totoleheros1

Effectivement plus de plantage impromptus ni de comportements suspects. ca m a l air impec merci pour tout vous m avezenlevé une belle épine du pied !!

Effectivement il y a un paquet de mises à jour à effectuer! Mais bon service exe ne tourne plus à 1G comme avant et l ordi est deja beaucoup plus stable et rapide, un vrai plaisir Voici le rapport MBRcheck MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000000c Kernel Drivers (total 182): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E4000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F78000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB9F67000 pci.sys 0xBA0A8000 isapnp.sys 0xBA4BC000 compbatt.sys 0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA5AC000 aliide.sys 0xBA5AE000 intelide.sys 0xBA5B0000 toside.sys 0xBA5B2000 viaide.sys 0xBA5B4000 cmdide.sys 0xBA0B8000 MountMgr.sys 0xB9F48000 ftdisk.sys 0xBA5B6000 dmload.sys 0xB9F22000 dmio.sys 0xBA330000 PartMgr.sys 0xBA4C4000 ACPIEC.sys 0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xBA0C8000 VolSnap.sys 0xBA4C8000 cpqarray.sys 0xB9F0A000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xB9EF2000 atapi.sys 0xBA4CC000 aha154x.sys 0xBA338000 sparrow.sys 0xBA4D0000 symc810.sys 0xBA0D8000 aic78xx.sys 0xBA4D4000 dac960nt.sys 0xBA0E8000 ql10wnt.sys 0xBA4D8000 amsint.sys 0xBA340000 asc.sys 0xBA4DC000 asc3550.sys 0xBA348000 mraid35x.sys 0xBA350000 i2omp.sys 0xBA4E0000 ini910u.sys 0xBA0F8000 ql1240.sys 0xBA108000 aic78u2.sys 0xBA358000 symc8xx.sys 0xBA360000 sym_hi.sys 0xBA368000 sym_u3.sys 0xBA370000 ABP480N5.SYS 0xBA378000 asc3350p.sys 0xBA5B8000 cd20xrnt.sys 0xBA118000 ultra.sys 0xB9ED9000 adpu160m.sys 0xBA380000 dpti2o.sys 0xBA128000 ql1080.sys 0xBA138000 ql1280.sys 0xBA148000 ql12160.sys 0xBA388000 perc2.sys 0xBA5BA000 perc2hib.sys 0xBA390000 hpn.sys 0xBA4E4000 cbidf2k.sys 0xB9EAD000 dac2w2k.sys 0xBA158000 disk.sys 0xBA168000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9E8D000 fltmgr.sys 0xBA178000 PxHelp20.sys 0xB9E76000 KSecDD.sys 0xB9DE9000 Ntfs.sys 0xB9DBC000 NDIS.sys 0xBA188000 sisagp.sys 0xBA198000 viaagp.sys 0xBA1A8000 ohci1394.sys 0xBA1B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xB9DA2000 Mup.sys 0xBA1C8000 alim1541.sys 0xBA1D8000 amdagp.sys 0xBA1E8000 agp440.sys 0xBA1F8000 agpCPQ.sys 0xBA208000 04490172.sys 0xBA248000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xBA5F6000 \SystemRoot\system32\DRIVERS\ATKACPI.sys 0xB9787000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB9395000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB9381000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB9359000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB91B7000 \SystemRoot\system32\DRIVERS\NETw3x32.sys 0xBA3F8000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB9193000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA400000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB917F000 \SystemRoot\system32\DRIVERS\sdbus.sys 0xBA408000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0xB9777000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0xB9133000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0xB911F000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys 0xB9767000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xBA410000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xB90EF000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xBA5F8000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xBA418000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xB9757000 \SystemRoot\system32\DRIVERS\imapi.sys 0xB9747000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xB9737000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB90CC000 \SystemRoot\system32\DRIVERS\ks.sys 0xB9C92000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xB9727000 \SystemRoot\System32\Drivers\tosrfcom.sys 0xBA5FA000 \SystemRoot\system32\DRIVERS\serscan.sys 0xBA764000 \SystemRoot\system32\DRIVERS\audstub.sys 0xB9717000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA57C000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB90B5000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA258000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA268000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA420000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB907C000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA278000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA428000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA430000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB904C000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xBA288000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA5FC000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB8FEE000 \SystemRoot\system32\DRIVERS\update.sys 0xB988D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBA298000 \SystemRoot\system32\DRIVERS\tosporte.sys 0xBA2A8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xB6F06000 \SystemRoot\system32\drivers\ADIHdAud.sys 0xB6EE2000 \SystemRoot\system32\drivers\portcls.sys 0xBA2B8000 \SystemRoot\system32\drivers\drmk.sys 0xB6D67000 \SystemRoot\system32\DRIVERS\smserial.sys 0xBA438000 \SystemRoot\System32\Drivers\Modem.SYS 0xBA2D8000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xB9CD2000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xBA2E8000 \SystemRoot\System32\Drivers\tosrfusb.sys 0xBA604000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA7DF000 \SystemRoot\System32\Drivers\Null.SYS 0xBA606000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA450000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA458000 \SystemRoot\System32\drivers\vga.sys 