pc ralenti rapport Hijackthis + WinPFind3 + BlackLight

[N08]

Bonjour à tou(te)s

 

Ma machine rame de + en +, j'ai effectué les premiers nettoyages et tests demandés, je suis actuellement dispo pour effectuer ce qu'il serait bon de faire pour régler ces pb. Merci d'avance.

 

Rapport Hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 12:54:00, on 23/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe

C:\Program Files\Softwin\BitDefender8\bdoesrv.exe

C:\Program Files\Softwin\BitDefender8\bdswitch.exe

C:\WINDOWS\VM_STI.EXE

C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Fichiers communs\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\BbDevMgr.exe

C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe

c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe

C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender8\vsserv.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HijackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.univ-savoie.fr/Portail/login_pa...ookie_login__=1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer par NUMERICABLE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {8B4FA6F6-83C4-4BD3-852B-726562EA101D} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [eCarteBleue-SG-P3] "C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe" /dontopenmycards

O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe

O4 - HKLM\..\Run: [bDNewsAgent] C:\progra~1\softwin\bitdef~1\bdnagent.exe

O4 - HKLM\..\Run: [bDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe

O4 - HKLM\..\Run: [qsmQ32X] ncouinit.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Eree] C:\Documents and Settings\Nico\Application Data\suso.exe

O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Fichiers communs\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe

O4 - Global Startup: TrayMin300.exe.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: GoTranslate - {21C9EF41-92BE-11d3-9AB8-005004B85154} - http://ut.gotranslate.com/utd/ieutd-b.htm (file missing)

O9 - Extra 'Tools' menuitem: GoTranslate - {21C9EF41-92BE-11d3-9AB8-005004B85154} - http://ut.gotranslate.com/utd/ieutd-b.htm (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: PackageHtmlCab - http://acces.blonde.com/package/PackageHtmlCab.CAB

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.0 Combo Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.pixdiscount.fr/clients/ImageUploader3.cab

O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...AdSignerADP.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr/app/upl...ileUploader.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

 

 

Rapport BlackLight :

02/23/07 13:34:02 [info]: BlackLight Engine 1.0.55 initialized

02/23/07 13:34:02 [info]: OS: 5.1 build 2600 (Service Pack 2)

02/23/07 13:34:02 [Note]: 7019 4

02/23/07 13:34:02 [Note]: 7005 0

02/23/07 13:34:02 [Note]: 7006 0

02/23/07 13:34:02 [Note]: 7011 1828

02/23/07 13:34:03 [Note]: 7026 0

02/23/07 13:34:03 [Note]: 7026 0

02/23/07 13:34:14 [Note]: FSRAW library version 1.7.1021

02/23/07 13:43:57 [Note]: 2000 1012

02/23/07 13:43:57 [Note]: 7007 0

 

Rapport WinPFind3 :

WinPFind3 logfile created on: 23/02/2007 14:08:13

WinPFind3U by OldTimer - Version 1.0.18 Folder = C:\Documents and Settings\Nico\Bureau\WinPFind3u\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 7.0.5730.11)

 

523628 Kb Total Physical Memory | 132020 Kb Available Physical Memory | 25,21% Memory free

1279100 Kb Paging File | 801640 Kb Available in Paging File | 62,67% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 29302528 Kb Total Space | 16463652 Kb Free Space | 56,19% Space Free

Drive D: | 87915680 Kb Total Space | 32219057 Kb Free Space | 36,65% Space Free

Drive E: | 644978 Kb Total Space | 0 Kb Free Space | 0,00% Space Free

Unable to calculate disk information.

 

 

[Processes - Non-Microsoft Only]

acrord32.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 7.0.7.2006011300 | Size = 65536 bytes | Modified Date = 13/01/2006 09:39:10 | Attr = ]

acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 5.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 49254 bytes | Modified Date = 15/03/2001 07:18:18 | Attr = ]

agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.25 2.1.25 02/14/2003 11:58:58 | Size = 88107 bytes | Modified Date = 14/02/2003 10:59:00 | Attr = ]

apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 06/06/2005 22:46:24 | Attr = ]

avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 353792 bytes | Modified Date = 19/02/2007 12:08:56 | Attr = ]

avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 19/02/2007 12:09:02 | Attr = ]

avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 324096 bytes | Modified Date = 19/02/2007 12:11:12 | Attr = ]

avgfwsrv.exe -> %ProgramFiles%\Grisoft\AVG7\avgfwsrv.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 811008 bytes | Modified Date = 19/02/2007 12:11:12 | Attr = ]

avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.437 | Size = 200704 bytes | Modified Date = 19/02/2007 12:08:56 | Attr = ]

avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 19/02/2007 12:09:04 | Attr = ]

bbdevmgr.exe -> %CommonProgramFiles%\Research In Motion\USB Drivers\BbDevMgr.exe -> Research In Motion Limited [Ver = 1.2.0.15 | Size = 176213 bytes | Modified Date = 14/09/2004 16:27:10 | Attr = ]

bdoesrv.exe -> %ProgramFiles%\Softwin\BitDefender8\bdoesrv.exe -> [Ver = | Size = 86016 bytes | Modified Date = 05/08/2004 17:28:58 | Attr = ]

bdss.exe -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 69632 bytes | Modified Date = 12/02/2005 18:00:34 | Attr = ]

bdswitch.exe -> %ProgramFiles%\Softwin\BitDefender8\bdswitch.exe -> [Ver = | Size = 33280 bytes | Modified Date = 17/03/2005 21:01:36 | Attr = ]

ecb-sg.exe -> %ProgramFiles%\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe -> Orbiscom Ltd. All rights reserved. [Ver = 2, 2, 1, 0, 93 | Size = 184320 bytes | Modified Date = 20/12/2002 08:52:18 | Attr = ]

jucheck.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 241775 bytes | Modified Date = 10/11/2005 13:03:52 | Attr = ]

jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 13:03:52 | Attr = ]

kpf4gui.exe -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4gui.exe -> Kerio Technologies [Ver = 4.2.1 | Size = 2887680 bytes | Modified Date = 26/09/2005 10:57:18 | Attr = ]

kpf4gui.exe -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4gui.exe -> Kerio Technologies [Ver = 4.2.1 | Size = 2887680 bytes | Modified Date = 26/09/2005 10:57:18 | Attr = ]

kpf4ss.exe -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4ss.exe -> Kerio Technologies [Ver = 4.2.1 | Size = 1617920 bytes | Modified Date = 26/09/2005 11:00:28 | Attr = ]

mad.exe -> %ProgramFiles%\Numericable\Mon Assistant Internet\bin\mad.exe -> Motive Communications, Inc. [Ver = 5.08.01 | Size = 2375680 bytes | Modified Date = 22/10/2004 17:44:04 | Attr = ]

motivesb.exe -> %ProgramFiles%\Numericable\Mon Assistant Internet\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.8.11.asst_classic.smartbridge.20041022_173000 | Size = 393216 bytes | Modified Date = 22/10/2004 17:43:12 | Attr = ]

motive~1.exe -> %ProgramFiles%\Motive\AsstCommon\MotiveDirectory.exe -> Motive Communications, Inc. [Ver = 5.01.00 | Size = 245760 bytes | Modified Date = 22/10/2004 17:44:04 | Attr = ]

nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 69632 bytes | Modified Date = 02/04/2003 14:40:00 | Attr = ]

rimdevicemanager.exe -> %CommonProgramFiles%\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe -> Research In Motion Limited [Ver = 4.0.0.32 (Release build by unknown) | Size = 680063 bytes | Modified Date = 25/10/2004 16:10:02 | Attr = ]

traymin200.exe -> %ProgramFiles%\Philips\SPC 200NC PC Camera\TrayMin200.exe -> [Ver = 1, 0, 0, 4 | Size = 278528 bytes | Modified Date = 12/07/2005 19:54:32 | Attr = ]

version traduite originale.exe -> %ProgramFiles%\HijackThis\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 220160 bytes | Modified Date = 03/03/2005 18:36:58 | Attr = ]

virtualexpander.exe -> %System32%\VirtualExpander\VirtualExpander.exe -> Sony Corporation [Ver = 1, 0, 0, 0 | Size = 430080 bytes | Modified Date = 31/03/2005 13:32:22 | Attr = ]

vm_sti.exe -> %SystemRoot%\VM_STI.EXE -> BIGDOG [Ver = 4, 2, 610, 4 | Size = 40960 bytes | Modified Date = 09/06/2004 15:37:02 | Attr = ]

vsserv.exe -> %ProgramFiles%\Softwin\BitDefender8\vsserv.exe -> [Ver = | Size = 118784 bytes | Modified Date = 29/03/2005 14:07:02 | Attr = ]

winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.18.0 | Size = 308736 bytes | Modified Date = 12/02/2007 21:39:14 | Attr = ]

xcommsvr.exe -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> Softwin [Ver = 1, 7, 0, 6 | Size = 69632 bytes | Modified Date = 24/02/2004 16:36:48 | Attr = ]

 

[Win32 Services - Non-Microsoft Only]

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 353792 bytes | Modified Date = 19/02/2007 12:08:56 | Attr = ]

