Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

infection par un spyware windows security alert

100205

Par 100205
dans Analyses et éradication malwares

 Partager

Messages recommandés

100205 Member

100205

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

Pour le moment, les redirections vers des sites non désirés ne se produisent plus.

Par contre , j'ai bien suivi le tutoriel pour le fichier EB85C523610. tar.gz mais il ne passe pas vers malekal, dois je le supprimer?

Bien cordialement.

Alain

 

Logfile of HijackThis v1.99.1

Scan saved at 12:38:23, on 12/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {BB829E3E-E251-4649-A595-B0FF128A1B3C} - C:\WINDOWS\system32\ds16g.dll

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: LUMIX Simple Viewer.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D63144F5-64A5-42A0-B5F0-279389CCD9EF}: NameServer = 212.27.32.176,212.27.32.177

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

XmichouX Extrem Member

XmichouX

Posté(e)
Posté(e) (modifié)

Re,

 

Tu ne m'as pas posté le rapport clean.

 

Affiche tes fichiers cachés et protégés :

 

Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK

 

Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation./Appliquer - - > OK

 

Supprime C:\WINDOWS\system32\ds16g.dll

 

Tu possèdes Bitdefender ?

 

Relance HiJackThis, do a system scan only, coche ces lignes :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {BB829E3E-E251-4649-A595-B0FF128A1B3C} - C:\WINDOWS\system32\ds16g.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Puis Fix Checked !

Modifié par XmichouX
100205 Member

100205

Posté(e)
  • Auteur
Posté(e)

Bonjour,

j'ai suivi tes instructions; j'ai fait un scan avec bitdefender qui ne trouve aucun élément malveillant et j'ai refait un Hijackthis .

pour le moment tout fonctionne bien

dans l'attente e ta réponse

bien cordialement

Alain

 

//-----------------------------------------------------------------

//

// Produit BitDefender Free Edition v10

// Produit 10.2

//

// Créé le: 14/12/2007 17:03:58

//

//-----------------------------------------------------------------

 

 

Statistiques

 

Chemin cible: C:\

D:\

Dossiers : 5605

Fichiers : 30008

Processus Mémoire analysés : 39

Archives : 2

Fichiers enpaquetés : 3002

Virus trouvés : 0

Fichiers infectés : 0

Processus Mémoire infectés : 0

Fichiers suspects : 0

Alertes : 0

Fichiers désinfectés : 0

Fichiers effacés : 0

Fichiers déplacés : 0

Erreurs I/O : 10

Temps d'analyse :=00:12:36

Fichiers/seconde :39

 

Statistiques Spywares

 

Registres analysés : 309

Registres infectés : 0

Cookies analysés : 0

Cookies infectés : 0

Fichiers spyware infectés : 0

Menaces Spyware détectées : 0

 

 

Définitions virus : 960083

Plugins d'analyse : 16

Plugins archives : 41

Plug-ins décompression : 7

Plug-ins messagerie : 6

Plug-ins système : 5

 

Options d'analyse

 

Détection

[X] Analyser le secteur de boot

[X] Processus mémoire

[ ] Analyser les archives

[X] Analyser les fichiers enpaquetés

[X] Analyser la messagerie

 

Masque fichiers

[X] Programmes

[ ] Tous les fichiers

[ ] Extensions définies par l'utilisateur:

[ ] Exclure les extensions: ;

 

Action

 

Objets infectés

[ ] Ignorer

[X] Désinfecter

[ ] Effacer

[ ] Mettre en quarantaine

[ ] Demander l'action

 

Seconde action

[ ] Ignorer

[ ] Effacer

[X] Mettre en quarantaine

[ ] Demander l'action

 

Options d'analyse

[X] Activer les alertes

[ ] Activer l'heuristique

[ ] Afficher tous les fichiers dans le journal

[X] Fichier journal: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1197648238.log

 

Options d'analyse Spyware

 

[X] Analyse contre les risques non-viraux

[ ] Ecarter de l'analyse les dialers et les applications

[X] Clés de registres

[X] Cookies

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:18:15, on 14/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: LUMIX Simple Viewer.lnk = ?

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D63144F5-64A5-42A0-B5F0-279389CCD9EF}: NameServer = 212.27.32.176,212.27.32.177

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

XmichouX Extrem Member

XmichouX

Posté(e)
Posté(e) (modifié)

Bien, il ne faut pas avoir plusieurs antivirus.

 

Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

 

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner

Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

 

Désinstalle Java via ajout/suppr de programmes :

 

Java 2 Runtime Environment, SE v1.4.2_03

 

Et mets le à jour à partir de ce lien : http://www.java.com/fr/download/

 

Télécharge System Repair Engineer - SREng (par Smallfrogs) sur ton Bureau :

http://www.kztechs.com/eng/download.html

 

Extrais tout son contenu sur ton Bureau

(clic droit sur le fichier .zip >> "Extraire tout...")

Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double-clique sur SREngPS.exe afin de lancer l'outil

Clique sur Smart Scan

Ensuite, clique sur le bouton [scan]. L'analyse durera quelques instants.

 

Lorsque complété, clique sur le bouton [save Reports]

Sauvegarde le rapport sur ton Bureau

Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.

Modifié par Qc001
Petit edit pour SREng
100205 Member

100205

Posté(e)
  • Auteur
Posté(e)

Bonjour,

 

J'ai désinstallé Bit defender et Avast au profit d'Antivir.

