rapport HijackThis

N08 · le 23 février 2007

Bonjour,

Mon pc ayant tous les signes d'une infection (ralentissement et instabilité d'internet), j'ai suivi la procédure préliminaire d'analyse conseillé par megataupe. Me voici donc en possession du fichier .log que je vous soumets. Merci d'avance pour votre aide. Cordialement

Logfile of HijackThis v1.99.1

Scan saved at 12:54:00, on 23/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe

C:\Program Files\Softwin\BitDefender8\bdoesrv.exe

C:\Program Files\Softwin\BitDefender8\bdswitch.exe

C:\WINDOWS\VM_STI.EXE

C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Fichiers communs\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\BbDevMgr.exe

C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe

c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe

C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender8\vsserv.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HijackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.univ-savoie.fr/Portail/login_pa...ookie_login__=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer par NUMERICABLE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {8B4FA6F6-83C4-4BD3-852B-726562EA101D} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [eCarteBleue-SG-P3] "C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe" /dontopenmycards

O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe

O4 - HKLM\..\Run: [bDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe

O4 - HKLM\..\Run: [bDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe

O4 - HKLM\..\Run: [qsmQ32X] ncouinit.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Eree] C:\Documents and Settings\Nico\Application Data\suso.exe

O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Fichiers communs\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe

O4 - Global Startup: TrayMin300.exe.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: GoTranslate - {21C9EF41-92BE-11d3-9AB8-005004B85154} - http://ut.gotranslate.com/utd/ieutd-b.htm (file missing)

O9 - Extra 'Tools' menuitem: GoTranslate - {21C9EF41-92BE-11d3-9AB8-005004B85154} - http://ut.gotranslate.com/utd/ieutd-b.htm (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: PackageHtmlCab - http://acces.blonde.com/package/PackageHtmlCab.CAB

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.0 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab

O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...AdSignerADP.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr/app/upl...ileUploader.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Thanos · le 23 février 2007

salut

C'est normal que ton pc rame!! il y a trop de protections qui ont la même fonction et de plus, le pc est infecté entre autres par Edgaccess !

Stp poste moi ces deux rapports >

Télécharge Blacklight (de F-Secure); clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

Télécharge et lance DiagHelp comme montré dans ce tutoriel> http://www.malekal.com/DiagHelp/DiagHelp.php

Ne lance que l'option 1 et poste le rapport stp.

Note: n'ouvre pas d'autres topic stp, reste sur celui ci .Pour répondre : clique sur le bouton "Répondre" qui se trouve entre "Flash" et "Nouveau"

un coucou à angélique!

Modifié le 23 février 2007 par charles ingals

N08 · le 23 février 2007

Hello,

Merci pour le coup de main...

Voilà le rapport BlackLight fsbl-20070223123402.log

02/23/07 13:34:02 [info]: BlackLight Engine 1.0.55 initialized

02/23/07 13:34:02 [info]: OS: 5.1 build 2600 (Service Pack 2)

02/23/07 13:34:02 [Note]: 7019 4

02/23/07 13:34:02 [Note]: 7005 0

02/23/07 13:34:02 [Note]: 7006 0

02/23/07 13:34:02 [Note]: 7011 1828

02/23/07 13:34:03 [Note]: 7026 0

02/23/07 13:34:14 [Note]: FSRAW library version 1.7.1021

02/23/07 13:43:57 [Note]: 2000 1012

02/23/07 13:43:57 [Note]: 7007 0

en revanche pour le rapport diaghelp il y aurait un pb. Je lance conformément au tutorial mais lorsque je valide l'option 1 sur l'écran dos, ce dernier se ferme et point. J'attends devant ma machine la création du rapport mais pour l'instant rien.

J'attends tes commentaires et instructions

Thanos · le 23 février 2007

ok! poste moi un rapport comme ceci alors >

Télécharge WinPFind3U.exe sur ton bureau.

Double clique sur le fichier téléchargé : un dossier nommé WinPFind3U va apparaitre sur ton bureau.
Ouvre le dossier et double clique sur le fichier WinPFind3U.exe pour lancer le programme.
Sous le groupe Files Created Within sélectionne 90 days
Sous le groupe Files Modified Within sélectionne 90 days
Sous le groupe String Search sélectionne Non-Microsoft
A présent clique sur le bouton Run Scan dans la barre d'outils
Lorsque le scan est terminé,le bloc-notes s'ouvre et affiche le rapport.
Clique sur le menu "Format" et assure toi que la case "Retour automatique à la ligne" ne soit pas cochée.
Copie/Colle le contenu du rapport dans ta prochaine réponse.

N08 · le 23 février 2007

et zou..

WinPFind3 logfile created on: 23/02/2007 14:08:13

WinPFind3U by OldTimer - Version 1.0.18 Folder = C:\Documents and Settings\Nico\Bureau\WinPFind3u\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 7.0.5730.11)

523628 Kb Total Physical Memory | 132020 Kb Available Physical Memory | 25,21% Memory free

1279100 Kb Paging File | 801640 Kb Available in Paging File | 62,67% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 29302528 Kb Total Space | 16463652 Kb Free Space | 56,19% Space Free

Drive D: | 87915680 Kb Total Space | 32219057 Kb Free Space | 36,65% Space Free

Drive E: | 644978 Kb Total Space | 0 Kb Free Space | 0,00% Space Free

Unable to calculate disk information.