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 19/02/2007 12:09:04 | Attr = ]

(AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.437 | Size = 200704 bytes | Modified Date = 19/02/2007 12:08:56 | Attr = ]

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 324096 bytes | Modified Date = 19/02/2007 12:11:12 | Attr = ]

(AVGFwSrv) AVG Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgfwsrv.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.429 | Size = 811008 bytes | Modified Date = 19/02/2007 12:11:12 | Attr = ]

(bdss) BitDefender Scan Server [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 69632 bytes | Modified Date = 12/02/2005 18:00:34 | Attr = ]

(Boonty Games) Boonty Games [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\BOONTY Shared\Service\Boonty.exe -> BOONTY [Ver = 2.60.030 | Size = 69120 bytes | Modified Date = 27/10/2006 17:21:28 | Attr = ]

(dmadmin) Service d'administration du Gestionnaire de disque logique [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 20/08/2004 00:09:52 | Attr = ]

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr = ]

(KPF4) Kerio Personal Firewall 4 [Win32_Own | Auto | Running] -> %ProgramFiles%\Kerio\Personal Firewall 4\kpf4ss.exe -> Kerio Technologies [Ver = 4.2.1 | Size = 1617920 bytes | Modified Date = 26/09/2005 11:00:28 | Attr = ]

(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 69632 bytes | Modified Date = 02/04/2003 14:40:00 | Attr = ]

(VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> %ProgramFiles%\Softwin\BitDefender8\vsserv.exe -> [Ver = | Size = 118784 bytes | Modified Date = 29/03/2005 14:07:02 | Attr = ]

(XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> Softwin [Ver = 1, 7, 0, 6 | Size = 69632 bytes | Modified Date = 24/02/2004 16:36:48 | Attr = ]

 

[Registry - Non-Microsoft Only]

< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 06/06/2005 22:46:24 | Attr = ]

AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.25 2.1.25 02/14/2003 11:58:58 | Size = 88107 bytes | Modified Date = 14/02/2003 10:59:00 | Attr = ]

AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 19/02/2007 12:09:02 | Attr = ]

BDNewsAgent -> %ProgramFiles%\Softwin\BitDefender8\bdnagent.exe -> [Ver = | Size = 4608 bytes | Modified Date = 20/04/2004 16:00:46 | Attr = ]

BDOESRV -> %ProgramFiles%\Softwin\BitDefender8\bdoesrv.exe -> [Ver = | Size = 86016 bytes | Modified Date = 05/08/2004 17:28:58 | Attr = ]

BDSwitchAgent -> %ProgramFiles%\Softwin\BitDefender8\bdswitch.exe -> [Ver = | Size = 33280 bytes | Modified Date = 17/03/2005 21:01:36 | Attr = ]

BigDogPath -> %SystemRoot%\VM_STI.EXE -> BIGDOG [Ver = 4, 2, 610, 4 | Size = 40960 bytes | Modified Date = 09/06/2004 15:37:02 | Attr = ]

eCarteBleue-SG-P3 -> %ProgramFiles%\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe -> Orbiscom Ltd. All rights reserved. [Ver = 2, 2, 1, 0, 93 | Size = 184320 bytes | Modified Date = 20/12/2002 08:52:18 | Attr = ]

EoComputer -> -> File not found

EoEngine -> -> File not found

Motive SmartBridge -> %ProgramFiles%\Numericable\Mon Assistant Internet\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.8.11.asst_classic.smartbridge.20041022_173000 | Size = 393216 bytes | Modified Date = 22/10/2004 17:43:12 | Attr = ]

NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 4616192 bytes | Modified Date = 02/04/2003 14:40:00 | Attr = ]

qsmQ32X -> ncouinit.exe -> File not found

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 13:03:52 | Attr = ]

< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\

IMAIL -> Installed = 1 ->

MAPI -> Installed = 1 ->

MSFS -> Installed = 1 ->

< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Eree -> %UserAppData%\suso.exe -> File not found

RIMDeviceManager -> %CommonProgramFiles%\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe -> Research In Motion Limited [Ver = 4.0.0.32 (Release build by unknown) | Size = 680063 bytes | Modified Date = 25/10/2004 16:10:02 | Attr = ]

< Common Startup > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

%AllUsersStartup%\Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 5.0\Distillr\AcroTray.exe -> Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 49254 bytes | Modified Date = 15/03/2001 07:18:18 | Attr = ]

%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 21:05:26 | Attr = ]

%AllUsersStartup%\Mon Assistant Internet.lnk -> %ProgramFiles%\Numericable\Mon Assistant Internet\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.8.11.asst_classic.asst_matcli.20041022_173000 | Size = 217088 bytes | Modified Date = 22/10/2004 17:44:04 | Attr = ]

