Votre question

VENIR A BOUT DE MON HACKER/SPAMMEUR

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
10 Mai 2009 07:03:54

Bonjour,

je capitule à vouloir regler mon probleme tout seul; apres avoir tout tenter avec mes pauvres connaissances, je viens demander de l'aide;

je suis constamment listé comme spammeur (CBLabuse) et j'ai vraiment besoin d'utiliser OUTLOOK EXPRESS au bureau;

nous sommes en reseau et je pense que tous sont contaminés; nous utilisons une adresse IP unique.

Merci pour votre aide;

Paul

Autres pages sur : venir bout hacker spammeur

a b 8 Sécurité
10 Mai 2009 16:34:40

Bonjour,

On peut voir s'il y a infection.

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    m
    0
    l
    10 Mai 2009 23:00:48

    382197,2,181940 a dit :
    Bonjour,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:59:25, on 10/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 3994 bytes
    m
    0
    l
    Contenus similaires
    10 Mai 2009 23:03:01

    Merci Angeldark; tu devrais avoir le log; suis à ta dispo; Paul
    m
    0
    l
    10 Mai 2009 23:15:53

    j ai restoré ce que j'avais bloqué

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:15:14, on 10/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    --
    End of file - 6398 bytes
    m
    0
    l
    a b 8 Sécurité
    11 Mai 2009 19:58:52

    Apparemment ok.

    Télécharge Gmer. (Przemyslaw Gmerek)

  • Dézippe-le dans un dossier dédié ou sur ton Bureau.
  • Déconnecte toi d'Internet puis ferme tous les programmes.
  • Double-clique sur Gmer.exe.
    Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
  • Clique sur l'onglet Rootkit.
  • A droite, coche seulement Files et Services.
  • Clique maintenant sur Scan.
  • Lorsque le scan est terminé, clique sur Copy.
  • Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
  • Le rapport doit alors apparaître.
  • Enregistre le fichier sur ton Bureau et poste le contenu ici.
    m
    0
    l
    12 Mai 2009 05:01:00

    merci; services et files en rootkit n'a rien donné dans le rapport; j'ai posté le rapport avec toutes les options cochées:

    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-05-12 02:55:48
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwClose [0xF77788A0]
    SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF77788D0]
    SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF7778980]
    SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF7778A20]
    SSDT \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF7778AC0]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[524] kernel32.dll!WriteFile 7C810D97 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[2572] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 32605629 C:\Program Files\Fichiers communs\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )

    ---- EOF - GMER 1.0.15 ----

    m
    0
    l
    a b 8 Sécurité
    12 Mai 2009 19:07:56

    Ça me semble ok.

    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

  • Autorise les Active x.
  • Clique sur Démarrer Online Scanner.
  • Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
  • Colle son rapport ici.
  • Poste un nouveau rapport Hijackthis.

    Aide : Comment faire un scan en ligne avec Kaspersky .
    m
    0
    l
    12 Mai 2009 19:43:37

    merci je fais ca; dis moi, tu connais wire shark? je comprends trés peu de lignes mais j'ai bcp de checksum incorrects. il semblerait sans en etre sur qu'a partir du moment ou je me connecte un programme envoie des infos. tu veux que je t'envoie fichier?
    m
    0
    l
    a b 8 Sécurité
    13 Mai 2009 18:54:17

    Euh je connais pas ce prog :/ 
    m
    0
    l
    13 Mai 2009 19:34:01

    je suspecte modification des registres, collecte d'information des modifications des le demarrage windows. ci dessous startup list et services windows; il semblerait que certains services aient ete modifiés.

    StartupList report, 13/05/2009, 17:19:20
    StartupList version: 1.52.2
    Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v8.00 (8.00.6001.18702)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HPQ\Shared\hpqwmi.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\HPMProp.bin
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Paul\Menu Démarrer\Programmes\Démarrage]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
    Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    SoundMAXPnP = C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    AVGIDS = "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
    AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
    IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    AGRSMMSG = AGRSMMSG.exe
    PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe
    IgfxTray = C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
    hpWirelessAssistant = C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    PTHOSTTR = C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    Persistence = C:\WINDOWS\system32\igfxpers.exe
    iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
    SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    IntelWireless = C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    =

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

    --------------------------------------------------

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
    StubPath = C:\WINDOWS\system32\ieudinit.exe

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:o E /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

    --------------------------------------------------

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Regedit.exe has no CompanyName property! It is either missing or named something else.
    - Regedit.exe has no OriginalFilename property! It is either missing or named something else.
    - Regedit.exe has no FileDescription property! It is either missing or named something else.