Je n'arrive pas à désinstaller Hijackthis, version françaice qui se trouve dans C/programs files : je ne le trouve pas dans Ajout/Suppression de programmes et la suppression directe du fichier n'est pas possible.

Voici le rapport de System Repair Engineer.

Bien cordialement.

Alain

 

2007-12-15,17:19:29

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<hpsysdrv><c:\windows\system\hpsysdrv.exe>  [Hewlett-Packard Company]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><nwiz.exe /installquiet /keeploaded /nodetect>  [NVIDIA Corporation]
<AGRSMMSG><AGRSMMSG.exe>  [(Verified)Microsoft Windows Publisher]
<HPHUPD06><c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe>  [Hewlett-Packard]
<HPHmon06><C:\WINDOWS\system32\hphmon06.exe>  [Hewlett-Packard]
<KBD><C:\HP\KBD\KBD.EXE>  [Hewlett-Packard Company]
<Recguard><C:\WINDOWS\SMINST\RECGUARD.EXE>  []
<PS2><C:\WINDOWS\system32\ps2.exe>  [(Verified)Microsoft Windows Publisher]
<LSBWatcher><c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe>  [Hewlett-Packard Company]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
<!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [(Verified)GRISOFT LTD]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
<avgnt><"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min>  [Avira GmbH]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Publisher]

==================================
Startup Folders
[HP Digital Imaging Monitor]
 <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[LUMIX Simple Viewer]
 <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LUMIX Simple Viewer.lnk --> C:\PROGRA~1\PANASO~1\LUMIXS~1\PHLEAU~1.EXE [Matsushita Electric Industrial Co., Ltd.]><N>

==================================
Services
[AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler][Running/Auto Start]
 <"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"><Avira GmbH>
[AntiVir PersonalEdition Classic Guard / AntiVirService][Running/Auto Start]
 <"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"><Avira GmbH>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
 <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
 <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
 <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Manual Start]
 <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Service de l'iPod / iPod Service][Stopped/Manual Start]
 <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
 <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Manual Start]
 <C:\WINDOWS\system32\HPZipm12.exe><HP>

==================================
Drivers
[PPdus ASPI Shell / Afc][Running/Manual Start]
 <system32\drivers\Afc.sys><Arcsoft, Inc.>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
 <system32\DRIVERS\AGRSM.sys><Agere Systems>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
 <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
 <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
 <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[avgio / avgio][Running/System Start]
 <\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys><Avira GmbH>
[avgntflt / avgntflt][Running/Manual Start]
 <\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys><Avira GmbH>
[avipbb / avipbb][Running/System Start]
 <system32\DRIVERS\avipbb.sys><AVIRA GmbH>
[BDFsDrv / BDFsDrv][Stopped/Manual Start]
 <\??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys><N/A>
[BDRsDrv / BDRsDrv][Stopped/Manual Start]
 <\??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys><N/A>
[catchme / catchme][Stopped/Manual Start]
 <\??\C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\catchme.sys><N/A>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
 <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[gmer / gmer][Stopped/Manual Start]
 <System32\DRIVERS\gmer.sys><GMER>
[hgycytxi / hgycytxi][Stopped/Boot Start]
 <\SystemRoot\system32\drivers\rnwxxihb.dat><N/A>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Running/Manual Start]
 <system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Running/Manual Start]
 <system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Running/Manual Start]
 <system32\DRIVERS\HPZius12.sys><HP>
[Pilote de processeur Intel / intelppm][Stopped/System Start]
 <system32\DRIVERS\intelppm.sys><N/A>
[IVI ASPI Shell / Iviaspi][Running/Manual Start]
 <system32\drivers\iviaspi.sys><InterVideo, Inc.>
[LT Modem Driver / ltmodem5][Stopped/Manual Start]
 <system32\DRIVERS\ltmdmnt.sys><LT>
[nv / nv][Running/Manual Start]
 <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / Pfc][Running/Manual Start]
 <system32\drivers\pfc.sys><Padus, Inc.>
[Ps2 / Ps2][Running/Manual Start]
 <system32\DRIVERS\PS2.sys><Hewlett-Packard Company>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
 <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
 <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start]
 <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
 <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiS AGP Filter / SISAGP][Running/Boot Start]
 <\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
 <system32\DRIVERS\sisnic.sys><SiS Corporation>
[ssmdrv / ssmdrv][Running/System Start]
 <system32\DRIVERS\ssmdrv.sys><Avira GmbH>
[ViaIde / ViaIde][Stopped/Disabled]
 <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================
Browser Add-ons
[Aide pour le lien d'Adobe PDF Reader]
 {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
 {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
 {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[&Organise-notes Encarta]
 {9455301C-CF6B-11D3-A266-00C04F689C50} <C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll, >
[Messenger]
 {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Vue HP]
 {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} <c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll, Hewlett-Packard Company>
[Java Plug-in 1.6.0_03]
 {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
 {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
 {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Bibliothèque d'objets Microsoft Outlook 8.0]
 {0006F033-0000-0000-C000-000000000046} <, N/A>
[QuickTime Object]
 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[Aide pour le lien d'Adobe PDF Reader]
 {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[TECollaboration.Manager]
 {07FEE7FA-EA56-4790-AE41-2E227CCF6EB7} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[PeerDraw Class]
 {10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A>
[Shockwave ActiveX Control]
 {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
[SkyGps Class]
 {1D1342E2-B737-43C4-B2B2-BB855FC353F1} <C:\Program Files\Skyline\TerraExplorer\Tools\GPSTracking\SkyGps.dll, >
[TECollaboration.Plane]
 {1E686889-C1F3-437F-A8CE-729C78AA3BEC} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[TECollaboration.VirtualCursor]
 {2040FA1B-53B6-41BD-BF73-6400C4F40E49} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Windows Media Player]
 {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
 {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
 {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[Tabular Data Control]
 {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[TerraExplorer Class]
 {3a4f9191-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[TE3DWindow Class]
 {3a4f9192-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[TEInformationWindow Class]
 {3a4f9193-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[TENavigationMap Class]
 {3a4f9194-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[QuickTime Object]
 {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[Redirect Control]
 {47F66446-563D-11D3-9733-906958C17458} <C:\HP\KBD\REDIRECT.OCX, Hewlett-Packard Company>
[XML Document]
 {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[FalconViewObj Class]
 {504AC303-A983-45B7-8663-CB5649B3AB1A} <C:\Program Files\Skyline\TerraExplorer\Tools\TEFVT\TEFVT.dll, >
[HHCtrl Object]
 {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[]
 {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
 {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[WUWebControl Class]
 {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[TECollaboration.FlyFile]
 {641ECCA4-28F2-4AE0-90E6-3152E62AFCA2} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Comunication Class]
 {662CB034-1B5F-46DE-83C8-8BDCA1424856} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\SLCU.dll, >
[Windows Media Player]
 {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
 {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[FVGps Class]
 {765FB9BF-38D5-4678-9BD0-40DDE72906ED} <C:\Program Files\Skyline\TerraExplorer\Tools\GPSTracking\SkyGps.dll, >
[TECollaboration.Annotation]
 {7A412365-8492-42A0-9411-BEE11106AAD6} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[TECollaboration.Chat]
 {8120661B-1913-4C41-8C47-A0A9279715C6} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Microsoft Web Browser]
 {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM Document 4.0]
 {88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 4.0]
 {88D969C1-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XSL Template 4.0]
 {88D969C3-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
 {88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
 {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[&Organise-notes Encarta]
 {9455301C-CF6B-11D3-A266-00C04F689C50} <C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll, >
[TECollaboration.Projection]
 {984E67E2-6C7E-4D87-AC71-A640954D4495} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Keyroute Control]
 {9D450881-607A-11D3-9733-208858C10000} <C:\HP\KBD\KEYROUTE.OCX, Hewlett-Packard Company>
[FileManager Class]
 {A3EEA80F-5A77-402B-8A2E-D1D9A08A497C} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\SLFM.dll, >
[TETest Class]
 {A5606C7C-13E8-4403-B5C1-72CE1AEE1CA2} <C:\Documents and Settings\All Users\Application Data\Skyline\TEDetect.dll, Skyline software systems Inc.>
[Microsoft Scriptlet Component]
 {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[Vue HP]
 {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} <c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll, Hewlett-Packard Company>
[SearchAssistantOC]
 {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
 {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[CreateMPU Class]
 {BF001C67-5DEE-40B5-85BE-A5B0E1AA0AD6} <C:\Program Files\Skyline\TerraExplorer\Tools\PyramidTool\SLMPU.dll, >
[Java Plug-in 1.4.2_03]
 {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[AUDIO__MID Moniker Class]
 {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
 {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
 {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[QuickTimeCheck Class]
 {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Computer, Inc.>
[WebViewFolderIcon Class]
 {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} <C:\WINDOWS\system32\webvw.dll, Microsoft Corporation>
[XML HTTP Request]
 {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document 3.0]
 {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
 {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>

==================================
Running Processes
[PID: 480 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 596 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.5.0540.0]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 640 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 652 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1032 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1088 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\hpzsnt10.dll]  [HP, 2.323.0.0]
[C:\WINDOWS\system32\redmonnt.dll]  [N/A, ]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzpm310.dll]  [HP, 2.323.0.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku10.dll]  [HP, 2.323.0.0]
[PID: 1124 / SYSTEM][C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe]  [Avira GmbH, 7.00.00.82]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.dll]  [Avira GmbH, 7.00.00.01]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll]  [Avira GmbH, 7.00.00.20]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardmsg.dll]  [Avira GmbH, 7.00.11.00]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll]  [, 3, 3, 17, 1]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL]  [Avira GmbH, 7.00.02.02]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL]  [Avira GmbH, 1.02.00.17]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPACK32.DLL]  [Avira GmbH, 7.03.00.15]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\unacev2.dll]  [N/A, ]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVEWIN32.DLL]  [Avira GmbH, 7.6.0.45]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll]  [Avira GmbH, 1.00.00.04]
[PID: 1332 / SYSTEM][C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe]  [Avira GmbH, 7.00.00.62]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\schedr.dll]  [Avira GmbH, 7.00.24.00]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll]  [Avira GmbH, 7.00.00.20]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll]  [, 3, 3, 17, 1]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll]  [Avira GmbH, 1.00.00.04]
[PID: 1344 / SYSTEM][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe]  [GRISOFT s.r.o., 7, 5, 1, 22]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [GRISOFT s.r.o., 4, 2, 0, 19]
[PID: 1364 / SYSTEM][C:\WINDOWS\system32\dllhost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1428 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\hpgwiamd.dll]  [Hewlett-Packard, 3.2.2.656]
[C:\WINDOWS\system32\hpotscl.dll]  [Hewlett-Packard Co., 43.0.152.000]
[PID: 152 / HP_Propriétaire][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\PROGRA~1\WINDOW~1\wmpband.dll]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll]  [N/A, ]
[C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\nvwddi.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA]  [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll]  [Avira GmbH, 7.00.00.10]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MFC71FRA.DLL]  [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll]  [Safer Networking Limited, 1, 4, 0, 0]
[C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[c:\Program Files\Sonic RecordNow!\shlext.dll]  [, 7.0.0.0]
[c:\Program Files\Sonic RecordNow!\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
[PID: 348 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016 / HP_Propriétaire][C:\windows\system\hpsysdrv.exe]  [Hewlett-Packard Company, 1, 7, 0, 0]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[PID: 1440 / HP_Propriétaire][C:\WINDOWS\AGRSMMSG.exe]  [Agere Systems, 2.1.41.10 2.1.41.10 06/29/2004 09:06:35]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[PID: 976 / HP_Propriétaire][C:\WINDOWS\system32\hphmon06.exe]  [Hewlett-Packard, 6,0,72]
[C:\WINDOWS\system32\hpzjrd01.dll]  [Hewlett Packard, 1, 0, 0, 5]
[C:\WINDOWS\system32\hpzjfw01.dll]  [Hewlett-Packard, 4.02.009.0]
[C:\WINDOWS\system32\HPZJSN01.dll]  [Hewlett Packard Company, 1, 0, 0, 3]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[PID: 1900 / HP_Propriétaire][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\nvwddi.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.6674]
[PID: 1940 / HP_Propriétaire][C:\HP\KBD\KBD.EXE]  [Hewlett-Packard Company, 1.0.2.0]
[C:\HP\KBD\led.dll]  [Hewlett-Packard Company, 1.0.2.0]
[C:\HP\KBD\USB.dll]  [Hewlett-Packard Company, 1.0.2.2.112404]
[C:\HP\KBD\ps2.dll]  [Hewlett-Packard Company, 1.0.2.2.112404]
[C:\HP\KBD\msg.dll]  [Hewlett-Packard Company, 1.0.2.2.112404]
[C:\HP\KBD\osd.dll]  [Hewlett-Packard Company, 1.0.2.2.112404]
[C:\HP\KBD\sct.dll]  [Hewlett-Packard Company, 1.0.2.2.90204]
[C:\HP\KBD\onl.dll]  [Hewlett-Packard Company, 1.0.2.0]
[C:\HP\KBD\aol.dll]  [Hewlett-Packard Company, 1.0.2.2.122104]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\HP\KBD\url.dll]  [Hewlett-Packard Company, 1.0.2.2.92704]
[C:\HP\KBD\cfg.dll]  [Hewlett-Packard Company, 1.0.2.1]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[C:\HP\KBD\MSIKBDIF.DLL]  [Hewlett-Packard Company, 1.0.2.0]
[PID: 2156 / HP_Propriétaire][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [GRISOFT s.r.o., 7, 5, 1, 43]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [GRISOFT s.r.o., 4, 2, 0, 19]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 2192 / HP_Propriétaire][C:\Program Files\QuickTime\qttask.exe]  [Apple Computer, Inc., 7.1.5]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[PID: 2236 / HP_Propriétaire][C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe]  [Avira GmbH, 7.02.00.16]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\cclib.dll]  [Avira GmbH, 7.02.00.03]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL]  [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[c:\program files\avira\antivir personaledition classic\ccgen.dll]  [Avira GmbH, 7.02.00.10]
[c:\program files\avira\antivir personaledition classic\ccgenrc.dll]  [Avira GmbH, 7.02.04.02]
[c:\program files\avira\antivir personaledition classic\ccguard.dll]  [Avira GmbH, 7.00.01.35]
[c:\program files\avira\antivir personaledition classic\ccgrdrc.dll]  [Avira GmbH, 7.00.06.00]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll]  [Avira GmbH, 1.00.00.04]
[c:\program files\avira\antivir personaledition classic\ccupdate.dll]  [Avira GmbH, 7.02.00.04]
[c:\program files\avira\antivir personaledition classic\ccupdrc.dll]  [Avira GmbH, 7.02.01.00]
[c:\program files\avira\antivir personaledition classic\cclic.dll]  [Avira GmbH, 7.02.00.04]
[c:\program files\avira\antivir personaledition classic\cclicrc.dll]  [Avira GmbH, 7.02.01.00]
[c:\program files\avira\antivir personaledition classic\ccmsg.dll]  [Avira GmbH, 7.00.00.00]
[PID: 2332 / HP_Propriétaire][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[PID: 2340 / HP_Propriétaire][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[PID: 2436 / HP_Propriétaire][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe]  [Hewlett-Packard Co., 45.4.157.000]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\nvwddi.dll]  [NVIDIA Corporation, 6.14.10.6674]
[c:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 45.4.157.000]
[c:\Program Files\HP\Digital Imaging\bin\hpquio08.dll]  [Hewlett-Packard Co., 45.4.157.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc]  [Hewlett-Packard Co., 45.4.157.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll]  [Hewlett-Packard Co., 45.4.157.000]
[c:\Program Files\HP\Digital Imaging\Unload\hpiCamTA.dll]  [Hewlett-Packard, 4.0.0.204]
[C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL]  [Microsoft Corporation, 7.10.3077.0]
[c:\Program Files\HP\Digital Imaging\Unload\HpqUnRes.dll]  [Hewlett-Packard, 4.5.0.133]
[c:\Program Files\HP\Digital Imaging\bin\hpotra08.dll]  [Hewlett-Packard Co., 43.0.213.000]
[c:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc]  [Hewlett-Packard Co., 43.0.213.000]
[c:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Co., 43.0.213.000]
[c:\Program Files\HP\Digital Imaging\bin\hpotradd.dll]  [Hewlett-Packard Co., 43.0.213.000]
[c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll]  [, 4.5.0.133]
[c:\Program Files\HP\Digital Imaging\bin\hpoSTD08.dll]  [Hewlett-Packard Co., 43.0.213.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll]  [Hewlett-Packard Co., 45.4.157.000]
[c:\Program Files\HP\Digital Imaging\bin\hpoSTD08.rsc]  [Hewlett-Packard Co., 43.0.213.000]
[C:\WINDOWS\system32\hpzidr12.dll]  [HP, 8, 0, 0, 0]
[C:\WINDOWS\system32\hpzipr12.dll]  [HP, 8, 0, 0, 0]
[c:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll]  [Hewlett-Packard Co., 43.0.213.000]
[C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll]  [Hewlett-Packard Co., 43.0.213.000]
[c:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Co., 43.0.213.000]
[c:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 45.4.157.000]
[c:\Program Files\HP\Digital Imaging\bin\hpodev08.dll]  [Hewlett-Packard Co., 43.0.213.000]
[c:\Program Files\HP\Digital Imaging\bin\hpodeb08.dll]  [Hewlett-Packard Co., 43.0.213.000]
[c:\Program Files\HP\Digital Imaging\bin\hposcn08.dll]  [Hewlett-Packard Co., 43.0.213.000]
[c:\Program Files\HP\Digital Imaging\bin\hpoSCN08.rsc]  [Hewlett-Packard Co., 43.0.213.000]
[PID: 2448 / HP_Propriétaire][C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe]  [Matsushita Electric Industrial Co., Ltd., 1.20L001.0058]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\CmLibs2.dll]  [Matsushita Electric Industrial Co., Ltd., 1.20L001.0164]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\ippi20.dll]  [Intel Corporation., 3,0,18,54]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\CmlibsEx.dll]  [Matsushita Electric Industrial Co., Ltd., 1.20L001.0118]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\CheckMarkCache.dll]  [Matsushita Electric Industrial Co., Ltd., 1.10L01.0082]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\ipp20\ippipx.dll]  [Intel Corporation., 3,0,18,54]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\PictureLib.pcp]  [Matsushita Electric Industrial Co., Ltd., 1.20L001.0132]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\LTKRN12n.dll]  [LEAD Technologies, Inc., 12.1.0.068]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\LTDIS12n.dll]  [LEAD Technologies, Inc., 12.1.0.068]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\LTFIL12n.DLL]  [LEAD Technologies, Inc., 12.1.0.068]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\IppJpeg.dll]  [Matsushita Electric Industrial Co., Ltd., 1.00L10.0065]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\ippcore.dll]  [Intel Corporation., 3,0,18,18]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\ippj20.dll]  [Intel Corporation., 3,0,17,35]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\ipp20\ippjpx.dll]  [Intel Corporation., 3,0,17,35]
[C:\Program Files\Panasonic\LUMIXSimpleViewer\MjThumb.vcp]  [Matsushita Electric Industrial Co., Ltd., 1.10L01.0133]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[PID: 3592 / HP_Propriétaire][C:\Program Files\Microsoft Office\Office\EXCEL.EXE]  [, ]
[C:\Program Files\Microsoft Office\Office\MSO97.DLL]  [, ]
[C:\Program Files\Microsoft Office\Office\XLINTL32.dll]  [Microsoft Corporation, 8.0]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\nvwddi.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\Program Files\Microsoft Office\Office\scanload.dll]  [, ]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3172 / SYSTEM][C:\WINDOWS\system32\HPZipm12.exe]  [HP, 8, 0, 0, 0]
[C:\WINDOWS\system32\HPZidr12.dll]  [HP, 8, 0, 0, 0]
[PID: 3436 / HP_Propriétaire][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\nvwddi.dll]  [NVIDIA Corporation, 6.14.10.6674]
[PID: 1912 / HP_Propriétaire][C:\Documents and Settings\HP_Propriétaire\Bureau\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\nview.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\NVWRSFR.DLL]  [NVIDIA Corporation, 6.14.10.6674]
[C:\WINDOWS\system32\nvwddi.dll]  [NVIDIA Corporation, 6.14.10.6674]
[C:\Documents and Settings\HP_Propriétaire\Bureau\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
[D:\]
[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480

==================================
HOSTS File
192.168.200.3	ad.doubleclick.net
192.168.200.3	ad.fastclick.net
192.168.200.3	ads.fastclick.net
192.168.200.3	atdmt.com
192.168.200.3	awaps.net
192.168.200.3	banner.fastclick.net
192.168.200.3	banners.fastclick.net
192.168.200.3	click.atdmt.com
192.168.200.3	clicks.atdmt.com
192.168.200.3	engine.awaps.net
192.168.200.3	fastclick.net
192.168.200.3	ftp.avp.ch
192.168.200.3	ftp.kasperskylab.ru
192.168.200.3	updates5.kaspersky-labs.com
192.168.200.3	www.awaps.net
192.168.200.3	www.viruslist.ru

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1124, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1016, C:\WINDOWS\SYSTEM\HPSYSDRV.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 976, C:\WINDOWS\SYSTEM32\HPHMON06.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1940, C:\HP\KBD\KBD.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2192, C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2236, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGNT.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2436, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2448, C:\PROGRAM FILES\PANASONIC\LUMIXSIMPLEVIEWER\PHLEAUTORUN.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3592, C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\EXCEL.EXE]
Special Privilege Enabled: SeDebugPrivilege [PID = 1912, C:\DOCUMENTS AND SETTINGS\HP_PROPRIÉTAIRE\BUREAU\SRENGPS.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1912, C:\DOCUMENTS AND SETTINGS\HP_PROPRIÉTAIRE\BUREAU\SRENGPS.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

XmichouX Extrem Member

XmichouX

Posté(e)
Posté(e) (modifié)

Re,

 

Copie le texte se situant dans le cadre ci-dessous :

 

File::

C:\WINDOWS\system32\drivers\rnwxxihb.dat

 

Driver::

hgycytxi

 

Ouvre le Bloc-Notes puis colle le texte copié.

(Démarrer\Tous les programmes\Accessoires\Bloc notes.)

Sauvegarde ce fichier sous le nom de CFScript.txt.

 

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

CFScript.gif

 

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Modifié par XmichouX
100205 Member

100205

Posté(e)
  • Auteur
Posté(e)

Bonjour,

Voici les deux nouveaux rapports.

Bien cordialement.

Alain.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:03:21, on 16/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\hphmon06.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: LUMIX Simple Viewer.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D63144F5-64A5-42A0-B5F0-279389CCD9EF}: NameServer = 212.27.32.176,212.27.32.177

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 5190 bytes

 

ComboFix 07-12-16.3 - HP_Propriétaire 2007-12-16 12:43:51.3 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.240 [GMT 1:00]

Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt

* Created a new restore point

 

FILE

C:\WINDOWS\system32\drivers\rnwxxihb.dat

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\drivers\rnwxxihb.dat

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_HGYCYTXI

-------\hgycytxi

-------\poof

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-16 to 2007-12-16 ))))))))))))))))))))))))))))))))))))

.

 

2007-12-15 17:08 . 2007-12-15 17:08 <REP> d-------- C:\Program Files\Java

2007-12-15 17:08 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-12-15 17:07 . 2007-12-15 17:07 <REP> d-------- C:\Program Files\Fichiers communs\Java

2007-12-15 07:55 . 2007-12-15 07:55 <REP> d-------- C:\Program Files\Avira

2007-12-15 07:55 . 2007-12-15 07:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2007-12-13 19:58 . 2007-12-13 19:58 <REP> d-------- C:\Program Files\Skyline

2007-12-12 12:40 . 2007-12-12 12:40 250 --a------ C:\WINDOWS\gmer.ini

2007-12-09 09:22 . 2007-12-09 09:22 <REP> d-------- C:\WINDOWS\ERUNT

2007-12-08 14:30 . 2007-12-14 19:21 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2007-12-08 14:29 . 2007-12-14 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-16 11:16 --------- d-----w C:\Program Files\eMule

2007-12-14 18:25 --------- d-----w C:\Program Files\Hijackthis Version Française

2007-12-12 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-27 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline

2006-10-03 14:41 218,112 ----a-w C:\Program Files\HijackThis.exe

2006-03-30 19:07 7,749,804 ----a-w C:\Program Files\PDFCreator-Setup-0_7_1.exe

2006-03-24 10:13 10,704,584 ----a-w C:\Program Files\setupfre.exe

2006-02-07 15:51 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys

.

 

((((((((((((((((((((((((((((( snapshot@2007-12-09_17.52.06,90 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

+ 2007-12-12 11:40:46 585,791 ----a-w C:\WINDOWS\gmer.dll

+ 2007-12-12 11:37:37 581,632 ----a-w C:\WINDOWS\gmer.exe

+ 2007-08-20 09:59:29 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll

+ 2007-08-20 09:59:29 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll

+ 2007-08-20 09:59:29 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll

+ 2007-08-20 09:59:29 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll

+ 2007-08-17 10:22:11 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe

+ 2007-08-20 09:59:29 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll

+ 2007-08-20 09:59:29 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll

+ 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll

+ 2007-08-20 09:59:29 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll

+ 2007-08-20 09:59:29 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll

+ 2007-08-20 09:59:29 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll

+ 2007-08-20 09:59:29 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll

+ 2007-08-20 09:59:30 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll

+ 2007-08-17 10:22:11 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe

+ 2007-08-17 10:22:32 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe

+ 2007-08-20 09:59:30 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll

+ 2007-08-20 09:59:30 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll

+ 2007-08-20 09:59:30 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll

+ 2007-08-20 09:59:30 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll

+ 2007-08-20 09:59:30 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll

+ 2007-08-20 09:59:30 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll

+ 2007-08-20 09:59:30 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll

+ 2007-08-20 09:59:31 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll

+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll

+ 2007-08-20 09:59:31 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll

+ 2007-08-20 09:59:31 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll

+ 2007-08-20 09:59:31 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll

+ 2007-08-20 09:59:31 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll

- 2007-08-20 09:59:29 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2007-10-10 23:49:42 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

- 2007-08-20 09:59:29 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2007-10-10 23:49:42 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll

- 2007-08-20 09:59:29 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2007-10-10 23:49:42 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

- 2007-08-20 09:59:29 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2007-10-10 23:49:42 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2007-08-20 09:59:29 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2007-10-10 23:49:42 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

- 2007-08-17 10:22:11 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

+ 2007-10-10 11:00:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

- 2007-08-20 09:59:29 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2007-10-10 23:49:42 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2007-08-20 09:59:29 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2007-10-10 23:49:42 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

- 2007-08-20 09:59:29 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2007-10-10 23:49:42 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2007-08-20 09:59:29 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2007-10-10 23:49:42 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2007-08-20 09:59:29 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

+ 2007-10-10 23:49:43 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

- 2007-08-20 09:59:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2007-10-10 23:49:43 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2007-08-20 09:59:30 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2007-10-10 23:49:43 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2007-08-17 10:22:11 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

+ 2007-10-10 10:59:40 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

- 2007-08-17 10:22:32 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

+ 2007-10-10 11:00:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

- 2007-08-20 09:59:30 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2007-10-10 23:49:44 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

- 2007-08-20 09:59:30 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2007-10-10 23:49:44 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2007-08-20 09:59:30 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2007-10-10 23:49:44 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2007-08-20 09:59:30 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

+ 2007-10-30 23:23:48 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

- 2007-08-20 09:59:30 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2007-10-10 23:49:44 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

- 2007-08-20 09:59:30 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2007-10-10 23:49:44 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

- 2007-08-20 09:59:30 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2007-10-10 23:49:45 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

- 2007-08-20 09:59:31 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll

+ 2007-10-10 23:49:45 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll

- 2005-08-30 03:55:43 1,293,312 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

+ 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

- 2007-08-20 09:59:31 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll

+ 2007-10-10 23:49:45 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll

- 2007-08-20 09:59:31 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2007-10-10 23:49:45 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2007-08-20 09:59:31 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2007-10-10 23:49:45 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2007-08-20 09:59:31 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2007-10-10 23:49:45 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

- 2006-10-18 19:47:18 222,208 ----a-w C:\WINDOWS\system32\dllcache\WMASF.dll

+ 2007-10-25 08:28:30 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys

+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys

+ 2007-12-15 06:56:45 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys

+ 2007-12-12 11:40:47 70,001 ----a-w C:\WINDOWS\system32\drivers\gmer.sys

+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys

- 2007-08-20 09:59:29 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2007-10-10 23:49:42 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2007-08-20 09:59:29 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll

+ 2007-10-10 23:49:42 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll

- 2007-08-20 09:59:29 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2007-10-10 23:49:42 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2007-08-17 10:22:11 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe

+ 2007-10-10 11:00:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe

- 2007-08-20 09:59:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

+ 2007-10-10 23:49:42 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll

- 2007-08-20 09:59:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

+ 2007-10-10 23:49:42 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll

- 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll

- 2007-08-20 09:59:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2007-10-10 23:49:42 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2007-08-20 09:59:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

+ 2007-10-10 23:49:42 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll

- 2007-08-20 09:59:29 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2007-10-10 23:49:43 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2007-08-20 09:59:29 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

+ 2007-10-10 23:49:43 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll

- 2007-08-20 09:59:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2007-10-10 23:49:43 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2007-08-17 10:22:11 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2005-01-01 06:27:28 24,681 ----a-w C:\WINDOWS\system32\java.exe

+ 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2005-01-01 06:27:28 28,779 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

- 2007-08-20 09:59:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

+ 2007-10-10 23:49:44 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll

- 2007-11-01 23:12:58 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe

+ 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe

- 2007-08-20 09:59:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2007-10-10 23:49:44 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2007-08-20 09:59:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2007-10-10 23:49:44 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2007-08-20 09:59:30 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2007-10-30 23:23:48 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-08-20 09:59:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2007-10-10 23:49:44 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2007-08-20 09:59:30 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2007-10-10 23:49:44 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

- 2007-08-20 09:59:30 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

+ 2007-10-10 23:49:45 671,232 ----a-w C:\WINDOWS\system32\mstime.dll

- 2007-08-20 09:59:31 102,400 ----a-w C:\WINDOWS\system32\occache.dll

+ 2007-10-10 23:49:45 102,400 ----a-w C:\WINDOWS\system32\occache.dll

- 2005-08-30 03:55:43 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll

+ 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

- 2007-07-22 17:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe

+ 2007-12-13 20:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe

- 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\system32\tzchange.exe

+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe

- 2007-08-20 09:59:31 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2007-10-10 23:49:45 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2007-08-20 09:59:31 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2007-10-10 23:49:45 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2007-08-20 09:59:31 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2007-10-10 23:49:45 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll

- 2007-08-20 09:59:31 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2007-10-10 23:49:45 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

- 2006-10-18 19:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll

+ 2007-10-25 08:28:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 19:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2004-09-29 21:23 C:\WINDOWS\system32\nwiz.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 C:\WINDOWS\AGRSMMSG.exe]

"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53]

"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:43]

"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-15 07:56]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 19:00]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LUMIX Simple Viewer.lnk

backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

 

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2007-04-02 17:09:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-16 12:46:49

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-16 12:47:53 - machine was rebooted

.

2007-12-12 17:49:29 --- E O F ---

XmichouX Extrem Member

XmichouX

Posté(e)
Posté(e) (modifié)

Re,

 

Relance HiJackThis, do a system scan only, coche ces lignes :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

Puis Fix Checked !

 

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<

Dézippe le sur ton bureau. Double-clic sur ce dossier clean.

Double-clic sur clean.cmd. (Lâextension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.

Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé et poste le rapport ici.

Le rapport se trouve ici : C:\rapport_clean.txt

 

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.

 

 

- "Démarrer" >> "Exécuter" >> colle ceci dans la boîte :

 

ComboFix /u

 

- Clique "Ok".

Modifié par XmichouX
100205 Member

100205

Posté(e)
  • Auteur
Posté(e)

Bonsoir,

Aprés le Fix checked de Hijackthis, ma page d'accueil internet ( about blank ) a été remplacée par MSN.com ( cela a t' il une importance ??).

Je retrouve le même problème que dans mon post 27: j'ai un fichier à uploader à malekal, son nom est EB85C523610. tar.gz , 49779 ko, fichier GZ mais je n'arrive pas à l'envoyer sur le site malgré les instructions du tutoriel, j'obtiens toujours la même réponse: " vous n'avez pas choisi de fichier".

Ci joint le rapport de Combofix et de Clean.

Bien cordialement.

Alain

 

16/12/2007 a 19:48:40,90

 

*** Recherche des fichiers dans C:

 

*** Recherche des fichiers dans C:\WINDOWS\

 

*** Recherche des fichiers dans C:\WINDOWS\system32

C:\WINDOWS\system32\bdod.bin FOUND

 

*** Recherche des fichiers dans C:\Program Files

 

ComboFix 07-12-16.3 - HP_Propriétaire 2007-12-16 20:27:12.4 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.242 [GMT 1:00]Running from: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe

Command switches used :: / u

.

 

((((((((((((((((((((((((((((( Fichiers créés 2007-11-16 to 2007-12-16 ))))))))))))))))))))))))))))))))))))

.

 

2007-12-16 19:48 . 2007-12-16 19:48 25,099,660 --a------ C:\upload_moi_NOM-EB85C523610.tar.gz

2007-12-15 17:08 . 2007-12-15 17:08 <REP> d-------- C:\Program Files\Java

2007-12-15 17:08 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2007-12-15 17:07 . 2007-12-15 17:07 <REP> d-------- C:\Program Files\Fichiers communs\Java

2007-12-15 07:55 . 2007-12-15 07:55 <REP> d-------- C:\Program Files\Avira

2007-12-15 07:55 . 2007-12-15 07:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2007-12-13 19:58 . 2007-12-13 19:58 <REP> d-------- C:\Program Files\Skyline

2007-12-12 12:40 . 2007-12-12 12:40 250 --a------ C:\WINDOWS\gmer.ini

2007-12-09 09:22 . 2007-12-09 09:22 <REP> d-------- C:\WINDOWS\ERUNT

2007-12-08 14:30 . 2007-12-14 19:21 81,984 --a------ C:\WINDOWS\system32\bdod.bin

2007-12-08 14:29 . 2007-12-14 19:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-16 11:16 --------- d-----w C:\Program Files\eMule

2007-12-12 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-08 16:50 4,036 ----a-w C:\WINDOWS\system32\tmp.reg

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-27 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline

2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll

2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll

2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll

2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll

2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe

2006-10-03 14:41 218,112 ----a-w C:\Program Files\HijackThis.exe

2006-03-30 19:07 7,749,804 ----a-w C:\Program Files\PDFCreator-Setup-0_7_1.exe

2006-03-24 10:13 10,704,584 ----a-w C:\Program Files\setupfre.exe

2005-06-17 18:54 144 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat

2006-02-07 15:51 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 19:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2004-09-29 21:23 C:\WINDOWS\system32\nwiz.exe]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 C:\WINDOWS\AGRSMMSG.exe]

"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53]

"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:43]

"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43]

"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-15 07:56]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 02:28:24]

LUMIX Simple Viewer.lnk - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-07-11 19:10:34]

 

R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

 

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2007-04-02 17:09:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-16 20:28:46

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-16 20:29:16

C:\ComboFix2.txt ... 2007-12-16 12:47

.

2007-12-12 17:49:29 --- E O F ---

XmichouX Extrem Member

XmichouX

Posté(e)
Posté(e)

Re,

 

Tu avais bien saisi le /u sans espace ?

 

+++++++++

 

Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer. (Tuto)

Autorise les active x.

Clique sur Démarrer Online Scanner.

Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.

Colle son rapport ici.

 

+++++++++

 

Reposte un Hijackthis.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...