%AllUsersStartup%\TrayMin300.exe.lnk -> %ProgramFiles%\Philips\SPC 200NC PC Camera\TrayMin200.exe -> [Ver = 1, 0, 0, 4 | Size = 278528 bytes | Modified Date = 12/07/2005 19:54:32 | Attr = ]

< User Startup > -> C:\Documents and Settings\Nico\Menu Démarrer\Programmes\Démarrage

%UserStartup%\VirtualExpander.lnk -> %System32%\VirtualExpander\VirtualExpander.exe -> Sony Corporation [Ver = 1, 0, 0, 0 | Size = 430080 bytes | Modified Date = 31/03/2005 13:32:22 | Attr = ]

< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command

regfile [merge] -> Reg Data - Key not found ->

scrfile [open] -> "%1" /S ->

scrfile [config] -> "%1" ->

txtfile [open] -> %System32%\NOTEPAD.EXE -> File not found

*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->

NewLinkHere -> -> File not found

%1 -> -> File not found

*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->

Briefcase_Create -> -> File not found

%2!d! -> -> File not found

%1 -> -> File not found

< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\

{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->

{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->

{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->

{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->

{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->

{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->

{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub ->

{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->

{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->

{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->

{89820200-ECBD-11cf-8B85-00AA005B4383} -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ->

<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -> C:\WINDOWS\system32\ieudinit.exe

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->

>{26923b43-4d38-484f-9b9e-de460746276c} -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ->

>{60B49E34-C7CC-11D0-8953-00A0C90347FF} -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->

< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW

*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->

-a -> -> File not found

< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

BootExecute -> autocheck autochk *; ->

< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->

sockspy.dll -> %System32%\sockspy.dll -> [Ver = | Size = 73728 bytes | Modified Date = 31/03/2005 19:13:50 | Attr = ]

< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders

< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->

Control_RunDLL -> -> File not found

< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->

< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->

-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->

< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\

0 -> [Key] ->

0 -> FriendlyName = Ma page d'accueil ->

0 -> Source = About:Home ->

0 -> SubscribedURL = About:Home ->

< HOSTS File > ->

-> Hosts file not found ->

< Internet Explorer Settings > ->

HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->

HKLM: Search Bar -> ->

HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->

HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->

HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->

HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->

HKLM: SearchAssistant -> http://www.google.com/ie ->

HKCU: Search Bar -> http://www.google.com/ie ->

HKCU: Search Page -> http://www.google.com ->

HKCU: Start Page -> https://www.univ-savoie.fr/Portail/login_pa...ookie_login__=1 ->

HKCU: SearchAssistant -> http://www.google.com/ie ->

HKCU: ProxyEnable -> 0 ->

HKCU: ProxyOverride -> 127.0.0.1 ->

< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

msn.com [ - ] -> ->

< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

sony-europe.com [*] -> ->

sonystyle-europe.com [*] -> ->

vaio-link.com [*] -> ->

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12/01/2006 19:38:22 | Attr = ]

{2E03C0FD-4C48-43A7-9A54-00240C70FF16} [HKLM] -> %System32%\BhoECart.dll [ECarteBleueBrowserHelper Class] -> Orbiscom Ltd. All rights reserved. [Ver = 2, 2, 1, 0, 93 | Size = 69632 bytes | Modified Date = 20/12/2002 08:49:12 | Attr = ]

{64F56FC1-1272-44CD-BA6E-39723696E350} [HKLM] -> Reg Data - Value does not exist [EoBho Class] -> File not found

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [sSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 13:22:10 | Attr = ]

{8B4FA6F6-83C4-4BD3-852B-726562EA101D} [HKLM] -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found

< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar

{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 04/08/2005 20:54:42 | Attr = ]

< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\

ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found

WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar avec bloqueur de fenêtres pop-up] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 04/08/2005 20:54:42 | Attr = ]

< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8194 - Console Java (Sun) ->

{21C9EF41-92BE-11d3-9AB8-005004B85154} -> 8193 - GoTranslate ->

{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8195 - Windows Messenger ->

NextId -> 8198 ->

< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10/11/2005 13:22:10 | Attr = ]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Console Java (Sun)] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 13:22:10 | Attr = ]

{21C9EF41-92BE-11d3-9AB8-005004B85154} -> http:\ut.gotranslate.com\utd\ieutd-b.htm [buttonText: GoTranslate] -> File not found

{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found

< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\

&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found

Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found

E&xporter vers Microsoft Excel -> -> File not found

< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

{043308A2-3CF7-4ED5-A668-2B4FB0BD307A} [HKLM] -> Reg Data - Key not found [dBpowerAMP dAP Scripting] -> File not found