    Registry check failed!

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    AcroIEHelperStub - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG8\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\Program Files\GoZilla\GozCatch.dll - {E1FF080D-12A3-439A-A2EF-4BA95A3148E8}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    AppleSoftwareUpdate.job
    User_Feed_Synchronization-{D5ECFC8F-916A-4F32-80F6-7050B2CF3671}.job
    WGASetup.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Java Plug-in 1.5.0]
    InProcServer32 = C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows...

    [Java Plug-in 1.5.0]
    InProcServer32 = C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows...

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\mswsock.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll
    Protocol #14: C:\WINDOWS\system32\mswsock.dll
    Protocol #15: C:\WINDOWS\system32\mswsock.dll
    Protocol #16: C:\WINDOWS\system32\mswsock.dll

    --------------------------------------------------

    Enumerating Windows NT/2000/XP services

    Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system)
    Pilote de contrôleur intégré Microsoft: system32\DRIVERS\ACPIEC.sys (system)
    aeaudio: system32\drivers\aeaudio.sys (manual start)
    Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start)
    AEGIS Protocol (IEEE 802.1x) v3.1.6.0: system32\DRIVERS\AegisP.sys (autostart)
    AFD: \SystemRoot\System32\drivers\afd.sys (system)
    Agere Systems Soft Modem: system32\DRIVERS\AGRSM.sys (manual start)
    Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start)
    Apple Mobile Device: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)
    Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Protocole client ARP 1394: system32\DRIVERS\arp1394.sys (manual start)
    Service d'état ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (disabled)
    Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start)
    Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system)
    Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start)
    Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start)
    AVG8 E-mail Scanner: C:\PROGRA~1\AVG\AVG8\avgemc.exe (autostart)
    AVG8 WatchDog: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (autostart)
    Avgfwdx: system32\DRIVERS\avgfwdx.sys (manual start)
    AVG network filter service: system32\DRIVERS\avgfwdx.sys (manual start)
    AVG8 Firewall: C:\PROGRA~1\AVG\AVG8\avgfws8.exe (autostart)
    AVGIDSAgent: "C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe" AVGIDSAgent (autostart)
    AVGIDSDriver: \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys (manual start)
    AVGIDSErHr: System32\Drivers\AVGIDSErHr.sys (system)
    AVGIDSFilter: \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys (manual start)
    AVGIDSShim: \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (manual start)
    AVGIDSWatcher: C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe (autostart)
    AVG AVI Loader Driver x86: \SystemRoot\System32\Drivers\avgldx86.sys (system)
    AVG On-access Scanner Minifilter Driver x86: \SystemRoot\System32\Drivers\avgmfx86.sys (system)
    avgrkx86.sys: System32\Drivers\avgrkx86.sys (system)
    AVG8 Network Redirector: \SystemRoot\System32\Drivers\avgtdix.sys (system)
    Broadcom NetXtreme Gigabit Ethernet: system32\DRIVERS\b57xp32.sys (manual start)
    Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Enumérateur de bus Bluetooth: system32\DRIVERS\btkrnl.sys (manual start)
    Bluetooth Service: C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe (autostart)
    Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system)
    Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start)
    Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled)
    ClntMgmt.sys: \SystemRoot\System32\Drivers\ClntMgmt.sys (system)
    Pilote d'adaptateur secteur Microsoft: system32\DRIVERS\CmBatt.sys (manual start)
    Pilote de batterie composite Microsoft: system32\DRIVERS\compbatt.sys (system)
    Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (autostart)
    Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Pilote de disque: system32\DRIVERS\disk.sys (system)
    Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system)
    dmload: System32\drivers\dmload.sys (system)
    Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start)
    Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
    Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start)
    Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Journal des événements: %SystemRoot%\system32\services.exe (autostart)
    Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (autostart)
    EvtEng: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (disabled)
    Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    FltMgr: system32\DRIVERS\fltMgr.sys (system)
    Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system)
    GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
    Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start)
    GTIPCI21: system32\DRIVERS\gtipci21.sys (manual start)
    Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start)
    HP WMI Interface: C:\Program Files\HPQ\Shared\hpqwmi.exe (manual start)
    HTTP: System32\Drivers\HTTP.sys (manual start)
    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (autostart)
    Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system)
    ialm: system32\DRIVERS\ialmnt5.sys (manual start)
    Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system)
    Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start)
    IntelIde: system32\DRIVERS\intelide.sys (system)
    Pilote de processeur Intel: system32\DRIVERS\intelppm.sys (system)
    Pilote du pare-feu Windows IPv6: system32\DRIVERS\Ip6Fw.sys (manual start)
    Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start)
    Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start)
    Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start)
    iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
    Pilote IPSEC: system32\DRIVERS\ipsec.sys (system)
    Protocole IrDA: system32\DRIVERS\irda.sys (autostart)
    Service énumérateur IR: system32\DRIVERS\irenum.sys (manual start)
    Moniteur infrarouge: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system)
    Intel Wireless Connection Agent Miniport for Win XP: system32\DRIVERS\iwca.sys (manual start)
    Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system)
    Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start)
    Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
    Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    Partage de Bureau à distance NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
    Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system)
    Pilote HID de souris: system32\DRIVERS\mouhid.sys (manual start)
    Redirecteur client WebDav: system32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
    Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
    Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start)
    Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
    Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start)
    Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start)
    Pilote TAPI NDIS d'accès distant: system32\DRIVERS\ndistapi.sys (manual start)
    NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (manual start)
    Pilote réseau étendu NDIS d'accès distant: system32\DRIVERS\ndiswan.sys (manual start)
    Interface NetBIOS: system32\DRIVERS\netbios.sys (system)
    NetBIOS sur TCP/IP: system32\DRIVERS\netbt.sys (system)
    DDE réseau: %SystemRoot%\system32\netdde.exe (disabled)
    DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled)
    Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start)
    Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Pilote réseau 1394: system32\DRIVERS\nic1394.sys (manual start)
    NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Pilote du Moniteur réseau: system32\DRIVERS\NMnt.sys (manual start)
    NetGroup Packet Filter Driver: system32\drivers\npf.sys (autostart)
    Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start)
    Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start)
    Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start)
    Microsoft Office Diagnostics Service: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
    Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface): system32\DRIVERS\ohci1394.sys (system)
    Office Source Engine: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
    Pilote de port parallèle: system32\DRIVERS\parport.sys (manual start)
    Pilote de bus PCI: system32\DRIVERS\pci.sys (system)
    Pcmcia: system32\DRIVERS\pcmcia.sys (system)
    Plug-and-Play: %SystemRoot%\system32\services.exe (autostart)
    Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart)
    Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start)
    Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart)
    Planificateur de paquets QoS: system32\DRIVERS\psched.sys (manual start)
    Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start)
    Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system)
    Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Miniport réseau étendu (IrDA): system32\DRIVERS\rasirda.sys (manual start)
    Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
    Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    Pilote PPPOE d'accès à distance: system32\DRIVERS\raspppoe.sys (manual start)
    Parallèle direct: system32\DRIVERS\raspti.sys (manual start)
    Rdbss: system32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Pilote de redirecteur de périphérique Terminal Server: system32\DRIVERS\rdpdr.sys (manual start)
    Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system)
    RegSrvc: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (disabled)
    Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    Accès à distance au Registre: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
    Remote Packet Capture Protocol v.0 (experimental): "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" (manual start)
    Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start)
    Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
    Spectrum24 Event Monitor: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (autostart)
    WLAN Transport: system32\DRIVERS\s24trans.sys (autostart)
    Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart)
    Carte à puce: %SystemRoot%\System32\SCardSvr.exe (autostart)
    Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    sdbus: system32\DRIVERS\sdbus.sys (manual start)
    Secdrv: system32\DRIVERS\secdrv.sys (manual start)
    Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Pilote de filtre Serenum: system32\DRIVERS\serenum.sys (manual start)
    Pilote de port série: system32\DRIVERS\serial.sys (system)
    Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SMSC IrCC Miniport Device Driver: system32\DRIVERS\smcirda.sys (manual start)
    smwdm: system32\drivers\smwdm.sys (manual start)
    SoundMAX Agent Service: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (autostart)
    Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start)
    Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart)
    Pilote de filtre de restauration système: system32\DRIVERS\sr.sys (system)
    Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Srv: system32\DRIVERS\srv.sys (manual start)
    Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
    Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
    Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start)
    Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{B9F91EB1-FD6A-4FFC-BEDB-3866215EAD3B} (manual start)
    Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)
    Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start)
    Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system)
    Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system)
    Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (autostart)
    Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    tifm21: system32\drivers\tifm21.sys (manual start)
    Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
    Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
    Pilote de mise à jour microcode: system32\DRIVERS\update.sys (manual start)
    Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
    Onduleur: %SystemRoot%\System32\ups.exe (manual start)
    Pilote parent générique USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start)
    Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start)
    Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start)
    Classe d'imprimantes USB Microsoft: system32\DRIVERS\usbprint.sys (manual start)
    Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start)
    Pilote miniport de contrôleur hôte universel USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start)
    VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
    Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start)
    Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP: system32\DRIVERS\w29n51.sys (manual start)
    Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Pilote ARP IP d'accès distant: system32\DRIVERS\wanarp.sys (manual start)
    Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Windows Media Connect (WMC): c:\program files\windows media connect\mswmccds.exe (manual start)
    Aide de Windows Media Connect (WMC): C:\Program Files\Windows Media Connect\mswmcls.exe (manual start)
    Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Extensions du pilote WMI: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Interface de gestion Microsoft Windows pour ACPI: system32\DRIVERS\wmiacpi.sys (system)
    Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
    Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Windows Search: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
    Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    aujasnkj: \??\C:\DOCUME~1\Paul\LOCALS~1\Temp\aujasnkj.sys (manual start)