[Processes - Non-Microsoft Only]

acrord32.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 7.0.7.2006011300 | Size = 65536 bytes | Modified Date = 13/01/2006 09:39:10 | Attr = ]

acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 5.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 49254 bytes | Modified Date = 15/03/2001 07:18:18 | Attr = ]

agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.25 2.1.25 02/14/2003 11:58:58 | Size = 88107 bytes | Modified Date = 14/02/2003 10:59:00 | Attr = ]

apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 06/06/2005 22:46:24 | Attr = ]

avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 353792 bytes | Modified Date = 19/02/2007 12:08:56 | Attr = ]

avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 19/02/2007 12:09:02 | Attr = ]

avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 324096 bytes | Modified Date = 19/02/2007 12:11:12 | Attr = ]

avgfwsrv.exe -> %ProgramFiles%\Grisoft\AVG7\avgfwsrv.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 811008 bytes | Modified Date = 19/02/2007 12:11:12 | Attr = ]

avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.437 | Size = 200704 bytes | Modified Date = 19/02/2007 12:08:56 | Attr = ]

avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 19/02/2007 12:09:04 | Attr = ]

bbdevmgr.exe -> %CommonProgramFiles%\Research In Motion\USB Drivers\BbDevMgr.exe -> Research In Motion Limited [Ver = 1.2.0.15 | Size = 176213 bytes | Modified Date = 14/09/2004 16:27:10 | Attr = ]

bdoesrv.exe -> %ProgramFiles%\Softwin\BitDefender8\bdoesrv.exe -> [Ver = | Size = 86016 bytes | Modified Date = 05/08/2004 17:28:58 | Attr = ]

bdss.exe -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 69632 bytes | Modified Date = 12/02/2005 18:00:34 | Attr = ]

bdswitch.exe -> %ProgramFiles%\Softwin\BitDefender8\bdswitch.exe -> [Ver = | Size = 33280 bytes | Modified Date = 17/03/2005 21:01:36 | Attr = ]

ecb-sg.exe -> %ProgramFiles%\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe -> Orbiscom Ltd. All rights reserved. [Ver = 2, 2, 1, 0, 93 | Size = 184320 bytes | Modified Date = 20/12/2002 08:52:18 | Attr = ]

jucheck.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 241775 bytes | Modified Date = 10/11/2005 13:03:52 | Attr = ]

jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 13:03:52 | Attr = ]

kpf4gui.exe -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4gui.exe -> Kerio Technologies [Ver = 4.2.1 | Size = 2887680 bytes | Modified Date = 26/09/2005 10:57:18 | Attr = ]

kpf4ss.exe -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4ss.exe -> Kerio Technologies [Ver = 4.2.1 | Size = 1617920 bytes | Modified Date = 26/09/2005 11:00:28 | Attr = ]

mad.exe -> %ProgramFiles%\Numericable\Mon Assistant Internet\bin\mad.exe -> Motive Communications, Inc. [Ver = 5.08.01 | Size = 2375680 bytes | Modified Date = 22/10/2004 17:44:04 | Attr = ]

motivesb.exe -> %ProgramFiles%\Numericable\Mon Assistant Internet\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.8.11.asst_classic.smartbridge.20041022_173000 | Size = 393216 bytes | Modified Date = 22/10/2004 17:43:12 | Attr = ]

motive~1.exe -> %ProgramFiles%\Motive\AsstCommon\MotiveDirectory.exe -> Motive Communications, Inc. [Ver = 5.01.00 | Size = 245760 bytes | Modified Date = 22/10/2004 17:44:04 | Attr = ]

nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 69632 bytes | Modified Date = 02/04/2003 14:40:00 | Attr = ]

rimdevicemanager.exe -> %CommonProgramFiles%\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe -> Research In Motion Limited [Ver = 4.0.0.32 (Release build by unknown) | Size = 680063 bytes | Modified Date = 25/10/2004 16:10:02 | Attr = ]

traymin200.exe -> %ProgramFiles%\Philips\SPC 200NC PC Camera\TrayMin200.exe -> [Ver = 1, 0, 0, 4 | Size = 278528 bytes | Modified Date = 12/07/2005 19:54:32 | Attr = ]

version traduite originale.exe -> %ProgramFiles%\HijackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 220160 bytes | Modified Date = 03/03/2005 18:36:58 | Attr = ]

virtualexpander.exe -> %System32%\VirtualExpander\VirtualExpander.exe -> Sony Corporation [Ver = 1, 0, 0, 0 | Size = 430080 bytes | Modified Date = 31/03/2005 13:32:22 | Attr = ]

vm_sti.exe -> %SystemRoot%\VM_STI.EXE -> BIGDOG [Ver = 4, 2, 610, 4 | Size = 40960 bytes | Modified Date = 09/06/2004 15:37:02 | Attr = ]

vsserv.exe -> %ProgramFiles%\Softwin\BitDefender8\vsserv.exe -> [Ver = | Size = 118784 bytes | Modified Date = 29/03/2005 14:07:02 | Attr = ]

winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.18.0 | Size = 308736 bytes | Modified Date = 12/02/2007 21:39:14 | Attr = ]

xcommsvr.exe -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> Softwin [Ver = 1, 7, 0, 6 | Size = 69632 bytes | Modified Date = 24/02/2004 16:36:48 | Attr = ]