{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [barre des tâches et menu Démarrer] -> File not found

{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Explorateur de Bureau] -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 462919 bytes | Modified Date = 02/04/2003 14:40:00 | Attr = ]

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> NVIDIA Corporation [Ver = 6.14.01.4351 | Size = 462919 bytes | Modified Date = 02/04/2003 14:40:00 | Attr = ]

{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found

{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Extension Affichage Panorama du Panneau de configuration] -> File not found

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} [HKLM] -> Reg Data - Key not found [shell Extension for Malware scanning] -> File not found

{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Extensions de l'environnement de compression de fichiers] -> File not found

{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Comptes d'utilisateurs] -> File not found

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Menu contextuel de cryptage] -> File not found

{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [Extension icône HyperTerminal] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 19/02/2007 12:09:02 | Attr = ]

{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 19/02/2007 12:09:02 | Attr = ]

{AB77609F-2178-4E6F-9C4B-44AC179D937A} [HKLM] -> Reg Data - Key not found [a² Context Menu Shell Extension] -> File not found

{BDA77241-42F6-11d0-85E2-00AA001FE28C} [HKLM] -> Reg Data - Key not found [LDVP Shell Extensions] -> File not found

{D653647D-D607-4DF6-A5B8-48D2BA195F7B} [HKLM] -> %ProgramFiles%\Softwin\BitDefender8\bdshelxt.dll [bitDefender Antivirus v8] -> SOFTWIN S.R.L. [Ver = 1, 0, 0, 0 | Size = 53248 bytes | Modified Date = 02/08/2004 21:20:22 | Attr = ]

{E4000AC4-5E5F-4956-807A-C5854405D64F} [HKLM] -> %System32%\VirtualExpander\VEShellExt.dll [VirtualExpanderFile.1] -> Sony Corporation [Ver = 1, 0, 0, 0 | Size = 73728 bytes | Modified Date = 23/12/2005 17:09:30 | Attr = ]

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> %ProgramFiles%\Real\RealOne Player\rpshellext.dll [shell Extensions for RealOne Player] -> RealNetworks [Ver = 1.0.0.447 | Size = 45105 bytes | Modified Date = 10/04/2003 15:01:52 | Attr = ]

{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> Reg Data - Key not found [dBpowerAMP Popup Info] -> File not found

< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 19/02/2007 12:09:02 | Attr = ]

{D653647D-D607-4DF6-A5B8-48D2BA195F7B} [HKLM] -> %ProgramFiles%\Softwin\BitDefender8\bdshelxt.dll [bitDefender Antivirus v8] -> SOFTWIN S.R.L. [Ver = 1, 0, 0, 0 | Size = 53248 bytes | Modified Date = 02/08/2004 21:20:22 | Attr = ]

{E4000AC4-5E5F-4956-807A-C5854405D64F} [HKLM] -> %System32%\VirtualExpander\VEShellExt.dll [VirtualExpander] -> Sony Corporation [Ver = 1, 0, 0, 0 | Size = 73728 bytes | Modified Date = 23/12/2005 17:09:30 | Attr = ]

< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 19/02/2007 12:09:02 | Attr = ]

{D653647D-D607-4DF6-A5B8-48D2BA195F7B} [HKLM] -> %ProgramFiles%\Softwin\BitDefender8\bdshelxt.dll [bitDefender Antivirus v8] -> SOFTWIN S.R.L. [Ver = 1, 0, 0, 0 | Size = 53248 bytes | Modified Date = 02/08/2004 21:20:22 | Attr = ]

< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14/12/2004 01:20:02 | Attr = ]

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\

{3D701FD5-0627-4DBA-9281-E628F1B7A417} -> (Motorola SurfBoard 4200 USB Cable Modem) ->

{5D98981F-3590-4B4F-A045-8BD29CA54CC8} -> (Intel® PRO/100 VE Network Connection) ->

{650474A5-BD10-4AF4-A6EA-C47AABBE456A} -> () ->

{BBB7EC5A-4E11-4CC9-B508-2540B7CBF4F4} -> (Carte réseau 1394) ->

< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\

ipp -> Reg Data - Key not found -> File not found

msdaipp -> Reg Data - Key not found -> File not found

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\

{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase = http://office.microsoft.com/templates/ieawsdc.cab ->

{106E49CF-797A-11D2-81A2-00E02C015623} -> AlternaTIFF ActiveX - CodeBase = http://www.alternatiff.com/install/00/alttiff.cab ->

{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab ->

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab ->

{469C7080-8EC8-43A6-AD97-45848113743C} -> - CodeBase = http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab ->

{4B48D5DF-9021-45F7-A240-60304302A215} -> MalwareCleaner Class - CodeBase = http://www.microsoft.com/security/controls/WebCleaner.cab ->

{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab ->

{74D05D43-3236-11D4-BDCD-00C04F9A3B61} -> HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab ->

{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{8EB3FF4E-86A1-4717-884D-7BA2D38272CB} -> F-Secure Online Scanner - CodeBase = http://support.f-secure.com/ols/fscax.cab ->

{92E7E45A-D8C8-480E-AF99-176E43997CAA} -> Aurigma Image Uploader 3.0 Combo Control - CodeBase = http://www.pixdiscount.fr/clients/ImageUploader3.cab ->

{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -> Aurigma Image Uploader 3.0 Control - CodeBase = http://www.pixdiscount.fr/clients/ImageUploader3.cab ->

{B79A53C0-1DAC-4636-BACE-FD086A7A79BF} -> AdSignerLCContrl Class - CodeBase = https://static.impots.gouv.fr/tdir/static/a...AdSignerADP.cab ->

{C36112BF-2FA3-4694-8603-3B510EA3B465} -> Lycos File Upload Component - CodeBase = http://f012.mail.caramail.lycos.fr/app/upl...ileUploader.cab ->

{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl...indows-i586.cab ->

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->

{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->

DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->

Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

PackageHtmlCab -> - CodeBase = http://acces.blonde.com/package/PackageHtmlCab.CAB ->

teleir_cert -> - CodeBase = https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab ->

 

 

[Files - Created Within 90 days]

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536268800 bytes | Created Date = 02/01/1601 23:00:00 | Attr = HS]

AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1536 bytes | Created Date = 19/02/2007 12:09:12 | Attr = ]

blbetac.exe -> %UserDesktop%\blbetac.exe -> F-Secure Corporation [Ver = 2, 2, 1055, 0 | Size = 682872 bytes | Created Date = 23/02/2007 13:33:00 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\blbetac.exe:Zone.Identifier ->

DiagHelp.zip -> %UserDesktop%\DiagHelp.zip -> [Ver = | Size = 379489 bytes | Created Date = 23/02/2007 13:36:41 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\DiagHelp.zip:Zone.Identifier ->

EClea2_0.exe -> %UserDesktop%\EClea2_0.exe -> InstallShield Software Corporation [Ver = 10.01.238 | Size = 2951802 bytes | Created Date = 09/02/2007 13:54:17 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\EClea2_0.exe:Zone.Identifier ->

Hijackthis Version Française.lnk -> %UserDesktop%\Hijackthis Version Française.lnk -> [Ver = | Size = 925 bytes | Created Date = 23/02/2007 12:53:15 | Attr = ]

HijackThisFR.exe -> %UserDesktop%\HijackThisFR.exe -> Pc-Help-Bordeaux [Ver = | Size = 506140 bytes | Created Date = 23/02/2007 10:52:13 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\HijackThisFR.exe:Zone.Identifier ->

morphing1.avi -> %UserDesktop%\morphing1.avi -> [Ver = | Size = 7958528 bytes | Created Date = 16/02/2007 19:24:07 | Attr = ]

winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Created Date = 23/02/2007 14:07:04 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 12/02/2007 18:20:32 | Attr = ]

QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 12/02/2007 18:20:32 | Attr = H ]

avgfwafu.dll -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.407 | Size = 110592 bytes | Created Date = 19/02/2007 12:11:11 | Attr = ]

apphelp.sdb -> %System32%\dllcache\apphelp.sdb -> [Ver = | Size = 217118 bytes | Created Date = 09/02/2007 13:50:16 | Attr = ]

apph_sp.sdb -> %System32%\dllcache\apph_sp.sdb -> [Ver = | Size = 764868 bytes | Created Date = 09/02/2007 13:50:16 | Attr = ]

sysmain.sdb -> %System32%\dllcache\sysmain.sdb -> [Ver = | Size = 1197294 bytes | Created Date = 09/02/2007 13:50:16 | Attr = ]

avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 19/02/2007 12:09:11 | Attr = ]

avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Created Date = 19/02/2007 12:09:08 | Attr = ]

avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 19/02/2007 12:11:10 | Attr = ]

 

[Files - Modified Within 90 days]

hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536268800 bytes | Modified Date = 23/02/2007 12:49:06 | Attr = HS]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 163840 bytes | Modified Date = 04/02/2007 11:10:30 | Attr = ]

IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 4240656 bytes | Modified Date = 23/02/2007 12:42:16 | Attr = H ]

desktop.ini -> %UserDocuments%\desktop.ini -> [Ver = | Size = 112 bytes | Modified Date = 22/12/2006 17:48:44 | Attr = HS]

Mes dossiers de partage.lnk -> %UserDocuments%\Mes dossiers de partage.lnk -> [Ver = | Size = 577 bytes | Modified Date = 23/02/2007 12:51:42 | Attr = ]

nico_2005-2006.pst -> %UserDocuments%\nico_2005-2006.pst -> [Ver = | Size = 32768 bytes | Modified Date = 30/12/2006 11:33:50 | Attr = ]

AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1536 bytes | Modified Date = 19/02/2007 12:09:14 | Attr = ]

blbetac.exe -> %UserDesktop%\blbetac.exe -> F-Secure Corporation [Ver = 2, 2, 1055, 0 | Size = 682872 bytes | Modified Date = 23/02/2007 14:02:46 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\blbetac.exe:Zone.Identifier ->

DiagHelp.zip -> %UserDesktop%\DiagHelp.zip -> [Ver = | Size = 379489 bytes | Modified Date = 23/02/2007 13:36:52 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\DiagHelp.zip:Zone.Identifier ->

EClea2_0.exe -> %UserDesktop%\EClea2_0.exe -> InstallShield Software Corporation [Ver = 10.01.238 | Size = 2951802 bytes | Modified Date = 09/02/2007 13:54:24 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\EClea2_0.exe:Zone.Identifier ->

Hijackthis Version Française.lnk -> %UserDesktop%\Hijackthis Version Française.lnk -> [Ver = | Size = 925 bytes | Modified Date = 23/02/2007 12:53:16 | Attr = ]

HijackThisFR.exe -> %UserDesktop%\HijackThisFR.exe -> Pc-Help-Bordeaux [Ver = | Size = 506140 bytes | Modified Date = 23/02/2007 10:52:18 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\HijackThisFR.exe:Zone.Identifier ->

morphing1.avi -> %UserDesktop%\morphing1.avi -> [Ver = | Size = 7958528 bytes | Modified Date = 16/02/2007 19:24:18 | Attr = ]

winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Modified Date = 23/02/2007 14:07:08 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 23/02/2007 12:49:08 | Attr = S]

@Alternate Data Stream - 7305 bytes -> %SystemRoot%\bootstat.dat:rnznxx ->

QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 12/02/2007 18:20:34 | Attr = ]

QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12/02/2007 18:20:34 | Attr = H ]

win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 809 bytes | Modified Date = 09/02/2007 13:49:30 | Attr = ]

WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 21/12/2006 19:21:46 | Attr = ]

amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 09/02/2007 14:14:06 | Attr = ]

avgfwafu.dll -> %System32%\avgfwafu.dll -> GRISOFT, s.r.o. [Ver = 7.5.0.407 | Size = 110592 bytes | Modified Date = 19/02/2007 12:11:12 | Attr = ]

nscompat.tlb -> %System32%\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 09/02/2007 14:14:06 | Attr = ]

wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 23/02/2007 12:50:32 | Attr = ]

avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 19/02/2007 12:09:08 | Attr = ]

avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 19/02/2007 12:09:08 | Attr = ]

avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 27776 bytes | Modified Date = 19/02/2007 12:09:10 | Attr = ]

avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 19/02/2007 12:09:12 | Attr = ]

avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Modified Date = 19/02/2007 12:09:10 | Attr = ]

avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 19/02/2007 12:11:12 | Attr = ]

fwdrv.err -> %System32%\drivers\fwdrv.err -> [Ver = | Size = 1942 bytes | Modified Date = 23/02/2007 11:24:14 | Attr = ]

 

[File String Scan - Non-Microsoft Only]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\DPL COLLOQ SPORT ET DOPA.1.pdf:Zone.Identifier ->

UPX0 , -> %UserDocuments%\FATIGUE 2004.ppt -> [Ver = | Size = 5864960 bytes | Modified Date = 08/04/2004 18:07:12 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDocuments%\justif amende radar.html:Zone.Identifier ->

@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\blbetac.exe:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\DiagHelp.zip:Zone.Identifier ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\EClea2_0.exe:Zone.Identifier ->

Thawte Consulting , -> %UserDesktop%\EClea2_0.exe -> InstallShield Software Corporation [Ver = 10.01.238 | Size = 2951802 bytes | Modified Date = 09/02/2007 13:54:24 | Attr = ]

@Alternate Data Stream - 26 bytes -> %UserDesktop%\HijackThisFR.exe:Zone.Identifier ->

@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->

@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Adobe PSEle2.log:uzwqrq ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\b2_t_SPYBOTSD.EXE&614.xml:hinoln ->

@Alternate Data Stream - 7305 bytes -> %SystemRoot%\bootstat.dat:rnznxx ->

@Alternate Data Stream - 3547 bytes -> %SystemRoot%\clock.avi:koksrh ->

WSUD , -> %SystemRoot%\dcjmb.txt -> [Ver = | Size = 3547 bytes | Modified Date = 23/01/2005 03:38:48 | Attr = HS]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\desktop.ini:bnqfct ->

WSUD , -> %SystemRoot%\dgvvs.log -> [Ver = | Size = 3547 bytes | Modified Date = 08/01/2005 11:13:40 | Attr = HS]

WSUD , -> %SystemRoot%\dnjnq.txt -> [Ver = | Size = 3547 bytes | Modified Date = 21/01/2005 18:33:54 | Attr = HS]

WSUD , -> %SystemRoot%\dnmlk.txt -> [Ver = | Size = 3547 bytes | Modified Date = 01/01/2005 15:29:38 | Attr = HS]

WSUD , -> %SystemRoot%\eimdt.log -> [Ver = | Size = 3547 bytes | Modified Date = 17/01/2005 22:16:26 | Attr = HS]

@Alternate Data Stream - 11592 bytes -> %SystemRoot%\ffbyj.dat:eqjjgg ->

WSUD , -> %SystemRoot%\ffbyj.dat -> [Ver = | Size = 3547 bytes | Modified Date = 22/01/2005 03:19:28 | Attr = HS]

@Alternate Data Stream - 7305 bytes -> %SystemRoot%\Granit vert.bmp:wrcwar ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\KB823182.log:fnmpfr ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\KB824146.log:xofciu ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\msgsocm.log:lhano ->

@Alternate Data Stream - 11592 bytes -> %SystemRoot%\ODBCINST.INI:dujgpc ->

WSUD , -> %SystemRoot%\ooaap.txt -> [Ver = | Size = 3547 bytes | Modified Date = 25/01/2005 14:43:40 | Attr = HS]

@Alternate Data Stream - 7305 bytes -> %SystemRoot%\orun32.ini:vvtmjm ->

@Alternate Data Stream - 3547 bytes -> %SystemRoot%\pgzgn.dat:ovmrmo ->

WSUD , -> %SystemRoot%\pgzgn.dat -> [Ver = | Size = 3547 bytes | Modified Date = 15/01/2005 01:55:14 | Attr = HS]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Q329390.log:owyiv ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Q810565.log:yzzsq ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Q828026.log:ophnk ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->

@Alternate Data Stream - 7305 bytes -> %SystemRoot%\Windows Update.log:fyvnzp ->

@Alternate Data Stream - 0 bytes -> %SystemRoot%\wmsetup.log:bysmbx ->

WSUD , -> %SystemRoot%\xegya.log -> [Ver = | Size = 3547 bytes | Modified Date = 28/12/2004 16:07:50 | Attr = HS]

WSUD , -> %SystemRoot%\xfzrg.txt -> [Ver = | Size = 3547 bytes | Modified Date = 15/01/2005 15:26:20 | Attr = HS]

WSUD , -> %SystemRoot%\zpxgl.txt -> [Ver = | Size = 3547 bytes | Modified Date = 28/12/2004 08:34:24 | Attr = HS]

PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41131 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]

WSUD , -> %System32%\okmkl.log -> [Ver = | Size = 3547 bytes | Modified Date = 19/01/2005 21:55:04 | Attr = HS]

WSUD , -> %System32%\qijpg.dat -> [Ver = | Size = 3547 bytes | Modified Date = 10/01/2005 17:47:44 | Attr = HS]

UPX! , UPX0 , -> %System32%\t3odm.dll -> Cyberlink [Ver = 1.00.1016 | Size = 28672 bytes | Modified Date = 30/04/2004 20:46:24 | Attr = ]

@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->

winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]

WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]

UPX0 , -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 809394 bytes | Modified Date = 30/08/2002 13:00:00 | Attr = ]

UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 19/02/2007 12:09:08 | Attr = ]

PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04/08/2004 06:41:38 | Attr = ]

 

< End of report >

[bruce lee]

bonjour,

 

Merci de rester dans ton premier sujet et d'y copier/coller tes différents rapports

 

@+

[Thanos]

Salut bruce NO8

 

NO8, je colle tes rapports dans ton précédent sujet et te donne une réponse.

 

N'ouvre pas d'autre sujet stp, sinon il est difficile de suivre la progression de la désinfection!

Modifié le 23 février 2007 par charles ingals

[N08]

Entendu,

le chemin de la vérité est celui de l'erreur combatue!...