    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\Program Files\HPQ\Shared\hpqwmi.events|||\

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll

    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    --------------------------------------------------

    End of report, 38 125 bytes
    Report generated in 0,375 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

    m
    0
    l
    13 Mai 2009 19:42:50

    voici des rapport que j'ai trouvé dans wbem/logs (SYSTEM 32), t'en penses quoi?

    PREMIER LOG

    (Sat May 09 20:31:02 2009.356359) : ***************************************
    (Sat May 09 20:31:02 2009.356359) : Could not get pointer to binary resource for file:
    (Sat May 09 20:31:02 2009.356359) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Sat May 09 20:31:02 2009.356359) :
    (Sat May 09 20:31:02 2009.356359) : ***************************************
    (Sat May 09 20:37:33 2009.746859) : Impersonation failed - Access denied
    (Sat May 09 21:12:18 2009.307156) : ***************************************
    (Sat May 09 21:12:18 2009.307390) : Could not get pointer to binary resource for file:
    (Sat May 09 21:12:18 2009.307390) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Sat May 09 21:12:18 2009.307390) :
    (Sat May 09 21:12:18 2009.307406) : ***************************************
    (Sat May 09 21:21:50 2009.879328) : Impersonation failed - Access denied
    (Sun May 10 00:40:59 2009.313890) : ***************************************
    (Sun May 10 00:40:59 2009.313921) : Could not get pointer to binary resource for file:
    (Sun May 10 00:40:59 2009.313921) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Sun May 10 00:40:59 2009.313921) :
    (Sun May 10 00:40:59 2009.313921) : ***************************************
    (Sun May 10 00:46:00 2009.614906) : Impersonation failed - Access denied
    (Sun May 10 03:14:10 2009.311078) : ***************************************
    (Sun May 10 03:14:10 2009.311093) : Could not get pointer to binary resource for file:
    (Sun May 10 03:14:10 2009.311093) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Sun May 10 03:14:10 2009.311093) :
    (Sun May 10 03:14:10 2009.311093) : ***************************************
    (Sun May 10 03:21:25 2009.746156) : Impersonation failed - Access denied
    (Sun May 10 20:59:37 2009.311843) : ***************************************
    (Sun May 10 20:59:37 2009.311859) : Could not get pointer to binary resource for file:
    (Sun May 10 20:59:37 2009.311859) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Sun May 10 20:59:37 2009.311859) :
    (Sun May 10 20:59:37 2009.311859) : ***************************************
    (Sun May 10 21:06:12 2009.707093) : Impersonation failed - Access denied
    (Mon May 11 04:02:33 2009.25688265) : ***************************************
    (Mon May 11 04:02:33 2009.25688281) : Could not get pointer to binary resource for file:
    (Mon May 11 04:02:33 2009.25688281) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Mon May 11 04:02:33 2009.25688281) :
    (Mon May 11 04:02:33 2009.25688296) : ***************************************
    (Mon May 11 07:43:53 2009.204343) : ***************************************
    (Mon May 11 07:43:53 2009.204375) : Could not get pointer to binary resource for file:
    (Mon May 11 07:43:53 2009.204390) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Mon May 11 07:43:54 2009.204718) :
    (Mon May 11 07:43:54 2009.204750) : ***************************************
    (Tue May 12 03:18:51 2009.113796) : ***************************************
    (Tue May 12 03:18:51 2009.113890) : Could not get pointer to binary resource for file:
    (Tue May 12 03:18:51 2009.113953) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Tue May 12 03:18:51 2009.113984) :
    (Tue May 12 03:18:51 2009.114015) : ***************************************
    (Tue May 12 08:53:32 2009.102984) : ***************************************
    (Tue May 12 08:53:32 2009.102984) : Could not get pointer to binary resource for file:
    (Tue May 12 08:53:32 2009.102984) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Tue May 12 08:53:32 2009.102984) :
    (Tue May 12 08:53:32 2009.102984) : ***************************************
    (Tue May 12 10:34:06 2009.6137312) : ***************************************
    (Tue May 12 10:34:06 2009.6137312) : Could not get pointer to binary resource for file:
    (Tue May 12 10:34:06 2009.6137312) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Tue May 12 10:34:06 2009.6137312) :
    (Tue May 12 10:34:06 2009.6137312) : ***************************************
    (Tue May 12 10:50:35 2009.7125546) : ***************************************
    (Tue May 12 10:50:35 2009.7125546) : Could not get pointer to binary resource for file:
    (Tue May 12 10:50:35 2009.7125546) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Tue May 12 10:50:35 2009.7125546) :
    (Tue May 12 10:50:35 2009.7125546) : ***************************************
    (Tue May 12 18:34:25 2009.114093) : ***************************************
    (Tue May 12 18:34:25 2009.114109) : Could not get pointer to binary resource for file:
    (Tue May 12 18:34:25 2009.114125) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Tue May 12 18:34:25 2009.114125) :
    (Tue May 12 18:34:25 2009.114125) : ***************************************
    (Tue May 12 21:34:08 2009.100156) : ***************************************
    (Tue May 12 21:34:08 2009.100234) : Could not get pointer to binary resource for file:
    (Tue May 12 21:34:08 2009.100250) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Tue May 12 21:34:08 2009.100250) :
    (Tue May 12 21:34:08 2009.100250) : ***************************************
    (Wed May 13 14:06:51 2009.130281) : ***************************************
    (Wed May 13 14:06:51 2009.130312) : Could not get pointer to binary resource for file:
    (Wed May 13 14:06:51 2009.130312) : C:\WINDOWS\system32\DRIVERS\wmiacpi.sys[MofResource](Wed May 13 14:06:51 2009.130312) :
    (Wed May 13 14:06:51 2009.130312) : ***************************************