[Win32 Services - Non-Microsoft Only]

(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 20/08/2004 00:09:52 | Attr = ]

[Registry - Non-Microsoft Only]

< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 06/06/2005 22:46:24 | Attr = ]

AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.25 2.1.25 02/14/2003 11:58:58 | Size = 88107 bytes | Modified Date = 14/02/2003 10:59:00 | Attr = ]

AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 19/02/2007 12:09:02 | Attr = ]

BDNewsAgent -> %ProgramFiles%\Softwin\BitDefender8\bdnagent.exe -> [Ver = | Size = 4608 bytes | Modified Date = 20/04/2004 16:00:46 | Attr = ]

BDOESRV -> %ProgramFiles%\Softwin\BitDefender8\bdoesrv.exe -> [Ver = | Size = 86016 bytes | Modified Date = 05/08/2004 17:28:58 | Attr = ]

BDSwitchAgent -> %ProgramFiles%\Softwin\BitDefender8\bdswitch.exe -> [Ver = | Size = 33280 bytes | Modified Date = 17/03/2005 21:01:36 | Attr = ]

BigDogPath -> %SystemRoot%\VM_STI.EXE -> BIGDOG [Ver = 4, 2, 610, 4 | Size = 40960 bytes | Modified Date = 09/06/2004 15:37:02 | Attr = ]

eCarteBleue-SG-P3 -> %ProgramFiles%\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe -> Orbiscom Ltd. All rights reserved. [Ver = 2, 2, 1, 0, 93 | Size = 184320 bytes | Modified Date = 20/12/2002 08:52:18 | Attr = ]

EoComputer -> -> File not found

EoEngine -> -> File not found

Motive SmartBridge -> %ProgramFiles%\Numericable\Mon Assistant Internet\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.8.11.asst_classic.smartbridge.20041022_173000 | Size = 393216 bytes | Modified Date = 22/10/2004 17:43:12 | Attr = ]

NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 4616192 bytes | Modified Date = 02/04/2003 14:40:00 | Attr = ]

qsmQ32X -> ncouinit.exe -> File not found

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 13:03:52 | Attr = ]

< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\

IMAIL -> Installed = 1 ->

MAPI -> Installed = 1 ->

MSFS -> Installed = 1 ->

< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Eree -> %UserAppData%\suso.exe -> File not found

RIMDeviceManager -> %CommonProgramFiles%\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe -> Research In Motion Limited [Ver = 4.0.0.32 (Release build by unknown) | Size = 680063 bytes | Modified Date = 25/10/2004 16:10:02 | Attr = ]

< Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

%AllUsersStartup%\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 5.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 49254 bytes | Modified Date = 15/03/2001 07:18:18 | Attr = ]

%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 21:05:26 | Attr = ]

%AllUsersStartup%\Mon Assistant Internet.lnk -> %ProgramFiles%\Numericable\Mon Assistant Internet\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.8.11.asst_classic.asst_matcli.20041022_173000 | Size = 217088 bytes | Modified Date = 22/10/2004 17:44:04 | Attr = ]

%AllUsersStartup%\TrayMin300.exe.lnk -> %ProgramFiles%\Philips\SPC 200NC PC Camera\TrayMin200.exe -> [Ver = 1, 0, 0, 4 | Size = 278528 bytes | Modified Date = 12/07/2005 19:54:32 | Attr = ]

< User Startup > -> C:\Documents and Settings\Nico\Menu Démarrer\Programmes\Démarrage

%UserStartup%\VirtualExpander.lnk -> %System32%\VirtualExpander\VirtualExpander.exe -> Sony Corporation [Ver = 1, 0, 0, 0 | Size = 430080 bytes | Modified Date = 31/03/2005 13:32:22 | Attr = ]

< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command

regfile [merge] -> Reg Data - Key not found ->

scrfile [open] -> "%1" /S ->

scrfile [config] -> "%1" ->

txtfile [open] -> %System32%\NOTEPAD.EXE -> File not found

*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->

NewLinkHere -> -> File not found

%1 -> -> File not found

*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->

Briefcase_Create -> -> File not found

%2!d! -> -> File not found

%1 -> -> File not found

< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->

{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->

{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->

{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->

{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->

{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->

{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ->

{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->

{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->

{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->

{89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ->

<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->

>{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ->

>{60B49E34-C7CC-11D0-8953-00A0C90347FF} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->

< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW

*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->

-a -> -> File not found

< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

BootExecute -> autocheck autochk *; ->

< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->

sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 73728 bytes | Modified Date = 31/03/2005 19:13:50 | Attr = ]

< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders

< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->

Control_RunDLL -> -> File not found

< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->

< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->

-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->

< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\

0 -> [Key] ->

0 -> FriendlyName = Ma page d'accueil ->

0 -> Source = About:Home ->

0 -> SubscribedURL = About:Home ->

< HOSTS File > ->

-> Hosts file not found ->

< Internet Explorer Settings > ->

HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->

HKLM: Search Bar -> ->

HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->

HKLM: SearchAssistant -> http://www.google.com/ie ->

HKCU: Search Bar -> http://www.google.com/ie ->

HKCU: Search Page -> http://www.google.com ->

HKCU: Start Page -> https://www.univ-savoie.fr/Portail/login_pa...ookie_login__=1 ->

HKCU: SearchAssistant -> http://www.google.com/ie ->

HKCU: ProxyEnable -> 0 ->

HKCU: ProxyOverride -> 127.0.0.1 ->

< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

msn.com [ - ] -> ->

< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

sony-europe.com [*] -> ->

sonystyle-europe.com [*] -> ->

vaio-link.com [*] -> ->

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12/01/2006 19:38:22 | Attr = ]

{2E03C0FD-4C48-43A7-9A54-00240C70FF16} [HKLM] -> %System32%\BhoECart.dll [ECarteBleueBrowserHelper Class] -> Orbiscom Ltd. All rights reserved. [Ver = 2, 2, 1, 0, 93 | Size = 69632 bytes | Modified Date = 20/12/2002 08:49:12 | Attr = ]

{64F56FC1-1272-44CD-BA6E-39723696E350} [HKLM] -> Reg Data - Value does not exist [EoBho Class] -> File not found

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [sSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 13:22:10 | Attr = ]

{8B4FA6F6-83C4-4BD3-852B-726562EA101D} [HKLM] -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found

< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 04/08/2005 20:54:42 | Attr = ]

< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\

ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 04/08/2005 20:54:42 | Attr = ]

< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8194 - Console Java (Sun) ->

{21C9EF41-92BE-11d3-9AB8-005004B85154} -> 8193 - GoTranslate ->

{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8195 - Windows Messenger ->

NextId -> 8198 ->

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 13:22:10 | Attr = ]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 13:22:10 | Attr = ]

{21C9EF41-92BE-11d3-9AB8-005004B85154} -> http:\ut.gotranslate.com\utd\ieutd-b.htm [buttonText: GoTranslate] -> File not found

{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found

< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\

&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found

Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found

E&xporter vers Microsoft Excel -> -> File not found

< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

{043308A2-3CF7-4ED5-A668-2B4FB0BD307A} [HKLM] -> Reg Data - Key not found [dBpowerAMP dAP Scripting] -> File not found

{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [barre des tâches et menu Démarrer] -> File not found

{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Explorateur de Bureau] -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 462919 bytes | Modified Date = 02/04/2003 14:40:00 | Attr = ]

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 462919 bytes | Modified Date = 02/04/2003 14:40:00 | Attr = ]

{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found

{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Extension Affichage Panorama du Panneau de configuration] -> File not found

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} [HKLM] -> Reg Data - Key not found [shell Extension for Malware scanning] -> File not found

{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Extensions de l'environnement de compression de fichiers] -> File not found

{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Comptes d'utilisateurs] -> File not found

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Menu contextuel de cryptage] -> File not found

{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [Extension icône HyperTerminal] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 19/02/2007 12:09:02 | Attr = ]

{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 19/02/2007 12:09:02 | Attr = ]

{AB77609F-2178-4E6F-9C4B-44AC179D937A} [HKLM] -> Reg Data - Key not found [a² Context Menu Shell Extension] -> File not found

{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> Reg Data - Key not found [LDVP Shell Extensions] -> File not found

{D653647D-D607-4DF6-A5B8-48D2BA195F7B} [HKLM] -> %ProgramFiles%\Softwin\BitDefender8\bdshelxt.dll [bitDefender Antivirus v8] -> SOFTWIN S.R.L. [Ver = 1, 0, 0, 0 | Size = 53248 bytes | Modified Date = 02/08/2004 21:20:22 | Attr = ]

{E4000AC4-5E5F-4956-807A-C5854405D64F} [HKLM] -> %System32%\VirtualExpander\VEShellExt.dll [VirtualExpanderFile.1] -> Sony Corporation [Ver = 1, 0, 0, 0 | Size = 73728 bytes | Modified Date = 23/12/2005 17:09:30 | Attr = ]

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealOne Player\rpshellext.dll [shell Extensions for RealOne Player] -> RealNetworks [Ver = 1.0.0.447 | Size = 45105 bytes | Modified Date = 10/04/2003 15:01:52 | Attr = ]

{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> Reg Data - Key not found [dBpowerAMP Popup Info] -> File not found

< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 19/02/2007 12:09:02 | Attr = ]

{D653647D-D607-4DF6-A5B8-48D2BA195F7B} [HKLM] -> %ProgramFiles%\Softwin\BitDefender8\bdshelxt.dll [bitDefender Antivirus v8] -> SOFTWIN S.R.L. [Ver = 1, 0, 0, 0 | Size = 53248 bytes | Modified Date = 02/08/2004 21:20:22 | Attr = ]

{E4000AC4-5E5F-4956-807A-C5854405D64F} [HKLM] -> %System32%\VirtualExpander\VEShellExt.dll [VirtualExpander] -> Sony Corporation [Ver = 1, 0, 0, 0 | Size = 73728 bytes | Modified Date = 23/12/2005 17:09:30 | Attr = ]

< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 19/02/2007 12:09:02 | Attr = ]

{D653647D-D607-4DF6-A5B8-48D2BA195F7B} [HKLM] -> %ProgramFiles%\Softwin\BitDefender8\bdshelxt.dll [bitDefender Antivirus v8] -> SOFTWIN S.R.L. [Ver = 1, 0, 0, 0 | Size = 53248 bytes | Modified Date = 02/08/2004 21:20:22 | Attr = ]

< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14/12/2004 01:20:02 | Attr = ]

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\

{3D701FD5-0627-4DBA-9281-E628F1B7A417} -> (Motorola SurfBoard 4200 USB Cable Modem) ->

{5D98981F-3590-4B4F-A045-8BD29CA54CC8} -> (Intel® PRO/100 VE Network Connection) ->

{650474A5-BD10-4AF4-A6EA-C47AABBE456A} -> () ->

{BBB7EC5A-4E11-4CC9-B508-2540B7CBF4F4} -> (Carte réseau 1394) ->

< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\

ipp -> Reg Data - Key not found -> File not found

msdaipp -> Reg Data - Key not found -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\

{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab ->

{106E49CF-797A-11D2-81A2-00E02C015623} -> AlternaTIFF ActiveX - CodeBase = http://www.alternatiff.com/install/00/alttiff.cab ->

{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab ->

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab ->

{469C7080-8EC8-43A6-AD97-45848113743C} -> - CodeBase = http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab ->

{4B48D5DF-9021-45F7-A240-60304302A215} -> MalwareCleaner Class - CodeBase = http://www.microsoft.com/security/controls/WebCleaner.cab ->

{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab ->

{74D05D43-3236-11D4-BDCD-00C04F9A3B61} -> HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{8EB3FF4E-86A1-4717-884D-7BA2D38272CB} -> F-Secure Online Scanner - CodeBase = http://support.f-secure.com/ols/fscax.cab ->

{92E7E45A-D8C8-480E-AF99-176E43997CAA} -> Aurigma Image Uploader 3.0 Combo Control - CodeBase = http://www.pixdiscount.fr/clients/ImageUploader3.cab ->

{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -> Aurigma Image Uploader 3.0 Control - CodeBase = http://www.pixdiscount.fr/clients/ImageUploader3.cab ->

{B79A53C0-1DAC-4636-BACE-FD086A7A79BF} -> AdSignerLCContrl Class - CodeBase = https://static.impots.gouv.fr/tdir/static/a...AdSignerADP.cab ->

{C36112BF-2FA3-4694-8603-3B510EA3B465} -> Lycos File Upload Component - CodeBase = http://f012.mail.caramail.lycos.fr/app/upl...ileUploader.cab ->

{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->

DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->

Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

PackageHtmlCab -> - CodeBase = http://acces.blonde.com/package/PackageHtmlCab.CAB ->

teleir_cert -> - CodeBase = https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab ->

[Files - Created Within 90 days]

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536268800 bytes | Created Date = 02/01/1601 23:00:00 | Attr = HS]

AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1536 bytes | Created Date = 19/02/2007 12:09:12 | Attr = ]

blbetac.exe -> %UserDesktop%\blbetac.exe -> F-Secure Corporation [Ver = 2, 2, 1055, 0 | Size = 682872 bytes | Created Date = 23/02/2007 13:33:00 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\blbetac.exe:Zone.Identifier ->

DiagHelp.zip -> %UserDesktop%\DiagHelp.zip -> [Ver = | Size = 379489 bytes | Created Date = 23/02/2007 13:36:41 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\DiagHelp.zip:Zone.Identifier ->

EClea2_0.exe -> %UserDesktop%\EClea2_0.exe -> InstallShield Software Corporation [Ver = 10.01.238 | Size = 2951802 bytes | Created Date = 09/02/2007 13:54:17 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\EClea2_0.exe:Zone.Identifier ->

Hijackthis Version Française.lnk -> %UserDesktop%\Hijackthis Version Française.lnk -> [Ver = | Size = 925 bytes | Created Date = 23/02/2007 12:53:15 | Attr = ]

HijackThisFR.exe -> %UserDesktop%\HijackThisFR.exe -> Pc-Help-Bordeaux [Ver = | Size = 506140 bytes | Created Date = 23/02/2007 10:52:13 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\HijackThisFR.exe:Zone.Identifier ->

morphing1.avi -> %UserDesktop%\morphing1.avi -> [Ver = | Size = 7958528 bytes | Created Date = 16/02/2007 19:24:07 | Attr = ]

winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Created Date = 23/02/2007 14:07:04 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 12/02/2007 18:20:32 | Attr = ]

QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 12/02/2007 18:20:32 | Attr = H ]

avgfwafu.dll -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.407 | Size = 110592 bytes | Created Date = 19/02/2007 12:11:11 | Attr = ]

apphelp.sdb -> %System32%\dllcache\apphelp.sdb -> [Ver = | Size = 217118 bytes | Created Date = 09/02/2007 13:50:16 | Attr = ]

apph_sp.sdb -> %System32%\dllcache\apph_sp.sdb -> [Ver = | Size = 764868 bytes | Created Date = 09/02/2007 13:50:16 | Attr = ]

sysmain.sdb -> %System32%\dllcache\sysmain.sdb -> [Ver = | Size = 1197294 bytes | Created Date = 09/02/2007 13:50:16 | Attr = ]

avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 19/02/2007 12:09:11 | Attr = ]

avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Created Date = 19/02/2007 12:09:08 | Attr = ]

avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 19/02/2007 12:11:10 | Attr = ]

[Files - Modified Within 90 days]

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536268800 bytes | Modified Date = 23/02/2007 12:49:06 | Attr = HS]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 163840 bytes | Modified Date = 04/02/2007 11:10:30 | Attr = ]

IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4240656 bytes | Modified Date = 23/02/2007 12:42:16 | Attr = H ]

desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 112 bytes | Modified Date = 22/12/2006 17:48:44 | Attr = HS]

Mes dossiers de partage.lnk -> %UserDocuments%\Mes dossiers de partage.lnk -> [Ver = | Size = 577 bytes | Modified Date = 23/02/2007 12:51:42 | Attr = ]

nico_2005-2006.pst -> %UserDocuments%\nico_2005-2006.pst -> [Ver = | Size = 32768 bytes | Modified Date = 30/12/2006 11:33:50 | Attr = ]

AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1536 bytes | Modified Date = 19/02/2007 12:09:14 | Attr = ]

blbetac.exe -> %UserDesktop%\blbetac.exe -> F-Secure Corporation [Ver = 2, 2, 1055, 0 | Size = 682872 bytes | Modified Date = 23/02/2007 14:02:46 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\blbetac.exe:Zone.Identifier ->

DiagHelp.zip -> %UserDesktop%\DiagHelp.zip -> [Ver = | Size = 379489 bytes | Modified Date = 23/02/2007 13:36:52 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\DiagHelp.zip:Zone.Identifier ->

EClea2_0.exe -> %UserDesktop%\EClea2_0.exe -> InstallShield Software Corporation [Ver = 10.01.238 | Size = 2951802 bytes | Modified Date = 09/02/2007 13:54:24 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\EClea2_0.exe:Zone.Identifier ->

Hijackthis Version Française.lnk -> %UserDesktop%\Hijackthis Version Française.lnk -> [Ver = | Size = 925 bytes | Modified Date = 23/02/2007 12:53:16 | Attr = ]

HijackThisFR.exe -> %UserDesktop%\HijackThisFR.exe -> Pc-Help-Bordeaux [Ver = | Size = 506140 bytes | Modified Date = 23/02/2007 10:52:18 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\HijackThisFR.exe:Zone.Identifier ->

morphing1.avi -> %UserDesktop%\morphing1.avi -> [Ver = | Size = 7958528 bytes | Modified Date = 16/02/2007 19:24:18 | Attr = ]

winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Modified Date = 23/02/2007 14:07:08 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 23/02/2007 12:49:08 | Attr = S]

@Alternate Data Stream - 7305 bytes -> %SystemRoot%\bootstat.dat:rnznxx ->

QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 12/02/2007 18:20:34 | Attr = ]

QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/02/2007 18:20:34 | Attr = H ]

win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 809 bytes | Modified Date = 09/02/2007 13:49:30 | Attr = ]

WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 21/12/2006 19:21:46 | Attr = ]

amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 09/02/2007 14:14:06 | Attr = ]

avgfwafu.dll -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.407 | Size = 110592 bytes | Modified Date = 19/02/2007 12:11:12 | Attr = ]

nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 09/02/2007 14:14:06 | Attr = ]

wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 23/02/2007 12:50:32 | Attr = ]

avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 19/02/2007 12:09:08 | Attr = ]

avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 19/02/2007 12:09:08 | Attr = ]

avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 27776 bytes | Modified Date = 19/02/2007 12:09:10 | Attr = ]

avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 19/02/2007 12:09:12 | Attr = ]

avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Modified Date = 19/02/2007 12:09:10 | Attr = ]

avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 19/02/2007 12:11:12 | Attr = ]

fwdrv.err -> %System32%\drivers\fwdrv.err -> [Ver = | Size = 1942 bytes | Modified Date = 23/02/2007 11:24:14 | Attr = ]

[File String Scan - Non-Microsoft Only]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\DPL COLLOQ SPORT ET DOPA.1.pdf:Zone.Identifier ->

UPX0 , -> %UserDocuments%\FATIGUE 2004.ppt -> [Ver = | Size = 5864960 bytes | Modified Date = 08/04/2004 18:07:12 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\justif amende radar.html:Zone.Identifier ->

@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\blbetac.exe:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\DiagHelp.zip:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\EClea2_0.exe:Zone.Identifier ->

Thawte Consulting , -> %UserDesktop%\EClea2_0.exe -> InstallShield Software Corporation [Ver = 10.01.238 | Size = 2951802 bytes | Modified Date = 09/02/2007 13:54:24 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\HijackThisFR.exe:Zone.Identifier ->

@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Adobe PSEle2.log:uzwqrq ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\b2_t_SPYBOTSD.EXE&614.xml:hinoln ->

@Alternate Data Stream - 7305 bytes -> %SystemRoot%\bootstat.dat:rnznxx ->

@Alternate Data Stream - 3547 bytes -> %SystemRoot%\clock.avi:koksrh ->

WSUD , -> %SystemRoot%\dcjmb.txt -> [Ver = | Size = 3547 bytes | Modified Date = 23/01/2005 03:38:48 | Attr = HS]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\desktop.ini:bnqfct ->

WSUD , -> %SystemRoot%\dgvvs.log -> [Ver = | Size = 3547 bytes | Modified Date = 08/01/2005 11:13:40 | Attr = HS]

WSUD , -> %SystemRoot%\dnjnq.txt -> [Ver = | Size = 3547 bytes | Modified Date = 21/01/2005 18:33:54 | Attr = HS]

WSUD , -> %SystemRoot%\dnmlk.txt -> [Ver = | Size = 3547 bytes | Modified Date = 01/01/2005 15:29:38 | Attr = HS]

WSUD , -> %SystemRoot%\eimdt.log -> [Ver = | Size = 3547 bytes | Modified Date = 17/01/2005 22:16:26 | Attr = HS]

@Alternate Data Stream - 11592 bytes -> %SystemRoot%\ffbyj.dat:eqjjgg ->

WSUD , -> %SystemRoot%\ffbyj.dat -> [Ver = | Size = 3547 bytes | Modified Date = 22/01/2005 03:19:28 | Attr = HS]

@Alternate Data Stream - 7305 bytes -> %SystemRoot%\Granit vert.bmp:wrcwar ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\KB823182.log:fnmpfr ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\KB824146.log:xofciu ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\msgsocm.log:lhano ->

@Alternate Data Stream - 11592 bytes -> %SystemRoot%\ODBCINST.INI:dujgpc ->

WSUD , -> %SystemRoot%\ooaap.txt -> [Ver = | Size = 3547 bytes | Modified Date = 25/01/2005 14:43:40 | Attr = HS]

@Alternate Data Stream - 7305 bytes -> %SystemRoot%\orun32.ini:vvtmjm ->

@Alternate Data Stream - 3547 bytes -> %SystemRoot%\pgzgn.dat:ovmrmo ->

WSUD , -> %SystemRoot%\pgzgn.dat -> [Ver = | Size = 3547 bytes | Modified Date = 15/01/2005 01:55:14 | Attr = HS]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Q329390.log:owyiv ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Q810565.log:yzzsq ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Q828026.log:ophnk ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->

@Alternate Data Stream - 7305 bytes -> %SystemRoot%\Windows Update.log:fyvnzp ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\wmsetup.log:bysmbx ->

WSUD , -> %SystemRoot%\xegya.log -> [Ver = | Size = 3547 bytes | Modified Date = 28/12/2004 16:07:50 | Attr = HS]

WSUD , -> %SystemRoot%\xfzrg.txt -> [Ver = | Size = 3547 bytes | Modified Date = 15/01/2005 15:26:20 | Attr = HS]

WSUD , -> %SystemRoot%\zpxgl.txt -> [Ver = | Size = 3547 bytes | Modified Date = 28/12/2004 08:34:24 | Attr = HS]

PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]

WSUD , -> %System32%\okmkl.log -> [Ver = | Size = 3547 bytes | Modified Date = 19/01/2005 21:55:04 | Attr = HS]

WSUD , -> %System32%\qijpg.dat -> [Ver = | Size = 3547 bytes | Modified Date = 10/01/2005 17:47:44 | Attr = HS]

UPX! , UPX0 , -> %System32%\t3odm.dll -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 30/04/2004 20:46:24 | Attr = ]

@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->

winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]

WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]

UPX0 , -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 809394 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]

UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 19/02/2007 12:09:08 | Attr = ]

PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04/08/2004 06:41:38 | Attr = ]

< End of report >

Thanos · le 23 février 2007

salut

Si tu veux conserver AVG7 et Avg Firewall, désinstalle Bitdefender 8 et Kério : ils ralentissent ton pc et risquent de le faire planter!

Passe par "Ajouter ou Supprimer des Programmes"(Panneau de Configuration) et désinstalle les logiciels que tu ne comptes pas garder : il ne doit y avoir qu'un parfeu et qu'un antivirus qui fonctionnent!

Va jusqu'au bout et si tu rencontres un problème, n'hésite pas à me le dire

Tu as deux possiblités pour consulter les instructions qui suivent:

-Soit tu copie/colles le contenu de la procédure dans un fichier texte(que tu met sur le bureau) pour pouvoir le consulter en mode sans échec(tu n'auras pas accès à internet!).

-Tu peux également enregistrer la page web complète, sur laquelle se trouve la procédure,

en le faisant à partir de ton navigateur :

-Aller en haut de page et cliquer sur le menu"Fichier" : une liste apparait=>

-Choisis "Enregistrer sous" et choisis "Bureau".

-Ensuite cliquer sur le bouton "Enregistrer" à droite du champs "nom du fichier".

Pour lire la procédure en mode sans échec, tu n'auras qu'à double cliquer sur le fichier Papport HijackThis (avec l'icone de ton navigateur) situé sur le bureau.(tu noteras qu'un nouveau dossier va se créer sur le bureau en plus du fichier : c'est normal!) De cette manière, tu conserveras toutes les mises en formes et les couleurs de la procédure, et cela permettra de t'y retrouver.

--------------------------------------------------------------------------------------------------------------------------

La procédure:

-Télécharge ATF Cleaner by Atribune sur ton bureau.

-Télécharge AVG anti-spyware et sauvegarde le sur ton bureau.

Une fois AVG Anti-Spyware téléchargé,repère son icône sur le bureau et double clique dessus pour lancer l'installation.
Une fois l'installation terminée, AVG Anti-Spyware va se lancer: il faut mettre le programme à jour.
Sur l'écran principal sélectionne le menu "Mise à jour", puis clique sur le bouton "Commencer la mise à jour" sous "Mise à jour manuelle".
La mise à jour va commencer(il est possible que tu reçoives une alerte de ton parefeu: accepte la connexion au serveur).
Une fois la mise à jour faite, sélectionne le menu "Analyse" puis clique sur l'onglet "Paramètres".
Sous "Comment réagir", choisis "Quarantaine"
Sous "Rapports" clique sur "Générer un rapport après chaque analyse".
décoche la case "Uniquement en cas de menace".
Ferme AVG Anti-Spyware et ne lance pas de scan maintenant!