0xBA608000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA60C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA460000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA468000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB9CCA000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB6D0C000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB6CB3000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xBA2F8000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xB6C8D000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xB6C65000 \SystemRoot\system32\DRIVERS\netbt.sys 0xBA308000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xB6C43000 \SystemRoot\System32\drivers\afd.sys 0xBA318000 \SystemRoot\system32\DRIVERS\netbios.sys 0xB9D92000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xB6C18000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB6BA8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xB9D72000 \SystemRoot\System32\Drivers\Fips.SYS 0xB6AA6000 \SystemRoot\System32\Drivers\SynMini.sys 0xB9D62000 \SystemRoot\System32\Drivers\STREAM.SYS 0xB90AD000 \SystemRoot\System32\Drivers\SYNSAM.SYS 0xBA470000 \SystemRoot\System32\Drivers\SynCamd.sys 0xB69DC000 \SystemRoot\System32\Drivers\SynPin.sys 0xB5E1B000 \SystemRoot\System32\Drivers\SynPipe.sys 0xBA614000 \SystemRoot\System32\Drivers\SynScan.sys 0xB5DCC000 \SystemRoot\System32\Drivers\aswSP.SYS 0xBA480000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xB58AC000 \SystemRoot\system32\DRIVERS\04490171.sys 0xB57F0000 \SystemRoot\System32\Drivers\tosrfbd.sys 0xB9D12000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys 0xB9D02000 \SystemRoot\System32\Drivers\tosrfbnp.sys 0xBA4A8000 \SystemRoot\system32\DRIVERS\tosrfnds.sys 0xB9797000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB57C4000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA3A0000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA7F5000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB48C3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0xB6E52000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys 0xB4853000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB46D0000 \SystemRoot\System32\Drivers\aswMon2.SYS 0xB3C37000 \SystemRoot\System32\Drivers\HTTP.sys 0xBA488000 \SystemRoot\System32\Drivers\aswRdr.SYS 0xB360A000 \SystemRoot\system32\drivers\wdmaud.sys 0xB389F000 \SystemRoot\system32\drivers\sysaudio.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 38): 0 System Idle Process 4 System 1020 C:\WINDOWS\system32\smss.exe 1072 csrss.exe 1104 C:\WINDOWS\system32\winlogon.exe 1148 C:\WINDOWS\system32\services.exe 1160 C:\WINDOWS\system32\lsass.exe 1332 C:\WINDOWS\system32\svchost.exe 1380 svchost.exe 1420 C:\Program Files\Windows Defender\MsMpEng.exe 1460 C:\WINDOWS\system32\svchost.exe 1600 svchost.exe 1816 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 344 C:\WINDOWS\system32\spoolsv.exe 968 C:\WINDOWS\ehome\ehrecvr.exe 988 C:\WINDOWS\ehome\ehSched.exe 1064 C:\WINDOWS\system32\inetsrv\inetinfo.exe 1304 C:\Program Files\Canon\IJPLM\ijplmsvc.exe 1480 C:\Program Files\Java\jre6\bin\jqs.exe 1512 C:\Program Files\Microsoft LifeCam\MSCamS32.exe 1532 C:\WINDOWS\system32\nvsvc32.exe 1552 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1676 C:\WINDOWS\system32\snmp.exe 1708 svchost.exe 164 C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe 204 C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe 248 C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE 532 mcrdsvc.exe 864 C:\WINDOWS\system32\wuauclt.exe 2080 alg.exe 2184 C:\WINDOWS\system32\wbem\wmiapsrv.exe 2204 wmiprvse.exe 2312 C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE 3404 C:\WINDOWS\explorer.exe 3524 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3540 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe 3548 C:\WINDOWS\system32\ctfmon.exe 888 C:\Documents and Settings\Bene\Bureau\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f3947600 (NTFS) PhysicalDrive0 Model Number: ST9120822A, Rev: 3.ALA Size Device Name MBR Status -------------------------------------------- 111 GB \\.\PhysicalDrive0 Windows 98 MBR code detected SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E Done! y a t il encore des trucs louches qui tournent?

Ici Les rapports sur les evenements critiques Autoscan: malfunction (events: 2, objects: 0, time: Unknown) 15/08/2010 09:09:10 Task started 15/08/2010 09:49:03 Detected: Trojan-Spy.Win32.Delf.wh C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE/300.exe/ASPack Autoscan: completed 18 hours ago (events: 9, objects: 743816, time: 01:38:00) 15/08/2010 13:49:19 Task started 15/08/2010 15:18:23 Detected: Trojan.Win32.BHO.acvs C:\WINDOWS\system32\AscConTest.dll 15/08/2010 15:23:57 Detected: Backdoor.Win32.Sinowal.cc Unknown application 15/08/2010 15:23:57 Cannot be backed up: Backdoor.Win32.Sinowal.cc Unknown application 15/08/2010 15:39:37 Detected: Backdoor.Win32.Sinowal.cc System Memory 15/08/2010 15:43:37 Task stopped 15/08/2010 16:02:46 Task started 15/08/2010 16:05:12 Detected: Backdoor.Win32.Sinowal.cc System Memory 15/08/2010 17:40:47 Task completed Disinfect active threats: completed 20 hours ago (events: 3, objects: 2938, time: 00:06:52) 15/08/2010 15:43:35 Task started 15/08/2010 15:43:35 Detected: Backdoor.Win32.Sinowal.cc System Memory 15/08/2010 15:50:27 Task completed Autoscan: malfunction (events: 1, objects: 0, time: Unknown) Autoscan: malfunction (events: 1, objects: 1, time: Unknown) Autoscan: malfunction (events: 1, objects: 0, time: Unknown) Autoscan: malfunction (events: 1, objects: 0, time: Unknown) Autoscan: malfunction (events: 1, objects: 0, time: Unknown) Autoscan: stopped 12 hours ago (events: 2, objects: 136238, time: 00:46:55) Autoscan: malfunction (events: 4, objects: 0, time: Unknown) 15/08/2010 23:47:11 Task started 16/08/2010 01:49:41 Detected: Backdoor.Win32.Sinowal.cc Unknown application 16/08/2010 01:49:41 Cannot be backed up: Backdoor.Win32.Sinowal.cc Unknown application 16/08/2010 02:05:53 Detected: Backdoor.Win32.Sinowal.cc System Memory <>: not defined: 0 (events: 2, objects: , time: 00:00:00) 16/08/2010 06:28:56 Task started 16/08/2010 06:28:56 Detected: Backdoor.Win32.Sinowal.cc System Memory Autoscan: completed 10 minutes ago (events: 7, objects: 593248, time: 01:24:44) 16/08/2010 08:24:51 Task started 16/08/2010 09:46:43 Detected: Backdoor.Win32.Sinowal.cc Unknown application 16/08/2010 09:46:43 Cannot be backed up: Backdoor.Win32.Sinowal.cc Unknown application 16/08/2010 10:02:18 Detected: Backdoor.Win32.Sinowal.cc System Memory 16/08/2010 10:11:38 Task stopped 16/08/2010 10:43:11 Task started 16/08/2010 12:07:55 Task completed Disinfect active threats: completed 1 hour ago (events: 4, objects: 3540, time: 00:14:53) 16/08/2010 10:11:37 Task started 16/08/2010 10:11:37 Detected: Backdoor.Win32.Sinowal.cc System Memory 16/08/2010 10:26:30 Detected: Backdoor.Win32.Sinowal.knf \Device\Harddisk0\DR0 16/08/2010 10:26:30 Task completed Ici tous les rapports sur evenements critiques et importants Autoscan: malfunction (events: 2, objects: 0, time: Unknown) 15/08/2010 09:09:10 Task started 15/08/2010 09:49:03 Detected: Trojan-Spy.Win32.Delf.wh C:\APPS\OFFICE_1\All\oonepdf\SETUP.EXE/300.exe/ASPack Autoscan: completed 18 hours ago (events: 12, objects: 743816, time: 01:38:00) 15/08/2010 13:49:19 Task started 15/08/2010 15:18:23 Detected: Trojan.Win32.BHO.acvs C:\WINDOWS\system32\AscConTest.dll 15/08/2010 15:19:27 Deleted: Trojan.Win32.BHO.acvs C:\WINDOWS\system32\AscConTest.dll 15/08/2010 15:23:57 Detected: Backdoor.Win32.Sinowal.cc Unknown application 15/08/2010 15:23:57 Cannot be backed up: Backdoor.Win32.Sinowal.cc Unknown application 15/08/2010 15:39:37 Detected: Backdoor.Win32.Sinowal.cc System Memory 15/08/2010 15:43:37 Task stopped 15/08/2010 16:02:46 Task started 15/08/2010 16:05:12 Detected: Backdoor.Win32.Sinowal.cc System Memory 15/08/2010 16:05:23 Disinfected: Backdoor.Win32.Sinowal.cc System Memory 15/08/2010 16:05:23 Disinfected: Backdoor.Win32.Sinowal.cc System Memory 15/08/2010 17:40:47 Task completed Disinfect active threats: completed 20 hours ago (events: 5, objects: 2938, time: 00:06:52) 15/08/2010 15:43:35 Task started 15/08/2010 15:43:35 Detected: Backdoor.Win32.Sinowal.cc System Memory 15/08/2010 15:43:37 Disinfected: Backdoor.Win32.Sinowal.cc System Memory 15/08/2010 15:43:37 Disinfected: Backdoor.Win32.Sinowal.cc System Memory 15/08/2010 15:50:27 Task completed Autoscan: malfunction (events: 23, objects: 0, time: Unknown) 15/08/2010 18:47:39 Task started 15/08/2010 18:50:00 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\0a02c6854959fdbec0c4aa\i386\mso.dll 15/08/2010 18:52:29 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\2ef1e1e403e317bc875e6ecce72e36\i386\mso.dll 15/08/2010 18:54:45 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\36f9fb44f69174921f892299b37e36\i386\mso.dll 15/08/2010 18:57:07 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\4a39ddee6aa4d2e3319487\i386\mso.dll 15/08/2010 18:59:14 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\5c8c8b123be1ae7fad8f72f89e\i386\mso.dll 15/08/2010 19:01:28 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\69013ea13debcc39730c\i386\mso.dll 15/08/2010 20:16:04 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\e5cfccea16c63031d95372fb1c26\i386\mso.dll 15/08/2010 20:20:48 Detected: Adobe Photoshop BMP.8BI Bitmap File Handling Buffer Overflow - Securelist C:\Program Files\Adobe\Adobe Photoshop CS2\Modules externes\Formats de fichiers\BMP.8BI 15/08/2010 20:24:02 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\Program Files\Fichiers communs\Microsoft Shared\Office10\MSO.DLL 15/08/2010 20:26:17 Detected: Sun Java JDK / JRE Multiple Vulnerabilities - Securelist C:\Program Files\ImageJ\jre\bin\java.exe 15/08/2010 20:26:52 Detected: Sun Java JDK / JRE Multiple Vulnerabilities - Securelist C:\Program Files\Java\jre1.5.0_04\bin\java.exe 15/08/2010 20:26:59 Detected: Sun Java JDK / JRE Multiple Vulnerabilities - Securelist C:\Program Files\Java\jre1.6.0_06\bin\java.exe 15/08/2010 20:50:07 Detected: Adobe Shockwave Player Multiple Vulnerabilities - Securelist C:\WINDOWS\system32\Adobe\Director\np32dsw.dll 15/08/2010 20:50:09 Detected: Adobe Shockwave Player Multiple Vulnerabilities - Securelist C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll 15/08/2010 20:52:24 Detected: Adobe Flash Player Multiple Vulnerabilities - Securelist C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 15/08/2010 21:05:08 Detected: QuickTime Player Streaming Debug Error Logging Buffer Overflow - Securelist C:\Program Files\QuickTime\QuickTimePlayer.exe 15/08/2010 21:10:00 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\0a02c6854959fdbec0c4aa\i386\mso.dll 15/08/2010 21:12:15 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\2ef1e1e403e317bc875e6ecce72e36\i386\mso.dll 15/08/2010 21:14:44 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\36f9fb44f69174921f892299b37e36\i386\mso.dll 15/08/2010 21:17:46 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\4a39ddee6aa4d2e3319487\i386\mso.dll 15/08/2010 21:20:26 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\5c8c8b123be1ae7fad8f72f89e\i386\mso.dll 15/08/2010 21:22:39 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\69013ea13debcc39730c\i386\mso.dll Autoscan: malfunction (events: 7, objects: 0, time: Unknown) 15/08/2010 22:05:38 Task started 15/08/2010 22:10:51 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\0a02c6854959fdbec0c4aa\i386\mso.dll 15/08/2010 22:14:23 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\2ef1e1e403e317bc875e6ecce72e36\i386\mso.dll 15/08/2010 22:17:02 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\36f9fb44f69174921f892299b37e36\i386\mso.dll 15/08/2010 22:19:30 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\4a39ddee6aa4d2e3319487\i386\mso.dll 15/08/2010 22:21:59 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\5c8c8b123be1ae7fad8f72f89e\i386\mso.dll 15/08/2010 22:24:42 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\69013ea13debcc39730c\i386\mso.dll Autoscan: stopped 12 hours ago (events: 8, objects: 136238, time: 00:46:55) 15/08/2010 22:51:16 Task started 15/08/2010 22:54:07 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\0a02c6854959fdbec0c4aa\i386\mso.dll 15/08/2010 22:56:38 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\2ef1e1e403e317bc875e6ecce72e36\i386\mso.dll 15/08/2010 22:59:46 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\36f9fb44f69174921f892299b37e36\i386\mso.dll 15/08/2010 23:02:17 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\4a39ddee6aa4d2e3319487\i386\mso.dll 15/08/2010 23:05:04 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\5c8c8b123be1ae7fad8f72f89e\i386\mso.dll 15/08/2010 23:08:49 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\69013ea13debcc39730c\i386\mso.dll 15/08/2010 23:38:12 Task stopped Autoscan: malfunction (events: 21, objects: 0, time: Unknown) 15/08/2010 23:47:11 Task started 15/08/2010 23:50:47 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\0a02c6854959fdbec0c4aa\i386\mso.dll 15/08/2010 23:52:10 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\2ef1e1e403e317bc875e6ecce72e36\i386\mso.dll 15/08/2010 23:53:20 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\36f9fb44f69174921f892299b37e36\i386\mso.dll 15/08/2010 23:54:32 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\4a39ddee6aa4d2e3319487\i386\mso.dll 15/08/2010 23:55:43 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\5c8c8b123be1ae7fad8f72f89e\i386\mso.dll 15/08/2010 23:57:19 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\69013ea13debcc39730c\i386\mso.dll 16/08/2010 01:09:12 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\e5cfccea16c63031d95372fb1c26\i386\mso.dll 16/08/2010 01:14:06 Detected: Adobe Photoshop BMP.8BI Bitmap File Handling Buffer Overflow - Securelist C:\Program Files\Adobe\Adobe Photoshop CS2\Modules externes\Formats de fichiers\BMP.8BI 16/08/2010 01:17:50 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\Program Files\Fichiers communs\Microsoft Shared\Office10\MSO.DLL 16/08/2010 01:20:17 Detected: Sun Java JDK / JRE Multiple Vulnerabilities - Securelist C:\Program Files\ImageJ\jre\bin\java.exe 16/08/2010 01:20:45 Detected: Sun Java JDK / JRE Multiple Vulnerabilities - Securelist C:\Program Files\Java\jre1.5.0_04\bin\java.exe 16/08/2010 01:20:51 Detected: Sun Java JDK / JRE Multiple Vulnerabilities - Securelist C:\Program Files\Java\jre1.6.0_06\bin\java.exe 16/08/2010 01:45:57 Detected: Adobe Shockwave Player Multiple Vulnerabilities - Securelist C:\WINDOWS\system32\Adobe\Director\np32dsw.dll 16/08/2010 01:45:58 Detected: Adobe Shockwave Player Multiple Vulnerabilities - Securelist C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll 16/08/2010 01:48:41 Detected: Adobe Flash Player Multiple Vulnerabilities - Securelist C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 16/08/2010 01:49:41 Detected: Backdoor.Win32.Sinowal.cc Unknown application 16/08/2010 01:49:41 Cannot be backed up: Backdoor.Win32.Sinowal.cc Unknown application 16/08/2010 02:01:23 Detected: QuickTime Player Streaming Debug Error Logging Buffer Overflow - Securelist C:\Program Files\QuickTime\QuickTimePlayer.exe 16/08/2010 02:05:17 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\Program Files\Fichiers communs\Microsoft Shared\Office10\MSO.DLL 16/08/2010 02:05:53 Detected: Backdoor.Win32.Sinowal.cc System Memory <>: not defined: 0 (events: 2, objects: , time: 00:00:00) 16/08/2010 06:28:56 Task started 16/08/2010 06:28:56 Detected: Backdoor.Win32.Sinowal.cc System Memory Autoscan: completed 1 minute ago (events: 39, objects: 593248, time: 01:24:44) 16/08/2010 08:24:51 Task started 16/08/2010 08:26:04 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\0a02c6854959fdbec0c4aa\i386\mso.dll 16/08/2010 08:27:41 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\2ef1e1e403e317bc875e6ecce72e36\i386\mso.dll 16/08/2010 08:28:46 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\36f9fb44f69174921f892299b37e36\i386\mso.dll 16/08/2010 08:29:55 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\4a39ddee6aa4d2e3319487\i386\mso.dll 16/08/2010 08:30:53 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\5c8c8b123be1ae7fad8f72f89e\i386\mso.dll 16/08/2010 08:31:50 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\69013ea13debcc39730c\i386\mso.dll 16/08/2010 09:25:22 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\e5cfccea16c63031d95372fb1c26\i386\mso.dll 16/08/2010 09:27:30 Detected: Adobe Photoshop BMP.8BI Bitmap File Handling Buffer Overflow - Securelist C:\Program Files\Adobe\Adobe Photoshop CS2\Modules externes\Formats de fichiers\BMP.8BI 16/08/2010 09:29:53 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\Program Files\Fichiers communs\Microsoft Shared\Office10\MSO.DLL 16/08/2010 09:31:04 Detected: Sun Java JDK / JRE Multiple Vulnerabilities - Securelist C:\Program Files\ImageJ\jre\bin\java.exe 16/08/2010 09:31:26 Detected: Sun Java JDK / JRE Multiple Vulnerabilities - Securelist C:\Program Files\Java\jre1.5.0_04\bin\java.exe 16/08/2010 09:31:34 Detected: Sun Java JDK / JRE Multiple Vulnerabilities - Securelist C:\Program Files\Java\jre1.6.0_06\bin\java.exe 16/08/2010 09:44:50 Detected: Adobe Shockwave Player Multiple Vulnerabilities - Securelist C:\WINDOWS\system32\Adobe\Director\np32dsw.dll 16/08/2010 09:44:50 Detected: Adobe Shockwave Player Multiple Vulnerabilities - Securelist C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll 16/08/2010 09:46:12 Detected: Adobe Flash Player Multiple Vulnerabilities - Securelist C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 16/08/2010 09:46:43 Detected: Backdoor.Win32.Sinowal.cc Unknown application 16/08/2010 09:46:43 Cannot be backed up: Backdoor.Win32.Sinowal.cc Unknown application 16/08/2010 09:57:45 Detected: QuickTime Player Streaming Debug Error Logging Buffer Overflow - Securelist C:\Program Files\QuickTime\QuickTimePlayer.exe 16/08/2010 10:02:03 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\Program Files\Fichiers communs\Microsoft Shared\Office10\MSO.DLL 16/08/2010 10:02:18 Detected: Backdoor.Win32.Sinowal.cc System Memory 16/08/2010 10:11:38 Task stopped 16/08/2010 10:43:11 Task started 16/08/2010 10:49:58 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\0a02c6854959fdbec0c4aa\i386\mso.dll 16/08/2010 10:50:55 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\2ef1e1e403e317bc875e6ecce72e36\i386\mso.dll 16/08/2010 10:51:52 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\36f9fb44f69174921f892299b37e36\i386\mso.dll 16/08/2010 10:52:50 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\4a39ddee6aa4d2e3319487\i386\mso.dll 16/08/2010 10:53:46 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\5c8c8b123be1ae7fad8f72f89e\i386\mso.dll 16/08/2010 10:54:43 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\69013ea13debcc39730c\i386\mso.dll 16/08/2010 11:46:27 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\e5cfccea16c63031d95372fb1c26\i386\mso.dll 16/08/2010 11:48:38 Detected: Adobe Photoshop BMP.8BI Bitmap File Handling Buffer Overflow - Securelist C:\Program Files\Adobe\Adobe Photoshop CS2\Modules externes\Formats de fichiers\BMP.8BI 16/08/2010 11:51:00 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\Program Files\Fichiers communs\Microsoft Shared\Office10\MSO.DLL 16/08/2010 11:52:12 Detected: Sun Java JDK / JRE Multiple Vulnerabilities - Securelist C:\Program Files\ImageJ\jre\bin\java.exe 16/08/2010 11:52:34 Detected: Sun Java JDK / JRE Multiple Vulnerabilities - Securelist C:\Program Files\Java\jre1.5.0_04\bin\java.exe 16/08/2010 11:52:43 Detected: Sun Java JDK / JRE Multiple Vulnerabilities - Securelist C:\Program Files\Java\jre1.6.0_06\bin\java.exe 16/08/2010 12:06:03 Detected: Adobe Shockwave Player Multiple Vulnerabilities - Securelist C:\WINDOWS\system32\Adobe\Director\np32dsw.dll 16/08/2010 12:06:03 Detected: Adobe Shockwave Player Multiple Vulnerabilities - Securelist C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll 16/08/2010 12:07:23 Detected: Adobe Flash Player Multiple Vulnerabilities - Securelist C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll 16/08/2010 12:07:55 Task completed Disinfect active threats: completed 1 hour ago (events: 10, objects: 3540, time: 00:14:53) 16/08/2010 10:11:37 Task started 16/08/2010 10:11:37 Detected: Backdoor.Win32.Sinowal.cc System Memory 16/08/2010 10:11:37 Disinfected: Backdoor.Win32.Sinowal.cc System Memory 16/08/2010 10:11:37 Disinfected: Backdoor.Win32.Sinowal.cc System Memory 16/08/2010 10:22:45 Detected: QuickTime Player Streaming Debug Error Logging Buffer Overflow - Securelist C:\Program Files\QuickTime\QuickTimePlayer.exe 16/08/2010 10:26:16 Detected: Microsoft Office OneNote URI Handling Vulnerability - Securelist C:\Program Files\Fichiers communs\Microsoft Shared\Office10\MSO.DLL 16/08/2010 10:26:30 Detected: Backdoor.Win32.Sinowal.knf \Device\Harddisk0\DR0 16/08/2010 10:26:30 Disinfected: Backdoor.Win32.Sinowal.knf \Device\Harddisk0\DR0 16/08/2010 10:26:30 Disinfected: Backdoor.Win32.Sinowal.knf \Device\Harddisk0\DR0 16/08/2010 10:26:30 Task completed

Pas d'infection detectée avec l'antiboot Pour les rapports il y a un fichier .doc ou quelque chose à copier/coller? J ai juste une fenetre "rapport détaillé" dont j ai copié les points critiques avant. Par contre y a des tonnes de points important genre faille posible d apres virusliste.com , en general ce sont des extensions mso.dll , il faut que je les recopie tous?

la procedure speciale est allée au bout (task completed) disinfected backdoor.win32.sinowal.cc type: file dans : System memory (2x le message) disinfected backdoor.win32.sinowal.knf dans: device\harddisk0\DR0 (2x le message) L'ordinateur a redémarré. Quelle est la marche à suivre ?

Bonjour pas vraiment une partie de plaisir ce logiciel , l ordi freeze encore souvent en plein processus. j ai du le lancer plusieurs fois pour avor une analyse complete voila ce qui a été trouvé Trojan.Win32.BHO.AVS dans C:\windows/system32/ascontest.dll Trojan-spy.win32.delf.wh dans c:/APPS/OFFICE-1\OonePDF\SETUP.EXE/300.exe/ a priori traité Sinon detected backdoor.win32.sinowal.cc file unknow application cannot be backed up backdoor.win32.sinowal.cc type:file dans: unknow application detect backdoor.win32.sinowal.cc type: file dans : System memory Demande alors une procedure speciale d erradication qui pour l'instant echoue car l ordi plante Dois je insister avec ce logiciel jusqu'a ce que cela fonctionne ?

rien dans les deux fichier 0/42 a chaque fois. Keskonfaidoncmaintenant?

Vraiment merci pour votre aide c est bon de pas se sentir seule face à Voila le rapport, y a rien qui apparait en rouge, par contre y a pleins de services.exe qui tourne toujours à fond . L'ordi plante toujours autant evidemment pour l instant KEKONFAIT?? SysProt AntiRootkit v1.0.1.0 by swatkat ****************************************************************************************** ****************************************************************************************** Process: Name: C:\Program Files\Alwil Software\Avast5\Setup\avast.setup PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No Name: C:\WINDOWS\system32\services.exe PID: 4 Hidden: Yes Window Visible: No ****************************************************************************************** ****************************************************************************************** No Hidden Kernel Modules found ****************************************************************************************** ****************************************************************************************** SSDT: Function Name: ZwClose Address: B5A74CD2 Driver Base: B5A6C000 Driver End: B5A93000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwCreateKey Address: B5A74B8E Driver Base: B5A6C000 Driver End: B5A93000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwDeleteKey Address: B5A75142 Driver Base: B5A6C000 Driver End: B5A93000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwDeleteValueKey Address: B5A7506C Driver Base: B5A6C000 Driver End: B5A93000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwDuplicateObject Address: B5A74764 Driver Base: B5A6C000 Driver End: B5A93000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwOpenKey Address: B5A74C68 Driver Base: B5A6C000 Driver End: B5A93000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwOpenProcess Address: B5A746A4 Driver Base: B5A6C000 Driver End: B5A93000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwOpenThread Address: B5A74708 Driver Base: B5A6C000 Driver End: B5A93000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwQueryValueKey Address: B5A74D88 Driver Base: B5A6C000 Driver End: B5A93000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwRenameKey Address: B5A75210 Driver Base: B5A6C000 Driver End: B5A93000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwRestoreKey Address: B5A74D48 Driver Base: B5A6C000 Driver End: B5A93000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS Function Name: ZwSetValueKey Address: B5A74EC8 Driver Base: B5A6C000 Driver End: B5A93000 Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS ****************************************************************************************** ****************************************************************************************** Kernel Hooks: Hooked Function: ZwLoadDriver At Address: 8058413A Jump To: B5A81AFE Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS Hooked Function: ZwCreateSection At Address: 805AB38E Jump To: B5A819C4 Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS Hooked Function: ZwCreateProcessEx At Address: 805D1134 Jump To: B5A81BA0 Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS Hooked Function: ZwClose At Address: 805BC502 Jump To: B5A7D5B4 Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS Hooked Function: PsCreateSystemThread At Address: 805D1134 Jump To: B5A81BA0 Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS Hooked Function: ObMakeTemporaryObject At Address: 805BC502 Jump To: B5A7D5B4 Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS Hooked Function: ObInsertObject At Address: 805C2F86 Jump To: B5A7EF6C Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS Hooked Function: ObCloseHandle At Address: 805BC502 Jump To: B5A7D5B4 Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS ****************************************************************************************** ****************************************************************************************** IRP Hooks: Hooked Module: C:\WINDOWS\system32\drivers\ACPI.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8A742050 Hooking Module: _unknown_ ****************************************************************************************** ****************************************************************************************** Ports: Local Address: 101403350324:1041 Remote Address: 213.155.157.42:HTTP Type: TCP Process: C:\WINDOWS\system32\services.exe State: ESTABLISHED Local Address: 101403350324:1033 Remote Address: MSNBOT-207-46-194-20.SEARCH.MSN.COM:HTTP Type: TCP Process: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe State: ESTABLISHED Local Address: 101403350324:1027 Remote Address: 213.155.157.41:HTTP Type: TCP Process: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe State: ESTABLISHED Local Address: 101403350324:NETBIOS-SSN Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: 101403350324:12995 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe State: LISTENING Local Address: 101403350324:12993 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe State: LISTENING Local Address: 101403350324:12563 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe State: LISTENING Local Address: 101403350324:12465 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe State: LISTENING Local Address: 101403350324:12143 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe State: LISTENING Local Address: 101403350324:12119 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe State: LISTENING Local Address: 101403350324:12110 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe State: LISTENING Local Address: 101403350324:12080 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe State: LISTENING Local Address: 101403350324:12025 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe State: LISTENING Local Address: 101403350324:5152 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\Program Files\Java\jre6\bin\jqs.exe State: LISTENING Local Address: 101403350324:1026 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\alg.exe State: LISTENING Local Address: 101403350324:65533 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\services.exe State: LISTENING Local Address: 101403350324:3389 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: 101403350324:3246 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\services.exe State: LISTENING Local Address: 101403350324:2479 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\services.exe State: LISTENING Local Address: 101403350324:1025 Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe State: LISTENING Local Address: 101403350324:MICROSOFT-DS Remote Address: 0.0.0.0:0 Type: TCP Process: System State: LISTENING Local Address: 101403350324:HTTPS Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe State: LISTENING Local Address: 101403350324:EPMAP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\svchost.exe State: LISTENING Local Address: 101403350324:HTTP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe State: LISTENING Local Address: 101403350324:SMTP Remote Address: 0.0.0.0:0 Type: TCP Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe State: LISTENING Local Address: 101403350324:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: 101403350324:138 Remote Address: NA Type: UDP Process: System State: NA Local Address: 101403350324:NETBIOS-NS Remote Address: NA Type: UDP Process: System State: NA Local Address: 101403350324:1900 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\svchost.exe State: NA Local Address: 101403350324:3776 Remote Address: NA Type: UDP Process: C:\WINDOWS\ehome\mcrdsvc.exe State: NA Local Address: 101403350324:3456 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\inetsrv\inetinfo.exe State: NA Local Address: 101403350324:MICROSOFT-DS Remote Address: NA Type: UDP Process: System State: NA Local Address: 101403350324:161 Remote Address: NA Type: UDP Process: C:\WINDOWS\system32\snmp.exe State: NA ****************************************************************************************** ****************************************************************************************** Hidden files/folders: Object: C:\Documents and Settings\Administrateur\Local Settings\Temp\7zOFE.tmp\Ke¦üp060.jpg Status: Hidden Object: C:\Program Files\IObit\IObit SmartDefrag\language\Lietuviu.lng Status: Hidden

c est de pire en pire ca plante tout le temps faire un scan releve de l exploit voici le resultat malwarebytes (en deux fois) rkill a été fait avant mais ne ferme rien a part rkill lui meme. puis le hijackthis fait derriere malwarebyte je suis paumé j ai des trucs relatifs à avg qui trainent or j ai plus cet antivirus depuis 6 mois Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 13/08/2010 16:04:51 mbam-log-2010-08-13 (16-04-51).txt Type d'examen: Examen rapide Elément(s) analysé(s): 267091 Temps écoulé: 37 minute(s), 34 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\office one 450 fonts_is1 (Worm.Archive) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\HelpAssistant\Menu Démarrer\Programmes\PlayMYDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant\Local Settings\Temp\nsb14.tmp\fpinstall.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant\Local Settings\Temp\nsb14.tmp\NSISArray.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant\Local Settings\Temp\nsb14.tmp\System.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant\Local Settings\Temp\nsb14.tmp\UserInfo.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 14/08/2010 09:56:10 mbam-log-2010-08-14 (09-56-10).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 433968 Temps écoulé: 2 heure(s), 10 minute(s), 17 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files\Adobe\Illustrator 10\Modules\Filtres Photoshop\Accentuation.8bf (Trojan.Spambot) -> Quarantined and deleted successfully. J enleve quoi? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:22:48, on 14/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe G:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [smartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Page introuvable | Facebook O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/55.16/uploader2.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{182B4B20-191E-4911-87A0-40334D95BE93}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{5C08FEC7-A387-41A1-AEBC-01E0AB918310}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{6E477B4F-C91E-4E9E-BF28-DAB703C5A67C}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{182B4B20-191E-4911-87A0-40334D95BE93}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 9238 bytes

voici les deux premiers rapports pour le dernier va prendre un peu de temps This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Bene on 13/08/2010 at 15:51:54. Processes terminated by Rkill or while it was running: C:\Documents and Settings\Bene\Bureau\rkill.com Rkill completed on 13/08/2010 at 15:51:59. Logfile of random's system information tool 1.08 (written by random/random) Run by Bene at 2010-08-13 15:52:46 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 36 GB (34%) free of 106 GB Total RAM: 2047 MB (21% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\AWC AutoSweep.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3433192668-1766448655-1704945531-1006.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3433192668-1766448655-1704945531-1006.job C:\WINDOWS\tasks\SmartDefrag.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-19 61888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-10 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-10 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160] {CCC7A320-B3CA-4199-B1A6-9F516DD69829} {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16 1067872] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-12 774233] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-12 7577600] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SmartRAM"=C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [2010-07-02 198864] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2010-01-07 12464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= scecli [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSMBalloonTip"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoResolveSearch"=1 "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\APPS\skype\phone\Skype.exe"="C:\APPS\skype\phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" ======List of files/folders created in the last 1 months====== 2010-08-13 15:52:53 ----D---- C:\Program Files\trend micro 2010-08-13 15:52:46 ----D---- C:\rsit 2010-08-13 15:21:53 ----D---- C:\Documents and Settings\Bene\Application Data\Malwarebytes 2010-08-13 15:21:39 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-08-13 15:21:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-08-13 15:21:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-13 15:21:35 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-08-13 14:10:24 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys 2010-08-13 14:10:23 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys 2010-08-13 14:10:21 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys 2010-08-13 14:10:19 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys 2010-08-13 14:10:15 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys 2010-08-13 14:10:15 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys 2010-08-13 14:10:14 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys 2010-08-13 14:09:25 ----A---- C:\WINDOWS\system32\aswBoot.exe 2010-08-12 21:36:26 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$ 2010-08-12 21:35:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$ 2010-08-12 21:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$ 2010-08-12 21:34:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$ 2010-08-12 21:09:52 ----D---- C:\f26f562aa4a7c9d9b2c5bd 2010-08-12 21:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$ 2010-08-12 21:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$ 2010-08-12 20:44:40 ----D---- C:\0e22cf1d7857e72efaf23ef0ca96fe 2010-08-12 20:39:50 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$ 2010-08-12 20:27:23 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 3 2010-08-12 20:12:36 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$ 2010-08-10 15:04:54 ----D---- C:\Documents and Settings\Bene\Application Data\Apple Computer 2010-08-10 14:15:57 ----A---- C:\UsbFix.txt 2010-08-10 08:00:46 ----D---- C:\Program Files\Fichiers communs\xing shared 2010-08-10 07:55:37 ----A---- C:\WINDOWS\system32\javaws.exe 2010-08-10 07:55:37 ----A---- C:\WINDOWS\system32\javaw.exe 2010-08-10 07:55:37 ----A---- C:\WINDOWS\system32\java.exe 2010-08-10 07:55:37 ----A---- C:\WINDOWS\system32\deployJava1.dll 2010-08-10 00:33:12 ----D---- C:\0a02c6854959fdbec0c4aa 2010-08-10 00:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-08-10 00:17:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$ 2010-08-10 00:16:38 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$ 2010-08-10 00:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-08-10 00:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-08-10 00:15:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$ 2010-08-10 00:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$ 2010-08-10 00:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-08-09 23:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-08-09 23:38:22 ----ASH---- C:\hiberfil.sys 2010-08-09 21:29:38 ----D---- C:\cb6a5be55bbd3ec03024d21b 2010-08-09 21:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979332_WM9L$ ======List of files/folders modified in the last 1 months====== 2010-08-13 15:52:53 ----RD---- C:\Program Files 2010-08-13 15:52:27 ----D---- C:\WINDOWS\Temp 2010-08-13 15:52:03 ----D---- C:\WINDOWS\Prefetch 2010-08-13 15:21:39 ----D---- C:\WINDOWS\system32\drivers 2010-08-13 14:23:45 ----D---- C:\WINDOWS 2010-08-13 14:10:02 ----SHD---- C:\WINDOWS\Installer 2010-08-13 14:10:02 ----HD---- C:\Config.msi 2010-08-13 14:09:57 ----D---- C:\WINDOWS\WinSxS 2010-08-13 14:09:25 ----AD---- C:\WINDOWS\system32 2010-08-13 14:09:01 ----D---- C:\WINDOWS\system32\inetsrv 2010-08-13 14:02:47 ----D---- C:\WINDOWS\Debug 2010-08-13 13:59:15 ----SD---- C:\WINDOWS\Tasks 2010-08-13 13:59:01 ----D---- C:\WINDOWS\system32\CatRoot2 2010-08-13 13:55:03 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-08-13 13:39:44 ----RSHD---- C:\WINDOWS\system32\dllcache 2010-08-13 13:39:44 ----D---- C:\Program Files\Movie Maker 2010-08-13 13:39:42 ----D---- C:\WINDOWS\system32\Setup 2010-08-13 12:43:42 ----D---- C:\WINDOWS\ehome 2010-08-13 12:33:36 ----HD---- C:\WINDOWS\inf 2010-08-13 12:30:38 ----D---- C:\Program Files\Ciel 2010-08-13 12:23:48 ----SD---- C:\Documents and Settings\Bene\Application Data\Microsoft 2010-08-13 12:20:19 ----D---- C:\WINDOWS\Microsoft.NET 2010-08-13 12:20:15 ----RSD---- C:\WINDOWS\assembly 2010-08-13 12:05:34 ----D---- C:\Program Files\Windows Media Player 2010-08-13 12:01:07 ----HD---- C:\Program Files\InstallShield Installation Information 2010-08-13 12:01:06 ----D---- C:\Program Files\Fichiers communs 2010-08-13 11:53:50 ----D---- C:\Documents and Settings\Bene\Application Data\Mozilla 2010-08-12 21:36:07 ----HD---- C:\WINDOWS\$hf_mig$ 2010-08-12 21:22:35 ----D---- C:\Program Files\Internet Explorer 2010-08-12 21:19:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-08-12 21:08:25 ----D---- C:\WINDOWS\ie8updates 2010-08-12 20:38:03 ----D---- C:\WINDOWS\system32\CatRoot 2010-08-12 20:24:34 ----D---- C:\Program Files\CCleaner 2010-08-10 22:27:18 ----SHD---- C:\WINDOWS\CSC 2010-08-10 20:41:31 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-08-10 20:41:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-08-10 14:19:11 ----D---- C:\UsbFix 2010-08-10 13:52:59 ----D---- C:\Documents and Settings\All Users\Application Data\NOS 2010-08-10 08:38:20 ----D---- C:\WINDOWS\network diagnostic 2010-08-10 08:08:42 ----D---- C:\Program Files\Windows Live 2010-08-10 08:07:01 ----D---- C:\WINDOWS\system32\DirectX 2010-08-10 08:02:50 ----D---- C:\Documents and Settings\All Users\Application Data\Real 2010-08-10 08:01:20 ----A---- C:\WINDOWS\system32\rmoc3260.dll 2010-08-10 08:01:02 ----A---- C:\WINDOWS\system32\pndx5032.dll 2010-08-10 08:01:02 ----A---- C:\WINDOWS\system32\pndx5016.dll 2010-08-10 08:00:57 ----D---- C:\Program Files\Real 2010-08-10 07:59:54 ----A---- C:\WINDOWS\system32\pncrt.dll 2010-08-10 07:57:12 ----D---- C:\Program Files\Fichiers communs\Java 2010-08-10 00:35:51 ----D---- C:\WINDOWS\system32\CatRoot_bak 2010-08-10 00:11:13 ----D---- C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2010-08-10 00:11:10 ----D---- C:\Program Files\Microsoft Office 2010-08-09 21:31:12 ----SHD---- C:\DRIVERS 2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe 2010-07-27 08:30:01 ----A---- C:\WINDOWS\system32\shell32.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] R0 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] R0 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] R0 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] R0 ohci1394;Contrôleurs hôte IEEE 1394 compatible OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872] R0 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] R0 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744] R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-21 142848] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-28 5760] R3 NETw3x32;Pilote de carte réseau Intel® PRO/Wireless 3945ABG pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-27 1709696] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-12 3675776] R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544] R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328] R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-06-01 894336] R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912] R3 SynMini;USB2.0 VGA WebCam; C:\WINDOWS\System32\Drivers\SynMini.sys [2006-07-03 1056512] R3 SynScan;USB2.0 VGA WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2006-06-30 8064] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-12 193056] R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-04-19 47488] R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-05-18 110976] R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632] R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-05-09 62848] R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612] R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-05-09 40192] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [] S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [] S1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [] S1 jrmqfqpi;jrmqfqpi; \??\C:\WINDOWS\system32\drivers\jrmqfqpi.sys [] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MMPSY;MMPSY; \??\C:\DOCUME~1\Bene\LOCALS~1\Temp\mmpsy.sys [] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 rspMMFS;rspMMFS; C:\WINDOWS\system32\DRIVERS\RspMmFs.sys [2009-11-13 20024] S3 rspSanity;rspSanity; C:\WINDOWS\system32\DRIVERS\rspSanity32.sys [2009-11-12 27192] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712] S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568] R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424] R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872] R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-10 153376] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2008-08-04 164896] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-12 143426] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872] R2 SNMP;Service SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152] R2 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112] R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808] S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-03-02 72704] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-04-28 704872] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 SNMPTRAP;Service d'interruption SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

BOn alors je vous prévient je suis une quiche absolu en informatique j y capte que dalle alors faudra etre patient! Mon ordi ralenti freezze, bloque et fini par se planter totalement parfois dans un doux son genre ziiiiiiiiiii qui vous vrille les oreilles Seule solution, hard reboot, car evidemment ctl alt sup ne fonctionne plus en faisant tourner avast je trouve rien , en faisant tourner des logiciels en ligne je trouve rien services.exe tourne a fond (~900Mo)et tout ce qui est video, ou photo (picasa) plante rapidement la bécane Bref ca me gonfle j y comprend rien et je trouve rien. voici le rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:36:07, on 13/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\taskmgr.exe G:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [smartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Page introuvable | Facebook O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/55.16/uploader2.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{182B4B20-191E-4911-87A0-40334D95BE93}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{5C08FEC7-A387-41A1-AEBC-01E0AB918310}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{6E477B4F-C91E-4E9E-BF28-DAB703C5A67C}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{182B4B20-191E-4911-87A0-40334D95BE93}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 9220 bytes

BOn alors je vous prévient je suis une quiche absolu en informatique j y capte que dalle alors faudra etre patient! Mon ordi ralenti freezze, bloque et fini par se planter totalement parfois dans un doux son genre ziiiiiiiiiii qui vous vrille les oreilles Seule solution, hard reboot, car evidemment ctl alt sup ne fonctionne plus en faisant tourner avast je trouve rien , en faisant tourner des logiciels en ligne je trouve rien services.exe tourne a fond (~900Mo)et tout ce qui est video, ou photo (picasa) plante rapidement la bécane Bref ca me gonfle j y comprend rien et je trouve rien. voici le rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:36:07, on 13/08/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\taskmgr.exe G:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [smartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Page introuvable | Facebook O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/55.16/uploader2.cab O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{182B4B20-191E-4911-87A0-40334D95BE93}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{5C08FEC7-A387-41A1-AEBC-01E0AB918310}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{6E477B4F-C91E-4E9E-BF28-DAB703C5A67C}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{182B4B20-191E-4911-87A0-40334D95BE93}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 9220 bytes