    DEUXIEME LOG

    (Wed May 13 01:36:06 2009.14617875) : Failed to log an event: 5DE
    (Wed May 13 01:36:06 2009.14617984) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 01:36:06 2009.14618000) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 01:36:06 2009.14618000) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Wed May 13 01:36:06 2009.14618000) : Failed to log an event: 5DE
    (Wed May 13 01:36:06 2009.14618015) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 01:36:06 2009.14618015) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 01:38:11 2009.14743500) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Wed May 13 01:38:11 2009.14743500) : Failed to log an event: 5DE
    (Wed May 13 01:38:11 2009.14743500) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 01:38:11 2009.14743500) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 14:06:03 2009.82156) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Wed May 13 14:06:03 2009.82218) : Failed to log an event: 5DE
    (Wed May 13 14:06:03 2009.82234) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Wed May 13 14:06:03 2009.82281) : Failed to log an event: 5DE
    (Wed May 13 14:06:03 2009.82312) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:06:03 2009.82375) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:06:03 2009.82437) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 14:06:30 2009.109531) : Failed to log an event: 5DE
    (Wed May 13 14:06:30 2009.109531) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:06:30 2009.109531) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 14:06:31 2009.109796) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Wed May 13 14:06:31 2009.109859) : Failed to log an event: 5DE
    (Wed May 13 14:06:31 2009.109953) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:06:31 2009.110015) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 14:06:43 2009.122546) : Failed to log an event: 5DE
    (Wed May 13 14:06:44 2009.122562) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:06:44 2009.122625) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 14:06:46 2009.124875) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Wed May 13 14:06:46 2009.124875) : Failed to log an event: 5DE
    (Wed May 13 14:06:46 2009.124875) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:06:46 2009.124906) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 14:06:46 2009.125218) : Failed to log an event: 5DE
    (Wed May 13 14:06:46 2009.125218) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Wed May 13 14:06:46 2009.125234) : Failed to log an event: 5DE
    (Wed May 13 14:06:46 2009.125234) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:06:46 2009.125234) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:06:46 2009.125234) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 14:06:51 2009.130078) : Failed to log an event: 5DE
    (Wed May 13 14:06:51 2009.130078) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Wed May 13 14:06:51 2009.130078) : Failed to log an event: 5DE
    (Wed May 13 14:06:51 2009.130078) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:06:51 2009.130078) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:06:51 2009.130078) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 14:06:52 2009.131031) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Wed May 13 14:06:52 2009.131031) : Failed to log an event: 5DE
    (Wed May 13 14:06:52 2009.131031) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:06:52 2009.131031) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 14:07:03 2009.142203) : Failed to log an event: 5DE
    (Wed May 13 14:07:03 2009.142296) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Wed May 13 14:07:03 2009.142312) : Failed to log an event: 5DE
    (Wed May 13 14:07:03 2009.142312) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:07:03 2009.142312) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:07:03 2009.142312) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 14:19:09 2009.868281) : Failed to log an event: 5DE
    (Wed May 13 14:19:09 2009.868281) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:19:09 2009.868281) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.
    (Wed May 13 14:19:10 2009.868734) : NT Event Log Consumer: could not retrieve sid, 0x80041002
    (Wed May 13 14:19:10 2009.868734) : Failed to log an event: 5DE
    (Wed May 13 14:19:10 2009.868734) : Dropping event destined for event consumer NTEventLogEventConsumer="SCM Event Log Consumer" in namespace //./root/subscription
    (Wed May 13 14:19:10 2009.868734) : Failed to deliver an event to event consumer NTEventLogEventConsumer="SCM Event Log Consumer" with error code 0x80041001. Dropping event.

    TROISIEME LOG

    (Tue May 12 18:31:03 2009.34753828) : Could not SetStatus to remote client, hres =80010108

    m
    0
    l
    a b 8 Sécurité
    14 Mai 2009 18:38:22

    Tu pourrais faire ce que je demande nan ?
    m
    0
    l
    25 Mai 2009 10:49:20

    dsl tres occupé ces derniers tps; impossible de faire un scan en ligne avec IE. tu as dautres propositions? thanks
    m
    0
    l
    a b 8 Sécurité
    25 Mai 2009 13:07:17

    Je ne pense pas que tu sois infecté.
    m
    0
    l
    25 Mai 2009 13:24:12

    ok
    m
    0
    l
    a b 8 Sécurité
    25 Mai 2009 18:30:42

    Bonne chance.
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS