbe 2008-06-27 18:21:50.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1464 [GMT 2:00] Endroit: C:\ComboFix.exe Command switches used :: C:\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMa78b22ef.xml C:\WINDOWS\pskt.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))))))) . 2008-06-27 18:20 . 2008-06-21 17:14 2,037,114 --a------ C:\ComboFix.exe 2008-06-26 15:15 . 2008-06-26 15:15 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-26 15:15 . 2008-06-26 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-26 15:15 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-26 15:15 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-26 13:34 . 2008-06-26 13:34 <REP> d-------- C:\Documents and Settings\Khûbe 2008-06-26 13:34 . <REP> C:\Documents and Settings\Kh¹be\Local Settings 2008-06-26 13:34 . <REP> C:\Documents and Settings\Kh¹be\Local Settings 2008-06-25 15:18 . 2008-06-25 15:20 28,492,044 --a------ C:\24H 2008 net leger.FLV 2008-06-25 15:15 . 2008-06-25 15:18 51,380,508 --a------ C:\24h 2008 net lourd.FLV 2008-06-25 14:46 . 2008-06-25 14:57 359,232,382 --a------ C:\master 24h race 2008 CD.AVI 2008-06-24 18:02 . 2008-06-24 17:49 23,454 --a------ C:\jerome-kerviel.jpg 2008-06-24 14:43 . 2008-06-24 14:43 411,956 --a------ C:\dgng.AVI 2008-06-23 16:20 . 2008-04-23 06:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-23 16:20 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-23 16:20 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-23 16:20 . 2008-04-23 06:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-23 16:20 . 2008-04-23 06:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-23 16:20 . 2008-04-23 06:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-23 16:20 . 2008-04-23 06:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-06-23 16:20 . 2008-04-23 06:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-23 16:20 . 2008-04-22 09:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-23 11:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-06-23 11:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-22 23:19 . 2008-06-22 23:19 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-06-22 23:00 . 2008-06-23 17:27 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-06-22 22:52 . 2008-06-22 22:52 <REP> d-------- C:\Program Files\MSXML 6.0 2008-06-22 22:48 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-06-22 22:48 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-06-22 22:48 . 2006-08-21 14:26 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-06-22 22:46 . 2008-06-22 22:46 <REP> d-------- C:\Program Files\MSXML 4.0 2008-06-22 22:45 . 2008-06-23 17:27 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-06-22 18:36 . 2008-06-22 18:36 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts 2008-06-22 18:09 . 2008-06-22 18:09 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData 2008-06-22 17:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-22 17:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-22 17:51 . 2008-02-28 14:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll 2008-06-22 17:51 . 2008-02-28 14:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB 2008-06-22 17:50 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-06-21 18:44 . 2006-06-22 12:48 181,248 --------- C:\WINDOWS\system32\dllcache\rasmans.dll 2008-06-21 14:57 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-06-21 14:57 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-06-21 14:57 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-06-21 14:57 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-06-21 14:57 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-06-21 02:42 . 2008-06-21 13:59 35,144 --a------ C:\WINDOWS\system32\pghash.dat 2008-06-21 02:42 . 2008-06-21 02:42 0 --a------ C:\WINDOWS\system32\pguard.dat 2008-06-21 02:23 . 2008-06-23 01:18 <REP> d-------- C:\Program Files\ProcessGuard 2008-06-21 01:56 . 2008-06-21 01:56 <REP> d-------- C:\Program Files\CCleaner 2008-06-21 01:50 . 2008-06-21 01:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM 2008-06-21 01:28 . 2008-06-21 01:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-06-21 01:28 . 2008-06-23 01:28 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-06-21 01:24 . 2008-06-24 14:11 <REP> d-------- C:\WINDOWS\Internet Logs 2008-06-21 01:19 . 2008-06-21 01:19 <REP> d-------- C:\Program Files\Avira 2008-06-21 01:19 . 2008-06-21 01:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-21 01:19 . 2008-06-21 01:19 250 --a------ C:\WINDOWS\gmer.ini 2008-06-21 00:34 . 2008-06-21 00:33 691,545 --a------ C:\WINDOWS\unins000.exe 2008-06-21 00:34 . 2008-06-21 00:34 2,554 --a------ C:\WINDOWS\unins000.dat 2008-06-20 18:12 . 2008-06-20 18:12 164 --a------ C:\install.dat 2008-06-19 16:42 . 2008-06-19 16:42 <REP> d-------- C:\Program Files\Lavasoft 2008-06-19 16:42 . 2008-06-19 16:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-19 16:41 . 2008-06-19 16:42 19,153,264 --a------ C:\Lavasoft_Adaware_multi.exe 2008-06-19 16:26 . 2008-06-21 13:58 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-06-19 01:51 . 2008-06-22 17:54 <REP> d-------- C:\Program Files\Fichiers communs\Nero 2008-06-19 01:51 . 2008-06-22 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-06-19 01:47 . 2004-08-11 01:45 141,312 --a------ C:\WINDOWS\system32\setb3.tmp 2008-06-17 19:08 . 2008-06-17 19:08 <REP> d-------- C:\Program Files\DNA 2008-06-17 19:08 . 2008-06-17 19:11 <REP> d-------- C:\Program Files\BitTorrent 2008-06-17 19:07 . 2008-06-17 19:07 874,856 --a------ C:\BitTorrent-6.0.3.exe 2008-06-17 15:50 . 2008-06-17 15:50 40,448 --a------ C:\download.ppt 2008-06-16 18:17 . 2008-06-16 18:17 <REP> d-------- C:\Program Files\eRightSoft 2008-06-16 18:17 . 2008-06-16 18:17 <REP> d-------- C:\Program Files\AviSynth 2.5 2008-06-16 18:15 . 2008-06-16 18:15 28,088,805 --a------ C:\super_super_v2007_build_23_anglais_19891.exe 2008-06-09 17:27 . 2008-06-09 17:27 <REP> d-------- C:\Program Files\GenArts 2008-06-09 17:27 . 2007-10-12 09:51 5,206,016 --a------ C:\WINDOWS\system32\mkl_genarts.dll 2008-06-09 17:27 . 2008-01-15 15:40 3,727,360 --a------ C:\WINDOWS\system32\sapphire_ae.dll 2008-06-09 17:27 . 2006-09-20 15:49 200,704 --a------ C:\WINDOWS\system32\libguide40.dll 2008-06-06 18:39 . 2008-06-06 18:39 3,053,056 --a------ C:\ppt_soutenance_accenture[1].ppt 2008-06-05 19:51 . 2008-06-05 19:51 268 --ah----- C:\sqmdata11.sqm 2008-06-05 19:51 . 2008-06-05 19:51 244 --ah----- C:\sqmnoopt11.sqm 2008-06-01 17:49 . 2008-06-01 17:49 145 --a------ C:\Raccourci vers Lecteur CD.lnk . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-22 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-21 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-20 22:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-19 15:04 --------- d-----w C:\Program Files\eMule 2008-06-19 14:42 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-06-19 14:28 --------- d-----w C:\Program Files\Wave Systems Corp 2008-06-18 10:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-26 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\4D 2008-05-24 09:57 --------- d-----w C:\Program Files\Microsoft Works 2008-05-24 09:56 --------- d-----w C:\Program Files\Microsoft.NET 2008-05-23 16:08 --------- d-----w C:\Program Files\Blip Blop 2008-05-19 12:50 --------- d-----w C:\Program Files\MathType 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-16 03:01 --------- d-----w C:\Program Files\Electronic Arts 2008-05-15 12:54 --------- d-----w C:\Program Files\canon 2008-05-12 13:59 --------- d-----w C:\Program Files\Modalisa 5.1 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-27 16:36 103,833 ----a-w C:\install_uTorrent_.exe 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 10:37 887,938 ----a-w C:\2000-WIN2K_XP-FR-0319.EXE 2008-04-22 07:41 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-21 07:02 474,624 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2008-04-21 07:02 152,064 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2008-04-21 07:02 1,495,040 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2008-04-21 07:02 1,056,768 ------w C:\WINDOWS\system32\dllcache\danim.dll 2008-04-21 07:02 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-03-31 13:43 9,538,928 ----a-w C:\Shine_Win_Full.zip 2008-03-31 13:43 2,963 ----a-w C:\RED_GIANT_TRAPCODE_STARGLOW_V1.5_FOR_AE_CS3-XFORCE.zip 2008-03-31 13:42 3,087 ----a-w C:\RED_GIANT_TRAPCODE_3D_STROKE_V2.5_FOR_PREMIERE_PRO_CS3-XFORCE.zip 2008-03-31 13:42 3,074 ----a-w C:\RED_GIANT_TRAPCODE_STARGLOW_V1.5_FOR_PREMIERE_PRO_CS3-XFORCE.zip 2008-03-31 13:42 2,976 ----a-w C:\RED_GIANT_TRAPCODE_3D_STROKE_V2.5_FOR_AE_CS3-XFORCE.zip 2008-03-31 13:15 3,097 ----a-w C:\RED_GIANT_TRAPCODE_SHINE_V1.5_FOR_PREMIERE_PRO_CS3-XFORCE.zip 2008-03-31 13:14 2,986 ----a-w C:\RED_GIANT_TRAPCODE_SHINE_V1.5_FOR_AE_CS3-XFORCE.zip 2008-03-31 13:12 36,868 ----a-w C:\Program Files\uninst-3DStroke.exe 2008-03-31 12:44 36,868 ----a-w C:\Program Files\uninst-shine.exe 2008-03-29 00:18 9,971,888 ----a-w C:\3DStroke_Win_Full.zip 2008-03-29 00:17 10,752,290 ----a-w C:\Starglow_Win_Full.zip 2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-25_17.17.19,46 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-25 15:12:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-27 16:25:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-06-23 12:04:44 42,323 ----a-w C:\WINDOWS\system32\nvModes.dat + 2008-06-27 16:59:07 49,122 ----a-w C:\WINDOWS\system32\nvModes.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [2007-09-17 03:36 3080704] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [ ] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-04-15 22:49 159744] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-31 16:50 8429568] "nwiz"="nwiz.exe" [2007-05-31 16:50 1626112 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2007-05-31 16:50 67584 C:\WINDOWS\system32\nvhotkey.dll] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-31 16:50 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 19:32 132760] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 13:29 1191936] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 00:26 303104 C:\WINDOWS\stsystra.exe] "SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 12:53 212992] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 12:19 819200] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 12:17 970752] "KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 15:05 282624] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920] "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 18:23 118784] "SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 18:14 49152] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 18:30 864256] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "tcsd_win32.exe"=2 (0x2) "stllssvr"=3 (0x3) "SQLAgent$MICROSOFTSMLBIZ"=3 (0x3) "SecureStorageService"=3 (0x3) "PnkBstrB"=3 (0x3) "PnkBstrA"=3 (0x3) "PLFlash DeviceIoControl Service"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NMIndexingService"=3 (0x3) "NeroRegInCDSrv"=2 (0x2) "Nero BackItUp Scheduler 3"=2 (0x2) "MSSQLServerADHelper"=3 (0x3) "MSSQL$MICROSOFTSMLBIZ"=3 (0x3) "MDM"=2 (0x2) "InCDsrv"=2 (0x2) "IDriverT"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Adobe\\Adobe Premiere Pro CS3\\Adobe Premiere Pro.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13629:TCP"= 13629:TCP:NortonAV "14893:TCP"= 14893:TCP:NortonAV "18106:TCP"= 18106:TCP:NortonAV R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service [] R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 13:32] S3 asbp2poa;asbp2poa;C:\DOCUME~1\KHBE~1\LOCALS~1\Temp\asbp2poa.sys [] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2004-08-05 13:00] S4 SecureStorageService;SecureStorageService;"C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-01-29 22:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43d80910-c3a0-11dc-ac2b-0013e87fefcd}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{499c2b70-a331-11dc-abf1-0013e87fefcd}] \Shell\AutoRun\command - explorer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51e6be88-ee1c-11dc-8180-001c2393e120}] \Shell\AutoRun\command - G:\EmDesk.exe \Shell\EmDesk\command - G:\EmDesk.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ddea589-32e7-11dd-81f0-0013e87fefcd}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-27 19:01:07 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\scardsvr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\hidfind.exe C:\Program Files\Apoint\ApntEx.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-27 19:04:49 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-27 17:04:22 ComboFix2.txt 2008-06-26 11:34:18 Pre-Run: 6,955,872,256 octets libres Post-Run: 6,940,581,888 octets libres 297 --- E O F --- 2008-06-23 15:27:30 En revanche, lors du redémarrage il y a un conflit assez net avec antivir, il y a un moyen d'y pallier? (la protection résidente démarre automatiquement au démarrage)

alors, voici le log MBAM : Malwarebytes' Anti-Malware 1.18 Version de la base de données: 893 14:43:16 2008-06-27 mbam-log-6-27-2008 (14-43-10).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 185524 Temps écoulé: 6 hour(s), 9 minute(s), 1 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 10 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMa78b22ef (Trojan.Agent) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\QooBox\Quarantine\C\WINDOWS\system32\bcikyjgv.dll.vir (Trojan.Vundo) -> No action taken. C:\QooBox\Quarantine\C\WINDOWS\system32\hmniqqil.dll.vir (Trojan.Vundo) -> No action taken. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP217\A0031165.dll (Trojan.Vundo) -> No action taken. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP226\A0039655.dll (Trojan.Vundo) -> No action taken. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP226\A0039656.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\lellppol.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\pvxqrujq.dll (Trojan.Vundo) -> No action taken. C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareExpert.lnk (Rogue.AntiSpywareExpert) -> No action taken. C:\WINDOWS\system32\abimljil.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken. Je peux à nouveau consulter mes mails donc je suppose que le problème est résolu

le lien que tu indiques pour MBAM ne fonctionne pas. J'ai fait une recherche sur majorgeek mais la version que j'ai téléchargée ne fonctionne pas. Il n'y a pas un autre lien? (ou alors une autre version : j'ai voulu télécharger la 1.18) voilà le log combofix : ComboFix 08-06-20.4 - Khûbe 2008-06-26 13:26:18.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1569 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Khûbe\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Bureau\AntiSpywareExpert.lnk c:\SDFix c:\SDFix\apps\assosfix.reg c:\SDFix\apps\cliptext.exe c:\SDFix\apps\download.exe c:\SDFix\apps\dummy.sys c:\SDFix\apps\Enable_Command_Prompt.reg c:\SDFix\apps\ERDNT.E_E c:\SDFix\apps\ERDNTDOS.LOC c:\SDFix\apps\ERDNTWIN.LOC c:\SDFix\apps\ERUNT.EXE c:\SDFix\apps\ERUNT.LOC c:\SDFix\apps\fix.reg c:\SDFix\apps\FixBH.reg c:\SDFix\apps\FixComponents.reg c:\SDFix\apps\FIXCU.reg c:\SDFix\apps\FIXLM.reg c:\SDFix\apps\FixPath.exe c:\SDFix\apps\FixRedir.reg c:\SDFix\apps\FixSchedule.reg c:\SDFix\apps\FixWebCheck.reg c:\SDFix\apps\fixXP.reg c:\SDFix\apps\FixXPsp2.reg c:\SDFix\apps\grep.exe c:\SDFix\apps\HPFix.reg c:\SDFix\apps\HPFix2.reg c:\SDFix\apps\HPFix3.reg c:\SDFix\apps\HPFix4.reg c:\SDFix\apps\HPFix5.reg c:\SDFix\apps\HPFix6.reg c:\SDFix\apps\HPFix7.reg c:\SDFix\apps\HPFix8.reg c:\SDFix\apps\HPFix9.reg c:\SDFix\apps\isadmin.exe c:\SDFix\apps\leg2.txt c:\SDFix\apps\legacy.txt c:\SDFix\apps\legacybk.txt c:\SDFix\apps\locate.com c:\SDFix\apps\LS.exe c:\SDFix\apps\MD5File.exe c:\SDFix\apps\MyGcpvFix.reg c:\SDFix\apps\MyGkFix2.reg c:\SDFix\apps\Process.exe c:\SDFix\apps\procs.exe c:\SDFix\apps\psservice.exe c:\SDFix\apps\Rem.txt c:\SDFix\apps\Rem2.txt c:\SDFix\apps\Replace\regedit.exe c:\SDFix\apps\Replace\W2K.exe c:\SDFix\apps\Replace\w2k\beep.sys c:\SDFix\apps\Replace\w2k\null.sys c:\SDFix\apps\Replace\XP.exe c:\SDFix\apps\Replace\xp\beep.sys c:\SDFix\apps\Replace\xp\null.sys c:\SDFix\apps\Reset_AppInit_DLLs.reg c:\SDFix\apps\RestartIt!.exe c:\SDFix\apps\Restore_SecurityCenter.reg c:\SDFix\apps\Restore_SharedAccess.reg c:\SDFix\apps\sc.exe c:\SDFix\apps\sed.exe c:\SDFix\apps\SF.exe c:\SDFix\apps\shutdown.exe c:\SDFix\apps\srv2.txt c:\SDFix\apps\srv2bk.txt c:\SDFix\apps\svc.txt c:\SDFix\apps\svcbk.txt c:\SDFix\apps\swreg.exe c:\SDFix\apps\swsc.exe c:\SDFix\apps\unzip.exe c:\SDFix\apps\vfind.exe c:\SDFix\apps\WINMSG.EXE c:\SDFix\apps\winsec.reg c:\SDFix\apps\zip.exe c:\SDFix\catchme.exe c:\SDFix\dummy.sys c:\SDFix\RunThis.bat c:\SDFix\SDFIX_ReadMe_Online.url c:\SDFix\W2K_CodecRepair.inf c:\SDFix\XP_CodecRepair.inf . ---- Previous Run ------- . C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiSpywareExpert C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiSpywareExpert\AntiSpywareExpert.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiSpywareExpert\Uninstall AntiSpywareExpert.lnk C:\WINDOWS\BMa78b22ef.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\bcikyjgv.dll C:\WINDOWS\system32\bpwwboio.ini C:\WINDOWS\system32\hmniqqil.dll C:\WINDOWS\system32\ljJDwvUm.dll C:\WINDOWS\system32\loppllel.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mUvwDJjl.ini C:\WINDOWS\system32\mUvwDJjl.ini2 C:\WINDOWS\system32\opnnnmnM.dll C:\WINDOWS\system32\qswurdpf.ini C:\WINDOWS\system32\rYybdJlm.ini C:\WINDOWS\system32\rYybdJlm.ini2 C:\WINDOWS\system32\tuvWpmki.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))))))) . 2008-06-26 13:30 . 2008-06-26 13:30 110,419 --a------ C:\WINDOWS\BMa78b22ef.xml 2008-06-26 13:30 . 2008-06-26 13:30 22 --a------ C:\WINDOWS\pskt.ini 2008-06-25 15:18 . 2008-06-25 15:20 28,492,044 --a------ C:\24H 2008 net leger.FLV 2008-06-25 15:15 . 2008-06-25 15:18 51,380,508 --a------ C:\24h 2008 net lourd.FLV 2008-06-25 14:46 . 2008-06-25 14:57 359,232,382 --a------ C:\master 24h race 2008 CD.AVI 2008-06-24 18:02 . 2008-06-24 17:49 23,454 --a------ C:\jerome-kerviel.jpg 2008-06-24 14:43 . 2008-06-24 14:43 411,956 --a------ C:\dgng.AVI 2008-06-23 16:20 . 2008-04-23 06:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-23 16:20 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-23 16:20 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-23 16:20 . 2008-04-23 06:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-23 16:20 . 2008-04-23 06:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-23 16:20 . 2008-04-23 06:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-23 16:20 . 2008-04-23 06:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-06-23 16:20 . 2008-04-23 06:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-23 16:20 . 2008-04-22 09:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-23 11:14 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-06-23 11:14 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-06-22 23:19 . 2008-06-22 23:19 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-06-22 23:00 . 2008-06-23 17:27 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-06-22 22:52 . 2008-06-22 22:52 <REP> d-------- C:\Program Files\MSXML 6.0 2008-06-22 22:48 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-06-22 22:48 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-06-22 22:48 . 2006-08-21 14:26 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-06-22 22:46 . 2008-06-22 22:46 <REP> d-------- C:\Program Files\MSXML 4.0 2008-06-22 22:45 . 2008-06-23 17:27 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-06-22 18:36 . 2008-06-22 18:36 <REP> d-------- C:\Documents and Settings\Administrateur\Contacts 2008-06-22 18:09 . 2008-06-22 18:09 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData 2008-06-22 17:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-22 17:52 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-22 17:51 . 2008-02-28 14:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll 2008-06-22 17:51 . 2008-02-28 14:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB 2008-06-22 17:50 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-06-21 18:44 . 2006-06-22 12:48 181,248 --------- C:\WINDOWS\system32\dllcache\rasmans.dll 2008-06-21 14:57 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-06-21 14:57 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-06-21 14:57 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-06-21 14:57 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-06-21 14:57 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-06-21 02:42 . 2008-06-21 13:59 35,144 --a------ C:\WINDOWS\system32\pghash.dat 2008-06-21 02:42 . 2008-06-21 02:42 0 --a------ C:\WINDOWS\system32\pguard.dat 2008-06-21 02:23 . 2008-06-23 01:18 <REP> d-------- C:\Program Files\ProcessGuard 2008-06-21 01:56 . 2008-06-21 01:56 <REP> d-------- C:\Program Files\CCleaner 2008-06-21 01:50 . 2008-06-21 01:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM 2008-06-21 01:28 . 2008-06-21 01:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-06-21 01:28 . 2008-06-23 01:28 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-06-21 01:24 . 2008-06-24 14:11 <REP> d-------- C:\WINDOWS\Internet Logs 2008-06-21 01:19 . 2008-06-21 01:19 <REP> d-------- C:\Program Files\Avira 2008-06-21 01:19 . 2008-06-21 01:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-06-21 01:19 . 2008-06-21 01:19 250 --a------ C:\WINDOWS\gmer.ini 2008-06-21 00:44 . 2008-06-21 00:44 90,624 --a------ C:\WINDOWS\system32\abimljil.dll 2008-06-21 00:34 . 2008-06-21 00:33 691,545 --a------ C:\WINDOWS\unins000.exe 2008-06-21 00:34 . 2008-06-21 00:34 2,554 --a------ C:\WINDOWS\unins000.dat 2008-06-20 18:12 . 2008-06-20 18:12 164 --a------ C:\install.dat 2008-06-20 16:18 . 2008-06-20 16:18 79,360 --a------ C:\WINDOWS\system32\lellppol.dll 2008-06-20 16:17 . 2008-06-20 16:17 90,112 --a------ C:\WINDOWS\system32\pvxqrujq.dll 2008-06-19 16:42 . 2008-06-19 16:42 <REP> d-------- C:\Program Files\Lavasoft 2008-06-19 16:42 . 2008-06-19 16:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-19 16:41 . 2008-06-19 16:42 19,153,264 --a------ C:\Lavasoft_Adaware_multi.exe 2008-06-19 16:26 . 2008-06-21 13:58 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-06-19 01:51 . 2008-06-22 17:54 <REP> d-------- C:\Program Files\Fichiers communs\Nero 2008-06-19 01:51 . 2008-06-22 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-06-19 01:47 . 2004-08-11 01:45 141,312 --a------ C:\WINDOWS\system32\setb3.tmp 2008-06-17 19:08 . 2008-06-17 19:08 <REP> d-------- C:\Program Files\DNA 2008-06-17 19:08 . 2008-06-17 19:11 <REP> d-------- C:\Program Files\BitTorrent 2008-06-17 19:07 . 2008-06-17 19:07 874,856 --a------ C:\BitTorrent-6.0.3.exe 2008-06-17 15:50 . 2008-06-17 15:50 40,448 --a------ C:\download.ppt 2008-06-16 18:17 . 2008-06-16 18:17 <REP> d-------- C:\Program Files\eRightSoft 2008-06-16 18:17 . 2008-06-16 18:17 <REP> d-------- C:\Program Files\AviSynth 2.5 2008-06-16 18:15 . 2008-06-16 18:15 28,088,805 --a------ C:\super_super_v2007_build_23_anglais_19891.exe 2008-06-09 17:27 . 2008-06-09 17:27 <REP> d-------- C:\Program Files\GenArts 2008-06-09 17:27 . 2007-10-12 09:51 5,206,016 --a------ C:\WINDOWS\system32\mkl_genarts.dll 2008-06-09 17:27 . 2008-01-15 15:40 3,727,360 --a------ C:\WINDOWS\system32\sapphire_ae.dll 2008-06-09 17:27 . 2006-09-20 15:49 200,704 --a------ C:\WINDOWS\system32\libguide40.dll 2008-06-06 18:39 . 2008-06-06 18:39 3,053,056 --a------ C:\ppt_soutenance_accenture[1].ppt 2008-06-05 19:51 . 2008-06-05 19:51 268 --ah----- C:\sqmdata11.sqm 2008-06-05 19:51 . 2008-06-05 19:51 244 --ah----- C:\sqmnoopt11.sqm 2008-06-01 17:49 . 2008-06-01 17:49 145 --a------ C:\Raccourci vers Lecteur CD.lnk . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-22 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-21 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-20 22:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-19 15:04 --------- d-----w C:\Program Files\eMule 2008-06-19 14:42 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-06-19 14:28 --------- d-----w C:\Program Files\Wave Systems Corp 2008-06-18 10:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-26 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\4D 2008-05-24 09:57 --------- d-----w C:\Program Files\Microsoft Works 2008-05-24 09:56 --------- d-----w C:\Program Files\Microsoft.NET 2008-05-23 16:08 --------- d-----w C:\Program Files\Blip Blop 2008-05-19 12:50 --------- d-----w C:\Program Files\MathType 2008-05-16 03:01 --------- d-----w C:\Program Files\Electronic Arts 2008-05-15 12:54 --------- d-----w C:\Program Files\canon 2008-05-12 13:59 --------- d-----w C:\Program Files\Modalisa 5.1 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-27 16:36 103,833 ----a-w C:\install_uTorrent_.exe 2008-04-22 10:37 887,938 ----a-w C:\2000-WIN2K_XP-FR-0319.EXE 2008-03-31 13:43 9,538,928 ----a-w C:\Shine_Win_Full.zip 2008-03-31 13:43 2,963 ----a-w C:\RED_GIANT_TRAPCODE_STARGLOW_V1.5_FOR_AE_CS3-XFORCE.zip 2008-03-31 13:42 3,087 ----a-w C:\RED_GIANT_TRAPCODE_3D_STROKE_V2.5_FOR_PREMIERE_PRO_CS3-XFORCE.zip 2008-03-31 13:42 3,074 ----a-w C:\RED_GIANT_TRAPCODE_STARGLOW_V1.5_FOR_PREMIERE_PRO_CS3-XFORCE.zip 2008-03-31 13:42 2,976 ----a-w C:\RED_GIANT_TRAPCODE_3D_STROKE_V2.5_FOR_AE_CS3-XFORCE.zip 2008-03-31 13:15 3,097 ----a-w C:\RED_GIANT_TRAPCODE_SHINE_V1.5_FOR_PREMIERE_PRO_CS3-XFORCE.zip 2008-03-31 13:14 2,986 ----a-w C:\RED_GIANT_TRAPCODE_SHINE_V1.5_FOR_AE_CS3-XFORCE.zip 2008-03-31 13:12 36,868 ----a-w C:\Program Files\uninst-3DStroke.exe 2008-03-31 12:44 36,868 ----a-w C:\Program Files\uninst-shine.exe 2008-03-29 00:18 9,971,888 ----a-w C:\3DStroke_Win_Full.zip 2008-03-29 00:17 10,752,290 ----a-w C:\Starglow_Win_Full.zip 2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-25_17.17.19,46 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-25 15:12:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-26 11:28:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360] "Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [2007-09-17 03:36 3080704] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [ ] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-04-15 22:49 159744] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-31 16:50 8429568] "nwiz"="nwiz.exe" [2007-05-31 16:50 1626112 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2007-05-31 16:50 67584 C:\WINDOWS\system32\nvhotkey.dll] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-31 16:50 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 19:32 132760] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 13:29 1191936] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 00:26 303104 C:\WINDOWS\stsystra.exe] "SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 12:53 212992] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 12:19 819200] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 12:17 970752] "KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 15:05 282624] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920] "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 18:23 118784] "SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 18:14 49152] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 18:30 864256] "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "BMa78b22ef"="C:\WINDOWS\system32\abimljil.dll" [2008-06-21 00:44 90624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "tcsd_win32.exe"=2 (0x2) "stllssvr"=3 (0x3) "SQLAgent$MICROSOFTSMLBIZ"=3 (0x3) "SecureStorageService"=3 (0x3) "PnkBstrB"=3 (0x3) "PnkBstrA"=3 (0x3) "PLFlash DeviceIoControl Service"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NMIndexingService"=3 (0x3) "NeroRegInCDSrv"=2 (0x2) "Nero BackItUp Scheduler 3"=2 (0x2) "MSSQLServerADHelper"=3 (0x3) "MSSQL$MICROSOFTSMLBIZ"=3 (0x3) "MDM"=2 (0x2) "InCDsrv"=2 (0x2) "IDriverT"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Adobe\\Adobe Premiere Pro CS3\\Adobe Premiere Pro.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "13629:TCP"= 13629:TCP:NortonAV "14893:TCP"= 14893:TCP:NortonAV "18106:TCP"= 18106:TCP:NortonAV R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service [] R3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 13:32] S3 asbp2poa;asbp2poa;C:\DOCUME~1\KHBE~1\LOCALS~1\Temp\asbp2poa.sys [] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 Wave UCSPlus;Wave UCSPlus;C:\WINDOWS\system32\dllhost.exe [2004-08-05 13:00] S4 SecureStorageService;SecureStorageService;"C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [2007-01-29 22:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43d80910-c3a0-11dc-ac2b-0013e87fefcd}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{499c2b70-a331-11dc-abf1-0013e87fefcd}] \Shell\AutoRun\command - explorer.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51e6be88-ee1c-11dc-8180-001c2393e120}] \Shell\AutoRun\command - G:\EmDesk.exe \Shell\EmDesk\command - G:\EmDesk.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ddea589-32e7-11dd-81f0-0013e87fefcd}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-26 13:30:38 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\scardsvr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\ApntEx.exe C:\Program Files\Apoint\hidfind.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-26 13:34:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-26 11:34:00 Pre-Run: 5,101,199,360 octets libres Post-Run: 5,082,120,192 octets libres 382 --- E O F --- 2008-06-23 15:27:30

DiagHelp version v1.4 - http://www.malekal.com excute le 25/06/2008 à 13:49:00,57 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->25/06/2008 13:48:57 C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->25/06/2008 13:48:56 C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->25/06/2008 13:48:23 C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf -->25/06/2008 13:47:11 C:\WINDOWS\prefetch\HIJACKTHIS.EXE-274688DC.pf -->25/06/2008 13:45:11 C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->25/06/2008 13:44:54 C:\WINDOWS\prefetch\RUNDLL32.EXE-71AB9752.pf -->25/06/2008 13:44:12 C:\WINDOWS\prefetch\RUNDLL32.EXE-41C4C933.pf -->25/06/2008 13:44:12 C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->25/06/2008 13:41:05 C:\WINDOWS\prefetch\RUNDLL32.EXE-6E8D4657.pf -->25/06/2008 13:41:05 C:\WINDOWS\System32\drivers\gmer.sys -->21/06/2008 01:19:17 C:\WINDOWS\System32\drivers\bthport.sys -->14/06/2008 19:59:52 C:\WINDOWS\System32\drivers\rmcast.sys -->08/05/2008 14:28:49 C:\WINDOWS\System32\drivers\NSDriver.sys -->29/04/2008 11:20:00 C:\WINDOWS\System32\drivers\Awrtrd.sys -->29/04/2008 11:19:54 C:\WINDOWS\System32\drivers\Awrtpd.sys -->29/04/2008 11:19:50 C:\WINDOWS\System32\drivers\avipbb.sys -->04/03/2008 13:28:53 C:\WINDOWS\System32\nvModes.001 -->25/06/2008 13:10:48 C:\WINDOWS\System32\nvModes.dat -->23/06/2008 14:04:44 C:\WINDOWS\System32\zllictbl.dat -->23/06/2008 01:28:30 C:\WINDOWS\System32\mapisvc.inf -->22/06/2008 23:20:00 C:\WINDOWS\System32\PerfStringBackup.INI -->22/06/2008 23:07:35 C:\WINDOWS\System32\perfh00C.dat -->22/06/2008 23:07:35 C:\WINDOWS\System32\perfh009.dat -->22/06/2008 23:07:35 C:\WINDOWS\System32\perfc00C.dat -->22/06/2008 23:07:35 C:\WINDOWS\System32\perfc009.dat -->22/06/2008 23:07:35 C:\WINDOWS\System32\FNTCACHE.DAT -->22/06/2008 23:05:18 C:\WINDOWS\System32\TZLog.log -->22/06/2008 22:52:45 C:\WINDOWS\System32\MsiExec.exe.log -->22/06/2008 17:55:41 C:\WINDOWS\System32\pghash.dat -->21/06/2008 13:59:02 C:\WINDOWS\System32\CONFIG.NT -->21/06/2008 13:58:31 C:\WINDOWS\System32\pguard.dat -->21/06/2008 02:42:43 C:\WINDOWS\System32\abimljil.dll -->21/06/2008 00:44:18 C:\WINDOWS\System32\clkcnt.txt -->21/06/2008 00:43:52 C:\WINDOWS\System32\lellppol.dll -->20/06/2008 16:18:24 C:\WINDOWS\System32\pvxqrujq.dll -->20/06/2008 16:17:46 C:\WINDOWS\System32\wpa.dbl -->09/06/2008 13:11:04 C:\WINDOWS\System32\MRT.exe -->29/05/2008 16:35:12 C:\WINDOWS\System32\lsdelete.exe -->16/05/2008 11:58:04 C:\WINDOWS\System32\quartz.dll -->07/05/2008 07:15:36 C:\WINDOWS\System32\mshtml.dll -->23/04/2008 22:16:42 C:\WINDOWS\System32\wininet.dll -->23/04/2008 06:16:40 C:\WINDOWS\setupapi.log -->25/06/2008 13:44:30 C:\WINDOWS\BMa78b22ef.xml -->25/06/2008 13:35:09 C:\WINDOWS\WindowsUpdate.log -->25/06/2008 13:12:22 C:\WINDOWS\BMa78b22ef.txt -->25/06/2008 13:11:35 C:\WINDOWS\QTFont.qfn -->25/06/2008 13:11:11 C:\WINDOWS\pskt.ini -->25/06/2008 13:11:08 C:\WINDOWS\wiadebug.log -->25/06/2008 13:11:06 C:\WINDOWS\0.log -->25/06/2008 13:10:43 C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt -->25/06/2008 13:10:39 C:\WINDOWS\wiaservc.log -->25/06/2008 13:10:37 C:\WINDOWS\bootstat.dat -->25/06/2008 13:10:29 C:\WINDOWS\ntbtlog.txt -->24/06/2008 22:07:27 C:\WINDOWS\SchedLgU.Txt -->24/06/2008 14:10:50 C:\WINDOWS\tsoc.log -->23/06/2008 17:27:30 C:\WINDOWS\tabletoc.log -->23/06/2008 17:27:30 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 2768 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xd0000 7.00.6000.16674 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16674 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cd000 7.00.6000.16674 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x127000 7.00.6000.16674 C:\WINDOWS\system32\urlmon.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x442b0000 0x3c000 7.00.6000.16674 C:\WINDOWS\system32\webcheck.dll 0x10000000 0x43000 C:\WINDOWS\system32\abimljil.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x03930000 0x36000 1.04.0000.0099 C:\WINDOWS\system32\biolsp.dll 0x01e70000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x43ff0000 0xa000 7.00.6000.16674 C:\WINDOWS\system32\jsproxy.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x040f0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x04a10000 0x92000 0.09.0001.0000 C:\WINDOWS\system32\lameACM.acm 0x43c10000 0x1d000 7.00.6000.16674 C:\WINDOWS\system32\URL.dll 0x04580000 0x1a000 C:\Program Files\Dell\QuickSet\dadkeyb.dll 0x04530000 0x1f000 9.00.0001.0006 C:\WINDOWS\system32\CDRTC.DLL 0x058b0000 0x25000 9.00.0000.0053 C:\Program Files\Roxio\Drag-to-Disc\ShellRes.dll 0x16080000 0x19000 1.00.0003.0001 C:\Program Files\Bonjour\mdnsNSP.dll 0x01430000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x067d0000 0x82e000 6.14.0011.0119 C:\WINDOWS\system32\nvcpl.dll 0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x04ab0000 0x45000 6.14.0011.0119 C:\WINDOWS\system32\NVRSFR.DLL 0x04b00000 0x73000 6.14.0010.11091 C:\WINDOWS\system32\nvshell.dll 0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL 0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 904 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est A4B8-11DC Répertoire de C:\WINDOWS\system32 05/08/2004 13:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 7 310 262 272 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est A4B8-11DC Répertoire de C:\WINDOWS\Downloaded Program Files 22/06/2008 18:13 <REP> . 22/06/2008 18:13 <REP> .. 19/08/2004 14:16 65 desktop.ini 25/07/2002 19:13 24 576 dwusplay.dll 25/07/2002 19:13 196 608 dwusplay.exe 27/07/2004 17:48 323 584 isusweb.dll 30/07/2007 19:24 295 muweb.inf 30/07/2007 19:24 293 wuweb.inf 6 fichier(s) 545 421 octets Total des fichiers listés : 6 fichier(s) 545 421 octets 2 Rép(s) 7 310 258 176 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableRegistryTools"=dword:00000000 "HideLegacyLogonScripts"=dword:00000000 "HideLogoffScripts"=dword:00000000 "RunLogonScriptSync"=dword:00000001 "RunStartupScriptSync"=dword:00000000 "HideStartupScripts"=dword:00000000 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... 127.0.0.1 www.activexupdate.com 127.0.0.1 activexupdate.com 127.0.0.1 www.antispywareupdates.net 127.0.0.1 antispywareupdates.net 127.0.0.1 www.avpcheckupdate.com 127.0.0.1 avpcheckupdate.com 127.0.0.1 client.exeupdate.com 127.0.0.1 www.eupdatepage.com 127.0.0.1 eupdatepage.com 127.0.0.1 www.exeupdate.com 127.0.0.1 exeupdate.com 127.0.0.1 www.flwupdate.com 127.0.0.1 flwupdate.com 127.0.0.1 www.hotwinupdates.com 127.0.0.1 hotwinupdates.com 127.0.0.1 www.lavasoftupdate.com 127.0.0.1 lavasoftupdate.com 127.0.0.1 www.malwarewipeupdate.com 127.0.0.1 malwarewipeupdate.com 127.0.0.1 www.mpegupdate.com 127.0.0.1 mpegupdate.com 127.0.0.1 www.msupdate.net 127.0.0.1 msupdate.net 127.0.0.1 www.msupdater.net 127.0.0.1 msupdater.net 127.0.0.1 www.necessaryupdates.com 127.0.0.1 necessaryupdates.com 127.0.0.1 newupdates.lzio.com 127.0.0.1 redirect.msupdate.net 127.0.0.1 search.keyword.exeupdate.com 127.0.0.1 www.securityupdatesite.com 127.0.0.1 securityupdatesite.com 127.0.0.1 settings.updatemysettings.com 127.0.0.1 www.spyaxeupdate.com 127.0.0.1 spyaxeupdate.com 127.0.0.1 www.spyfalconupdate.com 127.0.0.1 spyfalconupdate.com 127.0.0.1 www.systemupdates.net 127.0.0.1 systemupdates.net 127.0.0.1 trial.updates.winsoftware.com 127.0.0.1 update.680180.net 127.0.0.1 update.shareaza.com 127.0.0.1 www.updatemysettings.com 127.0.0.1 updatemysettings.com 127.0.0.1 updates.spywarequake.com 127.0.0.1 www.urgentsystemupdate.biz 127.0.0.1 urgentsystemupdate.biz 127.0.0.1 www.urgentsystemupdate.com 127.0.0.1 urgentsystemupdate.com 127.0.0.1 windupdates.com 127.0.0.1 www.pandaantivirus-2007.com 127.0.0.1 pandaantivirus-2007.com 127.0.0.1 www.pandadownload-now.com 127.0.0.1 pandadownload-now.com 127.0.0.1 www.panda-hq.com 127.0.0.1 panda-hq.com catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-25 13:49:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:2a,b7,02,0e,9d,12,28,d7,75,34,2d,9b,9b,c3,ab,f2,eb,06,57,19,58,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "h0"=dword:00000000 "khjeh"=hex:2a,b7,02,0e,9d,12,28,d7,75,34,2d,9b,9b,c3,ab,f2,eb,06,57,19,58,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs] "CTE_32 Name"="2454627:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{974B9511-91D5-AEE4-5E77-0AF54DD3BA55}\Install] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{974B9511-91D5-AEE4-5E77-0AF54DD3BA55}\Install\VxDs] "Templates"="2454627:{E1E6CBBC-E7CA-AB6C-D7EB-63563C5B204D}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{991A96DC-E2EB-2A6C-19FF-2B7A2918C3DD}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{991A96DC-E2EB-2A6C-19FF-2B7A2918C3DD}\Version 1.1] "dat"="967105929:{5761992D-7E16-D339-B3BC-479994A4F3F4}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{AAA537EF-645A-507D-F524-52D8016638DB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{AAA537EF-645A-507D-F524-52D8016638DB}\Version 1.1] "dat"="959406352:{3E34AAF3-EF8A-6C6F-770A-3F2F42BC878C}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{8821A468-5EF3-DCF6-5064-CA5C33C7C40C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{8821A468-5EF3-DCF6-5064-CA5C33C7C40C}\Install] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{8821A468-5EF3-DCF6-5064-CA5C33C7C40C}\Install\xga-3] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{8821A468-5EF3-DCF6-5064-CA5C33C7C40C}\Install\xga-3\dat] "default"="516231180:{83779CC8-1AC9-1FED-7CCA-C7FBE9782EE9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{D3E8C535-DCA5-8025-308E-EAEA6E654353}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{D3E8C535-DCA5-8025-308E-EAEA6E654353}\Install] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{D3E8C535-DCA5-8025-308E-EAEA6E654353}\Install\xga-3] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{D3E8C535-DCA5-8025-308E-EAEA6E654353}\Install\xga-3\dat] "default"="516231180:{ED96C01E-C608-CD68-E33B-6F387915C708}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{991A96DC-E2EB-2A6C-19FF-2B7A2918C3DD}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{991A96DC-E2EB-2A6C-19FF-2B7A2918C3DD}\Version 3.x] "dat"="1767914624:{C5D76B9B-3D19-E6E3-EC10-3403212B8C21}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{AAA537EF-645A-507D-F524-52D8016638DB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{AAA537EF-645A-507D-F524-52D8016638DB}\Version 3.x] "dat"="1767914624:{F22AF3F8-9DB3-DD11-7149-DF3EEBAD1A81}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll] "AplicationGoo"="77)#a8\x00be2393\x84ál8faaÖ" "ChkAppHelp"="{B3B2D0C1-D0AD-36AF-0DDD-B1A4F91B9960}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 252 - scardsvr.exe 328 - cmd.exe 468 - iTunesHelper.ex 488 - winampa.exe 500 - avgnt.exe 668 - avguard.exe 676 - AppleMobileDevi 696 - AsfIpMon.exe 776 - jucheck.exe 864 - NicConfigSvc.ex 868 - PSNGive.exe 872 - csrss.exe 904 - winlogon.exe 948 - services.exe 960 - lsass.exe 1088 - nvsvc32.exe 1164 - svchost.exe 1172 - RegSrvc.exe 1232 - svchost.exe 1284 - svchost.exe 1340 - EvtEng.exe 1432 - S24EvMon.exe 1476 - WLKEEPER.exe 1572 - svchost.exe 1644 - svchost.exe 1672 - stacsv.exe 1796 - svchost.exe 1840 - aawservice.exe 1876 - rundll32.exe 2040 - spoolsv.exe 2476 - SecureUpgrade.e 2500 - ApMsgFwd.exe 2556 - hidfind.exe 2576 - ApntEx.exe 2636 - ctfmon.exe 2688 - alg.exe 2768 - explorer.exe 2776 - Cld2000.exe 2924 - TeaTimer.exe 2972 - ZCfgSvc.exe 3048 - iFrmewrk.exe 3120 - HijackThis.exe 3128 - KADxMain.exe 3384 - PsnLite.exe 3424 - svchost.exe 3432 - iPodService.exe 3456 - issch.exe 3512 - wmiprvse.exe 3572 - sqlmangr.exe 3668 - Dot1XCfg.exe 3708 - DrgToDsc.exe 3776 - Apoint.exe 3784 - msnmsgr.exe 3860 - PDVDDXSrv.exe 3932 - DLG.exe 3964 - brctrcen.exe 3976 - rundll32.exe 3996 - quickset.exe 4016 - daemon.exe 4068 - stsystra.exe 5128 - wmiprvse.exe 5276 - firefox.exe Total number of processes = 63 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll BA5A8000 - \WINDOWS\system32\KDCOM.DLL BA4B8000 - \WINDOWS\system32\BOOTVID.dll B9EBD000 - sptd.sys BA5AA000 - \WINDOWS\System32\Drivers\WMILIB.SYS B9EA5000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS B9E7F000 - d347bus.sys B9E50000 - ACPI.sys BA0A8000 - isapnp.sys B9E3F000 - pci.sys BA4BC000 - compbatt.sys BA4C0000 - \WINDOWS\system32\DRIVERS\BATTC.SYS BA670000 - pciide.sys BA328000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS B9E21000 - pcmcia.sys BA0B8000 - MountMgr.sys B9E02000 - ftdisk.sys B9DDC000 - dmio.sys BA330000 - PartMgr.sys BA0C8000 - VolSnap.sys B9DC4000 - BA5AC000 - d347prt.sys BA0D8000 - disk.sys BA0E8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS B9DA4000 - fltMgr.sys B9D92000 - sr.sys B9D7C000 - DRVMCDB.SYS BA0F8000 - PxHelp20.sys B9D65000 - KSecDD.sys B9CD8000 - Ntfs.sys B9CAB000 - NDIS.sys BA108000 - ohci1394.sys BA118000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS B9C90000 - Mup.sys BA168000 - \SystemRoot\system32\DRIVERS\nic1394.sys B9C1F000 - \SystemRoot\system32\DRIVERS\tunmp.sys BA148000 - \SystemRoot\system32\DRIVERS\intelppm.sys B957C000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys B9568000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS BA410000 - \SystemRoot\system32\DRIVERS\usbuhci.sys B9545000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS BA418000 - \SystemRoot\system32\DRIVERS\usbehci.sys B951F000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys B9305000 - \SystemRoot\system32\DRIVERS\NETw4x32.sys BA158000 - \SystemRoot\system32\DRIVERS\i8042prt.sys B92E1000 - \SystemRoot\system32\DRIVERS\Apfiltr.sys BA420000 - \SystemRoot\system32\DRIVERS\mouclass.sys BA428000 - \SystemRoot\system32\DRIVERS\kbdclass.sys B92D0000 - \SystemRoot\system32\DRIVERS\serial.sys B9C13000 - \SystemRoot\system32\DRIVERS\serenum.sys BA178000 - \SystemRoot\system32\DRIVERS\imapi.sys BA5E6000 - \SystemRoot\System32\Drivers\DLACDBHM.SYS BA188000 - \SystemRoot\system32\DRIVERS\cdrom.sys BA198000 - \SystemRoot\system32\DRIVERS\redbook.sys B92AD000 - \SystemRoot\system32\DRIVERS\ks.sys BA430000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys B9C0B000 - \SystemRoot\system32\DRIVERS\CmBatt.sys B9C07000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys BA7DA000 - \SystemRoot\system32\DRIVERS\audstub.sys BA1A8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys B9C03000 - \SystemRoot\system32\DRIVERS\ndistapi.sys B926E000 - \SystemRoot\system32\DRIVERS\ndiswan.sys BA1B8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys BA1C8000 - \SystemRoot\system32\DRIVERS\raspptp.sys BA438000 - \SystemRoot\system32\DRIVERS\TDI.SYS B925D000 - \SystemRoot\system32\DRIVERS\psched.sys BA1D8000 - \SystemRoot\system32\DRIVERS\msgpc.sys BA440000 - \SystemRoot\system32\DRIVERS\ptilink.sys BA448000 - \SystemRoot\system32\DRIVERS\raspti.sys B922C000 - \SystemRoot\system32\DRIVERS\rdpdr.sys BA1E8000 - \SystemRoot\system32\DRIVERS\termdd.sys BA5E8000 - \SystemRoot\system32\DRIVERS\swenum.sys B91D3000 - \SystemRoot\system32\DRIVERS\update.sys BA590000 - \SystemRoot\system32\DRIVERS\mssmbios.sys BA1F8000 - \SystemRoot\System32\Drivers\NDProxy.SYS BA208000 - \SystemRoot\system32\DRIVERS\usbhub.sys BA5EC000 - \SystemRoot\system32\DRIVERS\USBD.SYS B7FEC000 - \SystemRoot\system32\drivers\sthda.sys B7FCA000 - \SystemRoot\system32\drivers\portcls.sys BA218000 - \SystemRoot\system32\drivers\drmk.sys B7FB2000 - \SystemRoot\system32\drivers\dxec01.sys B7F7E000 - \SystemRoot\system32\DRIVERS\HSFHWAZL.sys B7E8C000 - \SystemRoot\system32\DRIVERS\HSF_DPV.sys B7DD9000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys BA450000 - \SystemRoot\System32\Drivers\Modem.SYS BA5F2000 - \SystemRoot\System32\Drivers\i2omgmt.SYS BA5F4000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS BA72D000 - \SystemRoot\System32\Drivers\Null.SYS BA5F6000 - \SystemRoot\System32\Drivers\Beep.SYS BA460000 - \SystemRoot\System32\Drivers\DLARTL_M.SYS BA468000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS BA470000 - \SystemRoot\System32\drivers\vga.sys BA5FA000 - \SystemRoot\System32\Drivers\mnmdd.SYS BA5FC000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys BA488000 - \SystemRoot\system32\DRIVERS\usbccgp.sys BA490000 - \SystemRoot\System32\Drivers\Msfs.SYS BA498000 - \SystemRoot\System32\Drivers\Npfs.SYS B9C2B000 - \SystemRoot\system32\DRIVERS\rasacd.sys B7BF2000 - \SystemRoot\system32\DRIVERS\ipsec.sys B7B9A000 - \SystemRoot\system32\DRIVERS\tcpip.sys B7B72000 - \SystemRoot\system32\DRIVERS\netbt.sys B7B51000 - \SystemRoot\system32\DRIVERS\ipnat.sys BA268000 - \SystemRoot\system32\DRIVERS\wanarp.sys B7B19000 - \SystemRoot\system32\DRIVERS\tcpip6.sys B92A5000 - \SystemRoot\System32\drivers\ws2ifsl.sys BA4A0000 - \SystemRoot\system32\DRIVERS\Ip6Fw.sys B7ACF000 - \SystemRoot\System32\drivers\afd.sys BA278000 - \SystemRoot\system32\DRIVERS\netbios.sys BA288000 - \SystemRoot\system32\DRIVERS\arp1394.sys BA4A8000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys BA4B0000 - \SystemRoot\System32\Drivers\SCDEmu.SYS B7AA4000 - \SystemRoot\system32\DRIVERS\rdbss.sys B7A0D000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys BA298000 - \SystemRoot\System32\Drivers\Fips.SYS B911F000 - \SystemRoot\system32\DRIVERS\hidusb.sys BA2A8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS B79FA000 - \SystemRoot\system32\DRIVERS\avipbb.sys B9117000 - \SystemRoot\system32\DRIVERS\mouhid.sys BA600000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys B9113000 - \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS BA2B8000 - \SystemRoot\System32\Drivers\oz776.sys B910B000 - \SystemRoot\System32\Drivers\SMCLIB.SYS BA318000 - \SystemRoot\System32\Drivers\Cdfs.SYS B79E2000 - \SystemRoot\System32\Drivers\dump_atapi.sys BA612000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys B7B0D000 - \SystemRoot\System32\drivers\Dxapi.sys BA370000 - \SystemRoot\System32\watchdog.sys BF000000 - \SystemRoot\System32\drivers\dxg.sys BA6DF000 - \SystemRoot\System32\drivers\dxgthk.sys BF012000 - \SystemRoot\System32\nv4_disp.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL B794A000 - \SystemRoot\System32\Drivers\DRVNDDM.SYS BA69C000 - \SystemRoot\System32\DLA\DLADResM.SYS B54C2000 - \SystemRoot\System32\DLA\DLAIFS_M.SYS BA3B0000 - \SystemRoot\System32\DLA\DLAOPIOM.SYS BA664000 - \SystemRoot\System32\DLA\DLAPoolM.SYS BA3B8000 - \SystemRoot\System32\DLA\DLABMFSM.SYS BA3C0000 - \SystemRoot\System32\DLA\DLABOIOM.SYS B54AC000 - \SystemRoot\System32\DLA\DLAUDFAM.SYS B5495000 - \SystemRoot\System32\DLA\DLAUDF_M.SYS BA3E8000 - \SystemRoot\system32\DRIVERS\AegisP.sys B54EA000 - \SystemRoot\system32\DRIVERS\s24trans.sys B5459000 - \SystemRoot\system32\DRIVERS\ndisuio.sys B50D1000 - \SystemRoot\system32\DRIVERS\mrxdav.sys BA614000 - \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys B50C1000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys B4F3F000 - \SystemRoot\system32\DRIVERS\srv.sys B50FD000 - \SystemRoot\system32\DRIVERS\secdrv.sys B4EDB000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys B4DFE000 - \SystemRoot\system32\drivers\wdmaud.sys B797A000 - \SystemRoot\system32\drivers\sysaudio.sys B47CF000 - \SystemRoot\System32\Drivers\HTTP.sys B0DE8000 - \SystemRoot\system32\drivers\kmixer.sys BA7B8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 156 Liste des programmes installes 2d3 SteadyMove for Adobe Premiere Pro 2.0 3D Flash Animator 3.72 Ad-Aware Adobe After Effects CS3 Adobe After Effects CS3 Adobe After Effects CS3 Presets Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color Common Settings Adobe Color EU Recommended Settings Adobe Color JA Extra Settings Adobe Color NA Extra Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator 10 Evaluation Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Photoshop CS3 Adobe Premiere Pro CS3 Adobe Premiere Pro CS3 Adobe Premiere Pro CS3 Functional Content Adobe Reader 7.0 - Français Adobe Setup Adobe Setup Adobe Setup Adobe Setup Adobe Setup Adobe Setup Adobe Setup Adobe Stock Photos CS3 Adobe Stock Photos CS3 Adobe SVG Viewer 3.0 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Video Profiles Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 Apple Mobile Device Support Apple Software Update Archiveur WinRAR Audacity 1.2.6 Avira AntiVir Personal – Free Antivirus biolsp patch Blip Blop (remove only) BluffTitler DX9 Broadcom ASF Management Applications Broadcom Management Programs Broadcom TPM Driver Installer Brother MFL-Pro Suite Calendrier Xtra v9.00 CCleaner (remove only) CDex extraction audio Conexant HDA D330 MDC V.92 Modem Correctif pour Windows XP (KB896256) Correctif pour Windows XP (KB908673) Correctif pour Windows XP (KB909095) Correctif pour Windows XP (KB935448) Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885855 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888302 Correctif Windows XP - KB889673 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 DAEMON Tools Data Lifeguard Tools Dell Embassy Trust Suite by Wave Systems Dell Touchpad Digital Line Detect DivX Web Player EasyPHP 2.0b1 EMBASSY Security Setup EMBASSY Security Setup EMBASSY Trust Suite by Wave Systems ESC Home Page Plugin ESC Home Page Plugin ETS Upgrade ETS Upgrade FileZilla Client 3.0.7 Free Music Zilla GenArts Sapphire Plug-ins 2.02 for After Effects and Compatible High Definition Audio Driver Package - KB835221 HijackThis 1.99.1 Hotfix for Windows XP (KB915865) IntelliSonic Speech Enhancement iTunes J2SE Runtime Environment 5.0 Update 6 Java 6 Update 2 K-Lite Mega Codec Pack 3.4.5 Logiciel Intel® PROSet/Wireless Magic Bullet Looks MathType 6 mCore mDrWiFi mHlpDell Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Excel MUI (French) 2007 Microsoft Office Outlook 2003 with Business Contact Manager Update Microsoft Office Outlook MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Shared MUI (French) 2007 Microsoft Office Standard 2007 Microsoft Office Standard 2007 Microsoft Office Word MUI (French) 2007 Microsoft Software Update for Web Folders (French) 12 Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899588) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923789) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB929969) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933566) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937894) Mise à jour de sécurité pour Windows XP (KB938127) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB941693) Mise à jour de sécurité pour Windows XP (KB943055) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944338) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour de sécurité pour Windows XP (KB945553) Mise à jour de sécurité pour Windows XP (KB946026) Mise à jour de sécurité pour Windows XP (KB948590) Mise à jour de sécurité pour Windows XP (KB950749) Mise à jour de sécurité pour Windows XP (KB950759) Mise à jour de sécurité pour Windows XP (KB950760) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB951376-v2) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB912945) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB932823-v3) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) mIWA mLogView mMHouse Mozilla Firefox (2.0.0.14) mPfMgr mPfWiz mProSafe mSCfg MSN Adder 7.0 mSSO MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) mWlsSafe mWMI mZConfig NetWaiting NTRU TCG Software Stack NVIDIA Drivers O2Micro USB Smart Card Reader Outil de diagnostic de modem PDF Settings PDFCreator PDFCreator Toolbar Post-it® Software Notes Lite PowerDVD PowerISO Preboot Manager QuarkXPress 7.0 QuickSet QuickTime Roxio Creator Audio Roxio Creator BDAV Plugin Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Drag-to-Disc Roxio Express Labeler Roxio Update Manager Secure Update Secure Update Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Excel 2007 (KB946974) Security Update for Microsoft Office system 2007 (KB951808) Security Update for Microsoft Office Word 2007 (KB950113) Security Update for Office 2007 (KB947801) Security Update for Outlook 2007 (KB946983) Security Wizards Security Wizards SigmaTel Audio Skype™ 3.5 Sonic Activation Module Spybot - Search & Destroy Spybot - Search & Destroy 1.5.2.20 Starcraft SUPER © Version 2007.bld.23 (July 4, 2007) Trapcode 3DStroke Trapcode Shine Trapcode Shine Premiere Pro Trapcode Starglow Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb950378) upekmsi VCRedistSetup VeohTV BETA VeohTV BETA VideoLAN VLC media player 0.8.5 Wave Infrastructure Installer Wave Support Software Wave Support Software WD Diagnostics WebFldrs XP Winamp Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format Runtime XLSTAT 2008 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est A4B8-11DC Répertoire de C:\Program Files 24/06/2008 13:37 <REP> . 24/06/2008 13:37 <REP> .. 07/04/2008 14:57 <REP> 3D Flash Animator 3.72 30/09/2007 01:56 <REP> 3M 09/01/2008 08:54 <REP> Addinsoft 03/04/2008 18:00 <REP> Adobe 18/11/2007 18:08 <REP> Alwil Software 13/09/2007 20:17 <REP> Apoint 29/09/2007 00:48 <REP> Apple Software Update 13/01/2008 15:55 <REP> Audacity 21/06/2008 01:19 <REP> Avira 16/06/2008 18:17 <REP> AviSynth 2.5 17/06/2008 19:11 <REP> BitTorrent 23/05/2008 18:08 <REP> Blip Blop 14/10/2007 16:51 <REP> Bonjour 13/09/2007 20:45 <REP> Broadcom 30/11/2007 23:16 <REP> Brother 18/11/2007 18:22 <REP> Calendrier 15/05/2008 14:54 <REP> canon 21/06/2008 01:56 <REP> CCleaner 06/04/2008 14:35 <REP> CDex_170b2 30/11/2007 23:16 <REP> Common Files 13/09/2007 20:33 <REP> CONEXANT 24/12/2007 18:30 <REP> Croteam 13/09/2007 20:48 <REP> CyberLink 13/09/2007 20:36 <REP> Dell 13/09/2007 20:39 <REP> DIFX 13/09/2007 20:36 <REP> Digital Line Detect 07/04/2008 00:42 <REP> DivX 17/06/2008 19:08 <REP> DNA 21/02/2008 18:54 <REP> D-Tools 26/12/2007 00:39 <REP> EA Games 28/02/2008 14:44 <REP> EasyPHP 2.0b1 16/05/2008 05:01 <REP> Electronic Arts 19/06/2008 17:04 <REP> eMule 16/06/2008 18:17 <REP> eRightSoft 19/06/2008 16:32 <REP> Fichiers communs 01/03/2008 13:31 <REP> FileZilla FTP Client 10/03/2008 12:04 <REP> Free Music Zilla 09/06/2008 17:27 <REP> GenArts 13/09/2007 20:46 <REP> Intel 13/09/2007 20:47 <REP> Intel, Inc 23/06/2008 17:27 <REP> Internet Explorer 17/03/2008 16:27 <REP> iPod 17/03/2008 16:27 <REP> iTunes 03/11/2007 14:22 <REP> Java 07/04/2008 01:23 <REP> K-Lite Codec Pack 19/06/2008 16:42 <REP> Lavasoft 31/03/2008 15:20 <REP> LooksBuilder 19/05/2008 14:50 <REP> MathType 13/09/2007 20:31 <REP> Messenger 22/06/2008 23:19 <REP> Microsoft CAPICOM 2.1.0.2 19/08/2004 14:18 <REP> microsoft frontpage 24/05/2008 11:57 <REP> Microsoft Office 20/09/2007 15:56 <REP> Microsoft Small Business 20/09/2007 15:59 <REP> Microsoft SQL Server 20/09/2007 15:47 <REP> Microsoft Visual Studio 20/09/2007 15:57 <REP> Microsoft Visual Studio .NET 2003 24/05/2008 11:57 <REP> Microsoft Works 24/05/2008 11:56 <REP> Microsoft.NET 12/05/2008 15:59 <REP> Modalisa 5.1 13/09/2007 20:36 <REP> Modem Diagnostic Tool 19/08/2004 14:16 <REP> Movie Maker 25/06/2008 13:47 <REP> Mozilla Firefox 19/08/2004 14:14 <REP> MSN 28/11/2007 01:08 <REP> MSN Adder 19/08/2004 14:14 <REP> MSN Gaming Zone 20/09/2007 15:31 <REP> MSN Messenger 22/06/2008 22:46 <REP> MSXML 4.0 22/06/2008 22:52 <REP> MSXML 6.0 19/08/2004 14:16 <REP> NetMeeting 13/09/2007 20:36 <REP> NetWaiting 13/09/2007 20:39 <REP> NTRU Cryptosystems 19/08/2004 14:15 <REP> Online Services 08/03/2008 16:56 <REP> Outerspace Software 22/06/2008 22:52 <REP> Outlook Express 30/09/2007 16:46 <REP> PDFCreator 30/09/2007 16:46 <REP> PDFCreator Toolbar 28/02/2008 13:27 <REP> PowerISO 23/06/2008 01:18 <REP> ProcessGuard 07/11/2007 22:47 <REP> Quark 17/03/2008 16:26 <REP> QuickTime 13/09/2007 20:47 <REP> Roxio 30/11/2007 23:14 <REP> ScanSoft 19/08/2004 14:16 <REP> Services en ligne 13/09/2007 20:35 <REP> SigmaTel 11/02/2008 00:37 <REP> Skype 21/06/2008 00:36 <REP> Spybot - Search & Destroy 31/03/2008 18:59 <REP> Starcraft 31/03/2008 14:44 <REP> Trapcode 31/03/2008 15:12 36 868 uninst-3DStroke.exe 31/03/2008 14:44 36 868 uninst-shine.exe 26/01/2008 13:09 <REP> Veoh Networks 29/09/2007 17:45 <REP> VideoLAN 19/06/2008 16:28 <REP> Wave Systems Corp 24/10/2007 19:35 <REP> Western Digital 24/10/2007 19:44 <REP> Western Digital Technologies 21/04/2008 18:12 <REP> Winamp 19/06/2008 01:48 <REP> Windows Media Player 19/08/2004 14:14 <REP> Windows NT 07/11/2007 22:24 <REP> WinRAR 19/08/2004 14:18 <REP> xerox 2 fichier(s) 73 736 octets 100 Rép(s) 7 225 257 984 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est A4B8-11DC Répertoire de C:\Program Files\fichiers communs 19/06/2008 16:32 <REP> . 19/06/2008 16:32 <REP> .. 03/04/2008 18:02 <REP> Adobe 29/09/2007 00:48 <REP> Apple 09/11/2007 00:27 <REP> BitDefender 20/09/2007 15:56 <REP> Crystal Decisions 24/05/2008 11:57 <REP> DESIGNER 30/11/2007 23:16 <REP> InstallShield 13/09/2007 20:31 <REP> Java 14/10/2007 16:42 <REP> Macrovision Shared 24/05/2008 11:57 <REP> Microsoft Shared 19/08/2004 14:16 <REP> MSSoap 22/06/2008 17:54 <REP> Nero 19/08/2004 14:10 <REP> ODBC 13/09/2007 20:47 <REP> Roxio Shared 19/08/2004 14:16 <REP> Services 11/02/2008 00:37 <REP> Skype 13/09/2007 20:47 <REP> Sonic Shared 19/08/2004 14:10 <REP> SpeechEngines 13/09/2007 20:47 <REP> SureThing Shared 22/06/2008 22:52 <REP> System 03/04/2008 18:01 <REP> Vbox 19/06/2008 16:42 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 23 Rép(s) 7 225 257 984 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est A4B8-11DC Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 24/05/2008 11:55 <REP> . 24/05/2008 11:55 <REP> .. 24/05/2008 11:49 <REP> 1033 24/05/2008 11:54 <REP> 1036 26/10/2006 19:49 970 528 MSONSEXT.DLL 26/10/2006 20:12 40 256 MSOSV.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 11/07/2003 02:25 80 448 PKMWS.DLL 5 fichier(s) 1 341 202 octets 4 Rép(s) 7 225 257 984 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est A4B8-11DC Répertoire de C:\Program Files\common files 30/11/2007 23:16 <REP> . 30/11/2007 23:16 <REP> .. 30/11/2007 23:16 <REP> InstallShield 0 fichier(s) 0 octets 3 Rép(s) 7 225 253 888 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est A4B8-11DC Répertoire de C:\ 22/04/2008 12:37 887 938 2000-WIN2K_XP-FR-0319.EXE 07/12/2007 22:50 22 606 384 AdbeRdr70_fra_full.exe 17/06/2008 19:07 874 856 BitTorrent-6.0.3.exe 27/04/2008 18:36 103 833 install_uTorrent_.exe 19/06/2008 16:42 19 153 264 Lavasoft_Adaware_multi.exe 16/06/2008 18:15 28 088 805 super_super_v2007_build_23_anglais_19891.exe 6 fichier(s) 71 715 080 octets 0 Rép(s) 7 225 253 888 octets libres Attention : C:\autorun.inf existe c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{9556CFD4-3F7E-4D1C-958B-759703E9CC21}\ARPPRODUCTICON.exe c:\Documents and Settings\Administrateur\Bureau\antivir_workstation_winu_en_h.exe c:\Documents and Settings\Administrateur\Bureau\ccsetup208.exe c:\Documents and Settings\Administrateur\Bureau\ComboFix.exe c:\Documents and Settings\Administrateur\Bureau\ELIBAGLA.CØØFBØØH.EXE c:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe c:\Documents and Settings\Administrateur\Bureau\pgsetup.exe c:\Documents and Settings\Administrateur\Bureau\SDFix.exe c:\Documents and Settings\Administrateur\Bureau\spybotsd152.exe c:\Documents and Settings\Administrateur\Bureau\zaSetup_fr.exe c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe c:\Documents and Settings\All Users\Documents\CSS Full.exe c:\Documents and Settings\All Users\Documents\CSS Patch v7.exe c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{9556CFD4-3F7E-4D1C-958B-759703E9CC21}\ARPPRODUCTICON.exe c:\Documents and Settings\Khûbe\Application Data\Azureus\updates\inst_1\Azureus.exe c:\Documents and Settings\Khûbe\Application Data\Azureus\updates\inst_1\AzureusUpdater.exe c:\Documents and Settings\Khûbe\Application Data\Azureus\updates\inst_2\Azureus.exe c:\Documents and Settings\Khûbe\Application Data\Azureus\updates\inst_2\AzureusUpdater.exe c:\Documents and Settings\Khûbe\Application Data\Azureus\updates\inst_3\Azureus.exe c:\Documents and Settings\Khûbe\Application Data\Azureus\updates\inst_3\AzureusUpdater.exe c:\Documents and Settings\Khûbe\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\ARPPRODUCTICON.exe c:\Documents and Settings\Khûbe\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\Uninstall_WD_Diagnos_0AB76F69E7614CFAB9B0A1906B4E9E4B.exe c:\Documents and Settings\Khûbe\Application Data\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe c:\Documents and Settings\Khûbe\Application Data\Microsoft\Installer\{9556CFD4-3F7E-4D1C-958B-759703E9CC21}\ARPPRODUCTICON.exe c:\Documents and Settings\Khûbe\Application Data\U3\temp\cleanup.exe c:\Documents and Settings\Khûbe\Application Data\U3\temp\Launchpad Removal.exe c:\Documents and Settings\Khûbe\Bureau\Blip__Blop_Version_complete.exe c:\Documents and Settings\Khûbe\Bureau\HijackThis.exe c:\Documents and Settings\Khûbe\Bureau\3D flash animator\3DFlashAnimator3IntlSetup.exe c:\Documents and Settings\Khûbe\Bureau\3D flash animator\crack.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Khûbe\Bureau\DiagHelp\DiagHelp\tar.exe c:\Documents and Settings\Khûbe\Bureau\Downloads\SpySweeper5-5TrialSetup_FR.exe c:\Documents and Settings\Khûbe\Bureau\travail\FixVundo.exe c:\Documents and Settings\Khûbe\Bureau\travail\MTW6.0cFra.exe c:\Documents and Settings\Khûbe\Bureau\travail\zaSetup_fr.exe c:\Documents and Settings\Khûbe\Bureau\travail\PIE\Modalisa51v_20071010.exe c:\Documents and Settings\Khûbe\Bureau\travail\VirtualDub-1.7.7\auxsetup.exe c:\Documents and Settings\Khûbe\Bureau\travail\VirtualDub-1.7.7\vdub.exe c:\Documents and Settings\Khûbe\Bureau\travail\VirtualDub-1.7.7\VirtualDub.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Adobe\Updater5\Install\cameraraw4\CameraRaw4_3_1.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Adobe\Updater5\Install\devicecentral1\DC.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Adobe\Updater5\Install\estoolkit2\ExtendScriptToolkit2.0.2_new.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Adobe\Updater5\Install\photoshop10-fr_FR\photoshop_10_0_1.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer2580\Setup.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer2580\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer2580\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer2580\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer2580\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer2580\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer2940\Setup.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer2940\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer2940\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer2940\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer2940\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer2940\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer3492\Setup.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer3492\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer3492\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer3492\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer3492\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Khûbe\Local Settings\Application Data\Installer3492\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Khûbe\Local Settings\temp\06230812521\z4barSpInstall.exe c:\Documents and Settings\Khûbe\Local Settings\Temporary Internet Files\Content.IE5\UDBRPWXG\zlsSetup_70_473_000_fr[1].exe c:\Documents and Settings\Khûbe\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\Setup.exe c:\Documents and Settings\Khûbe\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\redist\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Khûbe\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\redist\WindowsServer2003-KB898715-ia64-enu.exe c:\Documents and Settings\Khûbe\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\redist\WindowsServer2003-KB898715-x64-enu.exe c:\Documents and Settings\Khûbe\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\redist\WindowsServer2003-KB898715-x86-enu.exe c:\Documents and Settings\Khûbe\Mes documents\Downloaded Installations\Adobe Dreamweaver CS3\redist\WindowsXP-KB898715-x64-enu.exe c:\Documents and Settings\Khûbe\Mes documents\Downloads\BluffTitler.DX9.v6.10.WinALL.Incl.Keygen-BRD\keygen\keygen.exe c:\Documents and Settings\Khûbe\Mes documents\Downloads\BluffTitler.DX9.v6.10.WinALL.Incl.Keygen-BRD\setup\BluffTitlerSetup.exe c:\Documents and Settings\Khûbe\Mes documents\Downloads\GENARTS_SAPPHIRE_V2.02_FOR_AE-XFORCE\sapphire-ae-install-2.02.exe c:\Documents and Settings\Khûbe\Mes documents\Downloads\GENARTS_SAPPHIRE_V2.02_FOR_AE-XFORCE\Crack\xf-sapphire_keygen.exe c:\Documents and Settings\Khûbe\Mes documents\Downloads\MAGIC.BulletLOOKs.v1___2008pack_AVID_AE_PREMIERE\LFORAVID\REDGIANT_MAGIC_BULLET_LOOKS_V1.0_FOR_AVID-XFORCE\Magic Bullet Looks AVX.exe c:\Documents and Settings\Khûbe\Mes documents\Downloads\MAGIC.BulletLOOKs.v1___2008pack_AVID_AE_PREMIERE\LFORPREMIERE\REDGIANT_MAGIC_BULLET_LOOKS_V1.0_FOR_PREMIERE-XFORCE\Magic Bullet Looks PPro.exe c:\Documents and Settings\Khûbe\Mes documents\Downloads\MAGIC.BulletLOOKs.v1___2008pack_AVID_AE_PREMIERE\REDGIANT_MAGIC_BULLET_LOOKS_V1.0_FOR_AE-XFORCE\Magic Bullet Looks.exe c:\Documents and Settings\Khûbe\Mes documents\Downloads\Nero 8 Ultra Edition 8.3.2.1 Full Version + Keys Crack\D4D.cc_Nero_8_Ultra_Edition_8.3.2.1b\Nero_8_Ultra_Edition_8.3.2.1b\Nero 8 Ultra Edition 8.3.2.1b\Nero-8.3.2.1b_eng_update.exe c:\Documents and Settings\Khûbe\Mes documents\Downloads\Nero 8 Ultra Edition 8.3.2.1 Full Version + Keys Crack\D4D.cc_Nero_8_Ultra_Edition_8.3.2.1b\Nero_8_Ultra_Edition_8.3.2.1b\Nero 8 Ultra Edition 8.3.2.1b\EMBRACE\keygen.exe c:\Documents and Settings\Khûbe\Mes documents\Downloads\PowerISO v3.8 + keygen\PowerISO38.exe c:\Documents and Settings\Khûbe\Mes documents\Downloads\PowerISO v3.8 + keygen\keygen\keygen.exe c:\Documents and Settings\Khûbe\Mes documents\Mes fichiers reçus\calendrier xtra2.exe c:\Documents and Settings\Khûbe\Mes documents\Videos\Veoh\VeohSetup-3.9.1.1165.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlui.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Khûbe\Application Data\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll c:\Documents and Settings\Khûbe\Application Data\Azureus\updates\inst_1\aereg.dll c:\Documents and Settings\Khûbe\Application Data\Azureus\updates\inst_1\msvcr71.dll c:\Documents and Settings\Khûbe\Application Data\Azureus\updates\inst_2\aereg.dll c:\Documents and Settings\Khûbe\Application Data\Azureus\updates\inst_2\msvcr71.dll c:\Documents and Settings\Khûbe\Application Data\Azureus\updates\inst_3\aereg.dll c:\Documents and Settings\Khûbe\Application Data\Azureus\updates\inst_3\msvcr71.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_KHUBE.tar.gz a l'adresse http://upload.malekal.com merci encore

Bonjour, j'ai actuellement un souci avec internet : quel que soit le navigateur utilisé, je ne peux accéder à google ou à gmail. J'ai utilisé antivir, ad-aware, spybot. J'ai été infecté par mundo que j'ai viré avec mundofix. voici mon rapport hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 23:13:33, on 22/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\ProcessGuard\dcsuserprot.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\stsystra.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ProcessGuard\pgaccount.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Calendrier\Cld2000.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\3M\PSNLite\PsnLite.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~1\3M\PSNLite\PSNGive.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\Documents and Settings\Khûbe\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {362C0E64-B258-4A8A-A97F-1165BE9751Ea} - C:\WINDOWS\system32\bgkfqpsj.dll (file missing) O2 - BHO: (no name) - {6D0F98D2-9142-4AF7-8AC2-CEB6BB39A5A2} - C:\WINDOWS\system32\mlJdbyYr.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B3E06000-79AD-46C9-BEF6-4ECA50B4E257} - C:\Documents and Settings\Khûbe\Local Settings\Temporary Internet Files\Content.IE5\CHGNG34Z\3077ahntdksr[1].dll (file missing) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [secureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [setDefPrt] "C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe" O4 - HKLM\..\Run: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKLM\..\Run: [bMa78b22ef] Rundll32.exe "C:\WINDOWS\system32\abimljil.dll",s O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Cld2000.exe] "C:\Program Files\Calendrier\Cld2000.exe" O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\biolsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\biolsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\biolsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\biolsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214052950875 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214151206875 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing) O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe merci d'avance