- Démarre WinPFind3U en double cliquant sur WinPFind3U.exe et copie/colle le texte ci dessous (ne copie pas le mot code)

dans le Panneau Paste fix here , puis clique sur le bouton Run Fix.

[Kill Explorer]
[Win32 Services - Non-Microsoft Only]
YY -> (Boonty Games) Boonty Games [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\BOONTY Shared\Service\Boonty.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> qsmQ32X -> ncouinit.exe
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {469C7080-8EC8-43A6-AD97-45848113743C} -> - CodeBase = http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
YN -> PackageHtmlCab -> - CodeBase = http://acces.blonde.com/package/PackageHtmlCab.CAB
[File String Scan - Non-Microsoft Only]
NY -> WSUD , -> %SystemRoot%\dcjmb.txt
NY -> WSUD , -> %SystemRoot%\dgvvs.log
NY -> WSUD , -> %SystemRoot%\dnjnq.txt
NY -> WSUD , -> %SystemRoot%\dnmlk.txt
NY -> WSUD , -> %SystemRoot%\eimdt.log
NY -> WSUD , -> %SystemRoot%\ffbyj.dat
NY -> WSUD , -> %SystemRoot%\ooaap.txt
NY -> WSUD , -> %SystemRoot%\pgzgn.dat
NY -> WSUD , -> %SystemRoot%\xegya.log
NY -> WSUD , -> %SystemRoot%\xfzrg.txt
NY -> WSUD , -> %SystemRoot%\zpxgl.txt
NY -> WSUD , -> %System32%\okmkl.log
NY -> WSUD , -> %System32%\qijpg.dat
[Reboot]

Le Fix va se faire rapidement,puis il te sera demandé de redémarrer ton pc : accepte en cliquant sur Yes

Étape 1:

*Redémarre le PC, impérativement en mode sans échec,(au démarrage, tapoter immédiatement la touche F8,puis apparaitra un écran avec choix de démarrages : choisir "Mode sans échec" avec les flèches du clavier, puis valider avec "Entrée".

Choisir le compte usuel (et non Administrateur).

en cas de problème pour sélectionner le mode sans échec, appliquer la procédure de Symantec "Comment démarrer l'ordinateur en mode sans échec"

(n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

Étape 2:

Double-clique ATF Cleaner afin de lancer le programme.
Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :
Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :
Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

* Si l'onglet "Firefox" est grisé dans ATF,nettoie le cache et les cookies dans Firefox comme ceci :

Ouvre Firefox et clique sur Outils=> Options
Clique sur l'onglet Vie Privée
clique sur le bouton Vider le cache dans l'onglet "Historique"
clique sur le bouton Supprimer les cookies dans l'onglet "Cookies"
clique sur le bouton Vider le cache dans l'onglet "Cache"
clique sur le bouton Ok pour fermer la fenêtre des options et valider tes choix.

Étape 3:

Lance AVG Anti-Spyware en double-cliquant sur son icône.

IMPORTANT:ne lance aucun autre programme pendant qu' AVG Anti-Spyware scanne le pc.

Sélectionne le menu "Analyse" puis sous l'onglet "Analyser", choisis "Analyse complête du système".
AVG Anti-Spyware va scanner ton (tes) disque dur(s).Le scan prendra un certain temps, donc sois patient.
Une fois le scan terminé,en bas de page, assure toi de voir "Quarantaine" 'à droite de "Configurer tous les", sinon fais ce choix manuellement. (c'est important!)
Clique sur le bouton "Appliquer toutes les actions".
Maintenant clique sur "Enregistrer le rapport" puis "Enregistrer le rapport sous" et choisis le Bureau.
Ferme le programme et redémarre ton pc normalement.

Étape 4:

Redémarre normalement et stp poste :

- un nouveau rapport hijackthis

- le rapport de Avg AS

- Poste le rapport qui se trouve dans le dossier WinPFind3u( c'est un rapport qui a pour nom la date du jour\mois\année\heure).

- Fais ce scan en ligne >

Fais un scan en ligne avec Panda :

http://www.pandasoftware.fr/Activescan/Activescan.html .

Et poste le rapport qu'il t'affichera à la fin, pour cela, assure toi que IE est correctement configuré pour le scan en ligne comme indiqué ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId898809 .

Si tu n'y arrives pas, le tuto est : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId237368

@+

Modifié le 23 février 2007 par charles ingals

N08 · le 24 février 2007

Bonjour

Merci pour les infos. J'ai réussi à faire ce que tu m'as demandé SAUF désinstaller bitdefender8. Cette application n'apparait pas dans le menu installer-desintaller programme, et bien entendu lorsque j'essaie de supprimer le repertoire C:/program files/softwin/bitdefender8 un message d'erreur apparait certifiant que certains fichiers sont actuellement en cours d'utilisation. Y a t'il une solution?

Je te poste ci après les rapports demandés et je commence le scan en ligne. @ + tard

Rapport Hijackthis :

Logfile of HijackThis v1.99.1

Scan saved at 10:37:46, on 24/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Softwin\BitDefender8\vsserv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe

C:\Program Files\Softwin\BitDefender8\bdoesrv.exe

C:\Program Files\Softwin\BitDefender8\bdswitch.exe

C:\WINDOWS\VM_STI.EXE

C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Fichiers communs\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe

C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe

c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe

C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\BbDevMgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe