Votre question

[Résolu] Pub Intempestive "ads served by adssite"

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
7 Décembre 2007 18:24:39

Bonjour, :) 

Depuis plusieurs jours, lorsque je surf normalement avec firefox, des pubs intempestives "Ads served by adssite" s'ouvre!
J'ai donc lancé Ad aware Se personal et Sbybot sur windows et en mode sans échec, ils m'ont supprimés plusieurs saloperies (Je précise que j'avais décocher "restauration du système" avant d'aller en mode sans échec).
J'ai donc désinstaller Ad aware Se personal pour installer Ad aware 2007 et j'ai refait les mêmes étapes que précédemment mais c'est toujours la même chose et les pubs sont toujours présente!

J'ajouterai que les logiciels que j'ai utilisés sont tous mis à jour quotidiennement. Je suis un peu perdu et ne sais plus quoi faire,

merci d'avance! ;) 

Autres pages sur : resolu pub intempestive ads served adssite

8 Décembre 2007 12:26:32

Personne pour m'aider à résoudre ce problème?
Merci par avance.
Contenus similaires
8 Décembre 2007 17:20:55

Bonjour,

Je pense avoir résolu mon problème grâce au logiciel Spyware Doctor, il m'a supprimé Ads served by adssite.
Cependant, si il y est encore, je posterai l'analyse de HijackThis.
Merci tout de même !
9 Décembre 2007 11:27:19

Il est toujours là, voici le log HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:05, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112w.bay112.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7726 bytes

Merci
9 Décembre 2007 18:13:32

Bonjour

Je me doutais bien que Spyware Doctor ne suffirais pas.


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
11 Décembre 2007 17:08:24

Bonjour,

Voici le rapport Combofixe:

ComboFix 07-12-09.1 - Matthieu 2007-12-11 17:00:58.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.157 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nsj17B.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-11 to 2007-12-11 ))))))))))))))))))))))))))))))))))))
.

2007-12-11 12:09 . 2007-12-11 12:09 59,223 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2007-12-10 19:52 . 2007-12-10 19:52 303,104 --a------ C:\WINDOWS\system32\adssite_sidebar.dll
2007-12-09 11:31 . 2007-12-09 14:05 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-09 11:31 . 2007-12-09 11:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Tools
2007-12-09 11:31 . 2007-12-09 11:32 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-09 11:31 . 2007-12-09 11:32 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-09 11:31 . 2007-12-09 11:32 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-09 11:31 . 2007-12-09 11:32 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-08 18:03 . 2007-12-08 18:03 <REP> d-------- C:\Program Files\Tomb Raider - Anniversary Demo
2007-12-08 14:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-07 19:03 . 2007-12-07 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-07 19:03 . 2007-12-07 19:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-12-07 19:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-06 19:32 . 2007-12-08 12:37 <REP> d-------- C:\Program Files\Trend Micro
2007-12-06 17:23 . 2007-12-07 20:14 <REP> d-------- C:\Program Files\Lavasoft
2007-12-05 20:13 . 2007-12-05 20:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-05 15:53 . 2007-12-05 15:53 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-05 15:53 . 2007-12-05 15:53 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-12-05 15:44 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-12-05 15:44 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-12-05 15:42 . 2007-12-05 15:42 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2007-12-05 15:42 . 2007-12-05 15:42 <REP> d-------- C:\Program Files\Common Files
2007-12-05 15:28 . 2007-12-05 15:29 79,868 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-12-05 15:28 . 2007-12-05 16:48 40,737 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-12-01 18:19 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-01 18:18 . 2007-12-01 18:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-01 18:15 . 2007-12-08 15:04 <REP> d-------- C:\Program Files\Windows Live
2007-12-01 18:15 . 2007-12-01 18:16 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-01 18:15 . 2007-12-08 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-01 13:08 . 2007-12-01 13:08 <REP> d-------- C:\Program Files\SAGEM Wi-Fi USB 802.11g
2007-12-01 13:08 . 2007-12-01 13:08 <REP> d-------- C:\Program Files\SAGEM
2007-12-01 13:08 . 2005-07-13 16:38 81,920 --a------ C:\WINDOWS\system32\ZDPN50.dll
2007-12-01 13:08 . 2005-07-13 16:38 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.sys
2007-12-01 13:07 . 2005-07-13 16:37 260,608 --a------ C:\WINDOWS\system32\drivers\WlanUZXP.sys
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmpF9CB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp3EBB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp22CB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp08CB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp06CB2.FOT
2007-12-01 11:40 . 2007-07-19 01:39 490,776 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2007-11-30 19:30 . 2007-11-30 19:30 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-30 19:30 . 2007-11-30 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2007-11-28 15:00 . 2007-11-28 15:00 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-11-28 15:00 . 2007-12-08 18:03 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-28 15:00 . 2007-11-28 15:00 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-11-28 14:57 . 2007-11-28 14:57 <REP> d-------- C:\Program Files\Aspyr Media, Inc
2007-11-22 19:05 . 2007-11-22 19:05 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-11-22 19:05 . 2007-11-22 19:07 18,043 --a------ C:\WINDOWS\War3Unin.dat
2007-11-22 19:05 . 2007-11-22 19:05 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-11-22 19:02 . 2007-11-24 11:39 <REP> d-------- C:\Program Files\Warcraft III
2007-11-21 19:58 . 2007-11-21 20:07 <REP> d-------- C:\Program Files\Yahoo!
2007-11-17 11:18 . 2007-11-28 15:40 <REP> d-------- C:\Program Files\THQ
2007-11-15 18:23 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-15 18:23 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-15 18:23 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-15 18:23 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 15:54 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-08 14:37 --------- d-----w C:\Program Files\Lx_cats
2007-12-08 14:06 --------- d-----w C:\Program Files\MSN Messenger
2007-12-07 19:15 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2007-12-05 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-01 12:17 --------- d-----w C:\Program Files\Wanadoo
2007-12-01 12:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 18:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-28 14:55 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2007-11-28 14:50 --------- d-----w C:\Program Files\EA GAMES
2007-11-28 14:43 --------- d-----w C:\Program Files\America's Army Server Manager
2007-11-28 14:43 --------- d-----w C:\Program Files\America's Army
2007-11-28 14:39 --------- d-----w C:\Program Files\CamStudio
2007-11-10 14:37 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-06 12:20 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\gtk-2.0
2007-11-01 15:36 --------- d-----w C:\Program Files\iWebAlbum
2007-10-25 16:07 --------- d-----w C:\Program Files\Sierra On-Line
2007-10-20 13:12 --------- d-----w C:\Program Files\iTunes
2007-10-20 13:12 --------- d-----w C:\Program Files\iPod
2007-10-20 08:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\vlc
2007-10-18 15:43 --------- d-----w C:\Program Files\Opera
2007-10-18 15:40 --------- d-----w C:\Program Files\adslTV
2007-10-17 12:51 --------- d-----w C:\Program Files\Java
2007-10-17 12:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Leadertech
2007-10-15 15:51 --------- d-----w C:\Program Files\GIMP-2.0
2007-10-15 14:25 --------- d-----w C:\Program Files\The Learning Company
2007-10-14 13:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Notepad++
2007-10-14 12:32 --------- d-----w C:\Program Files\Notepad++
2007-09-30 16:52 157 ----a-w C:\UnInstall.dat
2007-09-30 14:45 545,280 ----a-w C:\WINDOWS\flashax.exe
2007-09-30 14:45 12,288 ----a-w C:\WINDOWS\impborl.dll
2007-09-10 06:46 3,355,255 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2006-06-16 19:29 13,878 ----a-w C:\Documents and Settings\Administrateur\Menu Démarrer.zip
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-10 19:52 303104 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]
"Tweak UI"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 15:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 01000000
"NoRecentDocsHistory"= 01000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-06-08 17:19 94208 --a------ C:\Program Files\Lexmark 2300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2007-02-06 16:43 252704 --a--c--- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
2005-05-05 00:24 200704 --a------ C:\Program Files\Lexmark 2300 Series\lxcgmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-09-21 17:21:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qbvngrxx69774D3.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 17:06:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 17:07:32 - machine was rebooted
.
--- E O F ---



Et le rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:09, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112w.bay112.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8032 bytes




Merci :) 
11 Décembre 2007 17:26:51

Bonjour


Copie (Ctrl+C) le texte ci-dessous :

File::
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\rightonadz-uninst.exe
C:\WINDOWS\flashax.exe
C:\WINDOWS\impborl.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qbvngrxx69774D3.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0744341-96E0-4341-9ED2-8BC36CE0CCD0}]


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
11 Décembre 2007 17:37:41

Re,

Voici le contenu du scan:

ComboFix 07-12-09.1 - Matthieu 2007-12-11 17:33:14.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.106 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\CFScript.txt
* Created a new restore point

FILE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qbvngrxx69774D3.dll
C:\WINDOWS\flashax.exe
C:\WINDOWS\impborl.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\rightonadz-uninst.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qbvngrxx69774D3.dll
C:\WINDOWS\flashax.exe
C:\WINDOWS\impborl.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
C:\WINDOWS\system32\rightonadz-uninst.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-11 to 2007-12-11 ))))))))))))))))))))))))))))))))))))
.

2007-12-09 11:31 . 2007-12-09 14:05 <REP> d-------- C:\Program Files\Spyware Doctor
2007-12-09 11:31 . 2007-12-09 11:31 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PC Tools
2007-12-09 11:31 . 2007-12-09 11:32 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-09 11:31 . 2007-12-09 11:32 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-09 11:31 . 2007-12-09 11:32 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-09 11:31 . 2007-12-09 11:32 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-08 18:03 . 2007-12-08 18:03 <REP> d-------- C:\Program Files\Tomb Raider - Anniversary Demo
2007-12-08 14:03 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-07 19:03 . 2007-12-07 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-07 19:03 . 2007-12-07 19:03 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-12-07 19:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-06 19:32 . 2007-12-08 12:37 <REP> d-------- C:\Program Files\Trend Micro
2007-12-06 17:23 . 2007-12-07 20:14 <REP> d-------- C:\Program Files\Lavasoft
2007-12-05 20:13 . 2007-12-05 20:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-05 15:53 . 2007-12-05 15:53 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-05 15:53 . 2007-12-05 15:53 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2007-12-05 15:44 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-12-05 15:44 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2007-12-05 15:42 . 2007-12-05 15:42 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2007-12-05 15:42 . 2007-12-05 15:42 <REP> d-------- C:\Program Files\Common Files
2007-12-01 18:19 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-12-01 18:18 . 2007-12-01 18:18 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-01 18:15 . 2007-12-08 15:04 <REP> d-------- C:\Program Files\Windows Live
2007-12-01 18:15 . 2007-12-01 18:16 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-01 18:15 . 2007-12-08 14:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-01 13:08 . 2007-12-01 13:08 <REP> d-------- C:\Program Files\SAGEM Wi-Fi USB 802.11g
2007-12-01 13:08 . 2007-12-01 13:08 <REP> d-------- C:\Program Files\SAGEM
2007-12-01 13:08 . 2005-07-13 16:38 81,920 --a------ C:\WINDOWS\system32\ZDPN50.dll
2007-12-01 13:08 . 2005-07-13 16:38 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.sys
2007-12-01 13:07 . 2005-07-13 16:37 260,608 --a------ C:\WINDOWS\system32\drivers\WlanUZXP.sys
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmpF9CB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp3EBB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp22CB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp08CB2.FOT
2007-12-01 11:46 . 2007-12-01 11:46 1,409 --a------ C:\WINDOWS\system32\tmp06CB2.FOT
2007-12-01 11:40 . 2007-07-19 01:39 490,776 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2007-11-30 19:30 . 2007-11-30 19:30 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-11-30 19:30 . 2007-11-30 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2007-11-28 15:00 . 2007-11-28 15:00 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-11-28 15:00 . 2007-12-08 18:03 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-28 15:00 . 2007-11-28 15:00 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-11-28 14:57 . 2007-11-28 14:57 <REP> d-------- C:\Program Files\Aspyr Media, Inc
2007-11-22 19:05 . 2007-11-22 19:05 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-11-22 19:05 . 2007-11-22 19:07 18,043 --a------ C:\WINDOWS\War3Unin.dat
2007-11-22 19:05 . 2007-11-22 19:05 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-11-22 19:02 . 2007-11-24 11:39 <REP> d-------- C:\Program Files\Warcraft III
2007-11-21 19:58 . 2007-11-21 20:07 <REP> d-------- C:\Program Files\Yahoo!
2007-11-17 11:18 . 2007-11-28 15:40 <REP> d-------- C:\Program Files\THQ
2007-11-15 18:23 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-15 18:23 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-15 18:23 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-15 18:23 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 15:54 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-08 14:37 --------- d-----w C:\Program Files\Lx_cats
2007-12-08 14:06 --------- d-----w C:\Program Files\MSN Messenger
2007-12-07 19:15 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2007-12-05 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-01 12:17 --------- d-----w C:\Program Files\Wanadoo
2007-12-01 12:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 18:29 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-28 14:55 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2007-11-28 14:50 --------- d-----w C:\Program Files\EA GAMES
2007-11-28 14:43 --------- d-----w C:\Program Files\America's Army Server Manager
2007-11-28 14:43 --------- d-----w C:\Program Files\America's Army
2007-11-28 14:39 --------- d-----w C:\Program Files\CamStudio
2007-11-06 12:20 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\gtk-2.0
2007-11-01 15:36 --------- d-----w C:\Program Files\iWebAlbum
2007-10-25 16:07 --------- d-----w C:\Program Files\Sierra On-Line
2007-10-20 13:12 --------- d-----w C:\Program Files\iTunes
2007-10-20 13:12 --------- d-----w C:\Program Files\iPod
2007-10-20 08:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\vlc
2007-10-18 15:43 --------- d-----w C:\Program Files\Opera
2007-10-18 15:40 --------- d-----w C:\Program Files\adslTV
2007-10-17 12:51 --------- d-----w C:\Program Files\Java
2007-10-17 12:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Leadertech
2007-10-15 15:51 --------- d-----w C:\Program Files\GIMP-2.0
2007-10-15 14:25 --------- d-----w C:\Program Files\The Learning Company
2007-10-14 13:07 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Notepad++
2007-10-14 12:32 --------- d-----w C:\Program Files\Notepad++
2007-09-30 16:52 157 ----a-w C:\UnInstall.dat
2007-09-10 06:46 3,355,255 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2006-06-16 19:29 13,878 ----a-w C:\Documents and Settings\Administrateur\Menu Démarrer.zip
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-11_17.06.38.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-11 16:36:57 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_23c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]
"Tweak UI"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 15:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 01000000
"NoRecentDocsHistory"= 01000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2005-06-08 17:19 94208 --a------ C:\Program Files\Lexmark 2300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-09-26 13:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2007-02-06 16:43 252704 --a--c--- C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
2005-05-05 00:24 200704 --a------ C:\Program Files\Lexmark 2300 Series\lxcgmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe

*Newly Created Service* - ZDPNDIS5
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-09-21 17:21:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qbvngrxx69774D3.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 17:37:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-11 17:38:46 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-11 17:07
.
--- E O F ---


Merci !
12 Décembre 2007 16:18:28

Re,

Dsl pour l'attente mais je n'avais pas le temps de faire le scan hier.
Je l'est donc fait aujourd'hui, j'ai suivi toutes les étapes mais il ne m'a rien trouvé. Je n'ai donc pas de rapport à poster.
Les pubs sont toujours là mais c'est moins fréquent, on progresse !

Que dois-je faire?

Merci d'avance.
12 Décembre 2007 22:52:02

Re

On continue les recherches.

Télécharge DiagHelp.zip (de Malekal_Morte) sur ton bureau
http://www.malekal.com/download/DiagHelp.zip
- Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il te sera peut-être demandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
13 Décembre 2007 13:03:41

Bonjour,

voici le rapport :

DiagHelp version v1.4 - http://www.malekal.com
excute le 13/12/2007 à 12:59:03,34


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->13/12/2007 12:58:55
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->13/12/2007 12:58:49
C:\WINDOWS\prefetch\7ZG.EXE-04CCF0C9.pf -->13/12/2007 12:57:47
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->13/12/2007 12:57:39
C:\WINDOWS\prefetch\THUNDERBIRD.EXE-38CA75D9.pf -->13/12/2007 12:56:56
C:\WINDOWS\prefetch\FIREFOX.EXE-17EE503B.pf -->13/12/2007 12:56:14
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->13/12/2007 12:55:21
C:\WINDOWS\prefetch\USNSVC.EXE-373E4DBC.pf -->13/12/2007 12:55:13
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->13/12/2007 12:54:11
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->13/12/2007 12:54:11

C:\WINDOWS\System32\drivers\iksysflt.sys -->09/12/2007 11:32:50
C:\WINDOWS\System32\drivers\ikfilesec.sys -->09/12/2007 11:32:50
C:\WINDOWS\System32\drivers\kcom.sys -->09/12/2007 11:32:49
C:\WINDOWS\System32\drivers\iksyssec.sys -->09/12/2007 11:32:49
C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf -->05/12/2007 15:53:05
C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -->05/12/2007 15:53:00
C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02

C:\WINDOWS\System32\vsconfig.xml -->13/12/2007 12:53:01
C:\WINDOWS\System32\TZLog.log -->12/12/2007 20:02:09
C:\WINDOWS\System32\lvcoinst.log -->12/12/2007 20:01:39
C:\WINDOWS\System32\wpa.dbl -->10/12/2007 21:03:25
C:\WINDOWS\System32\CmdLineExt.dll -->08/12/2007 18:03:57
C:\WINDOWS\System32\PerfStringBackup.INI -->08/12/2007 14:05:09
C:\WINDOWS\System32\perfh00C.dat -->08/12/2007 14:05:09
C:\WINDOWS\System32\perfh009.dat -->08/12/2007 14:05:09
C:\WINDOWS\System32\perfc00C.dat -->08/12/2007 14:05:09
C:\WINDOWS\System32\perfc009.dat -->08/12/2007 14:05:09
C:\WINDOWS\System32\CONFIG.NT -->07/12/2007 18:10:29
C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
C:\WINDOWS\System32\AVASTSS.scr -->04/12/2007 13:54:04
C:\WINDOWS\System32\swsc.exe -->04/12/2007 01:00:42
C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
C:\WINDOWS\System32\tmpF9CB2.FOT -->01/12/2007 11:46:00
C:\WINDOWS\System32\tmp3EBB2.FOT -->01/12/2007 11:46:00
C:\WINDOWS\System32\tmp22CB2.FOT -->01/12/2007 11:46:00
C:\WINDOWS\System32\tmp08CB2.FOT -->01/12/2007 11:46:00
C:\WINDOWS\System32\tmp06CB2.FOT -->01/12/2007 11:46:00
C:\WINDOWS\System32\FNTCACHE.DAT -->28/11/2007 16:03:05
C:\WINDOWS\System32\wrap_oal.dll -->28/11/2007 15:00:23
C:\WINDOWS\System32\OpenAL32.dll -->28/11/2007 15:00:23
C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
C:\WINDOWS\System32\PnkBstrB.exe -->10/11/2007 15:37:24

C:\WINDOWS\WindowsUpdate.log -->13/12/2007 12:54:42
C:\WINDOWS\0.log -->13/12/2007 12:53:16
C:\WINDOWS\wiaservc.log -->13/12/2007 12:53:15
C:\WINDOWS\wiadebug.log -->13/12/2007 12:53:15
C:\WINDOWS\bootstat.dat -->13/12/2007 12:52:53
C:\WINDOWS\SchedLgU.Txt -->12/12/2007 20:03:31
C:\WINDOWS\tsoc.log -->12/12/2007 20:03:15
C:\WINDOWS\tabletoc.log -->12/12/2007 20:03:15
C:\WINDOWS\ocmsn.log -->12/12/2007 20:03:15
C:\WINDOWS\ntdtcsetup.log -->12/12/2007 20:03:15
C:\WINDOWS\KB937894.log -->12/12/2007 20:03:15
C:\WINDOWS\imsins.log -->12/12/2007 20:03:15
C:\WINDOWS\iis6.log -->12/12/2007 20:03:15
C:\WINDOWS\comsetup.log -->12/12/2007 20:03:15
C:\WINDOWS\ocgen.log -->12/12/2007 20:03:14

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1744
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x6bd00000 0xd000 0.01.0002.0003 C:\WINDOWS\system32\SYNCOR11.DLL
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x4c5a0000 0x18000 9.00.0000.3250 C:\PROGRA~1\WINDOW~2\wmpband.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x00fc0000 0x17000 10.00.0000.1438 C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
0x10000000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x015c0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x018f0000 0x24000 4.42.0000.0000 C:\Program Files\7-Zip\7-zip.dll
0x1c000000 0x6000 1.02.0001.0000 C:\Program Files\Notepad++\nppcm.dll
0x00f80000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x52200000 0xb000 7.00.0337.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
0x01160000 0x4000 5.03.0017.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll
0x64f00000 0x12000 4.07.1098.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x01310000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x02000000 0xd5000 1.04.0000.0000 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x02360000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 836
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x6bd00000 0xd000 0.01.0002.0003 C:\WINDOWS\system32\SYNCOR11.DLL
0x10000000 0x11000 6.14.0010.4132 C:\WINDOWS\system32\Ati2evxx.dll
0x01230000 0xae000 1.05.0540.0000 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est D414-F162

Répertoire de C:\WINDOWS\system32

19/08/2004 15:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 21 004 431 360 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est D414-F162

Répertoire de C:\WINDOWS\Downloaded Program Files

12/12/2007 14:22 <REP> .
12/12/2007 14:22 <REP> ..
03/04/2007 14:43 <REP> CONFLICT.1
14/06/2006 11:15 65 desktop.ini
22/11/2006 22:22 372 736 GAME_UNO1.dll
22/11/2006 19:50 316 GAME_UNO1.INF
08/08/2006 11:45 576 kavwebscan.inf
29/05/2003 15:00 160 864 messengerstatsclient.dll
22/02/2007 22:41 304 544 MessengerStatsPAClient.dll
14/10/2005 10:02 372 736 MsnPUpld.dll
14/10/2005 11:49 587 MSNPupld.inf
12/04/2005 14:58 77 824 PhtPkMSN.dll
08/04/2005 11:28 1 367 PhtPkMSN.inf
22/09/2004 14:59 110 592 PURen-us.dll
09/01/2007 07:30 110 592 PURfr-fr.dll
15/10/2004 06:59 110 592 PURfr-xx.dll
09/11/2006 14:36 5 019 swflash.inf
14 fichier(s) 1 628 410 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

03/04/2007 14:43 <REP> .
03/04/2007 14:43 <REP> ..
22/11/2006 22:22 372 736 GAME_UNO1.dll
22/11/2006 19:50 316 GAME_UNO1.INF
22/02/2007 22:41 304 544 MessengerStatsPAClient.dll
3 fichier(s) 677 596 octets

Total des fichiers listés :
17 fichier(s) 2 306 006 octets
5 Rép(s) 21 004 427 264 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\WINDOWS\\system32\\lxcgcoms.exe"="C:\\WINDOWS\\system32\\lxcgcoms.exe:*:Enabled:2300 Series"


Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 12:59:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="FDD05777A69B5D71AFBBDCAAF0FBB082BA5EC79FF445DADEB05AA5468CE78C8314519C1C7B69C1495D529031DA9E1BF4CC629CBF56767957930BDB53B655F0FBC2FB037C417D86E316C0451D610CC2DA02828F36A78013509B59925714DB78C4CC2C180FB344864D5AABACF38E48392236CB183A60208E36215AA55CA790FD6CA6A2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A9C6AECB7A5D1407A6A0AC4980AC7933CC93560C78B7265397128FCB45AA3878D59ACCB4D52ED935C6AF4DA038B83B416AD8543F89E7A854CDCD2AF2662EF94DA22500B6A713DA5BA7A19B1EF580E2CB5F0552D9A9A26FD69BF654577B5362FED3FDCC67841D230CCF024A7D8DC5F1049CE6FEF2346D0B4657304BE85541212746369AAE52341CA6BF748D3D1DCEAF32E4D4FC421D12BF76281D3DB85E6195402567C4178F0263F1C9200F8455A99806D2A5E028E91E079D0D694E808F6257A9F2A81DD14BF64D9494B0EB9A7BA5DC0ECEB73524B5610DD6D4C21419F836AEA5869A6631A9C5DE9B1BD5B56DE8D6DEC19BEA795EAEF1B19F25591A82BD1319DD08DF58AF64E554772C43F08D0B1536F8CA239D9E95A88A5B76E3605E15F248DCF69E20E6C5921BFBE9B095AF627D2F7344CA0854C1A2DECE969B5774CA14221223815D18AF4AD4E14B5992AC0670C84F45CD93911EC02CA6243E69AF3DF84050343823A5955159C59B7EC6811D90B5155C9B0E0B28A8236F960DEE9EE066EFCEA274F919802D33A77961094F66C6DFAC6EAA3A1BF244A79BB44E38743C68B2A9BCEBDE9D0CAA206DD6CBA2DAB13F5F633272CB40A23FD1031C4B08886ACB3D61A4DA4103685713DC7C874F0E66EA876AB3706F9BF40BEEDEBDD115D49AA4F9564F7F053ED987332503E54073FB7DD8D7D12541F235DD004EDDB40BF711460752871C82E539D2D9D35A399A3D81EC0D25C214D331C62F38D2154788B6244CB4806AF705B5F21316DF45D9F7C116790EAF0CC62EE31F3E025350E4A0F5BF958870E95DCC8E8667AB9F5A24E4F66F207C390AC9493C4A8AF79AD06ADAC1E2C2BC93CA1B8E7408340FD183F5E17C58A52AE56DAE1410E4596B57AB3A3149213BBEC32904F10EA0A06B1580B3E512AD14A1BFB988EE5B22B4E01AC8B8135D21A9313BF0ED92280C1620EC65C6D69C5F341BB3C4713139486911DAE451E4771EF9679964B481331BC53F4495979524F3998815BD85A56DB18868F312707BB1E75FEBE11835C1C232228E664F196F5784958C17A1E408DC4CE686233308234A62D07CFA78534B0D486109049F3D2C863EC2FD5445B30C92991EC18B820E1AA483080B3341F60B706BFE5EB0E87A03A5617BE949509CD6BB310BA1328C7B9447D682"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000014e

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
492 - ashServ.exe
704 - spoolsv.exe
752 - LVPrcSrv.exe
808 - csrss.exe
836 - winlogon.exe
884 - services.exe
896 - lsass.exe
1064 - svchost.exe
1132 - svchost.exe
1168 - guard.exe
1184 - Crypserv.exe
1228 - DKService.exe
1272 - svchost.exe
1340 - svchost.exe
1460 - LVComSer.exe
1552 - cmd.exe
1596 - vsmon.exe
1696 - PnkBstrA.exe
1744 - explorer.exe
1988 - svchost.exe
2332 - ashMaiSv.exe
2416 - wmiprvse.exe
2428 - ashWebSv.exe
2648 - LVComSer.exe
2656 - alg.exe
2832 - ashDisp.exe
2860 - zlclient.exe
2892 - Communications_
2924 - ctfmon.exe
2940 - msnmsgr.exe
3052 - WLANUTL.exe
3480 - firefox.exe
3748 - usnsvc.exe

Total number of processes = 34
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F8D76000 - \WINDOWS\system32\KDCOM.DLL
F8C86000 - \WINDOWS\system32\BOOTVID.dll
F8826000 - ACPI.sys
F8D78000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F8815000 - pci.sys
F8876000 - isapnp.sys
F8D7A000 - viaide.sys
F8AF6000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F8886000 - MountMgr.sys
F87F6000 - ftdisk.sys
F8D7C000 - dmload.sys
F87D0000 - dmio.sys
F8AFE000 - PartMgr.sys
F8B06000 - videX32.sys
F8896000 - VolSnap.sys
F87B8000 - atapi.sys
F87A5000 - viasraid.sys
F878D000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
F8776000 - viamraid.sys
F88A6000 - disk.sys
F88B6000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F8756000 - fltMgr.sys
F8744000 - sr.sys
F872D000 - KSecDD.sys
F86A0000 - Ntfs.sys
F8673000 - NDIS.sys
F88C6000 - uagp35.sys
F865F000 - srescan.sys
F8644000 - Mup.sys
F8926000 - \SystemRoot\system32\DRIVERS\amdk7.sys
F8475000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F8461000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F8936000 - \SystemRoot\system32\DRIVERS\imapi.sys
F8946000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F8956000 - \SystemRoot\system32\DRIVERS\redbook.sys
F843E000 - \SystemRoot\system32\DRIVERS\ks.sys
F8B96000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F8B9E000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F841B000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F8BA6000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F8BAE000 - \SystemRoot\system32\DRIVERS\fdc.sys
F8407000 - \SystemRoot\system32\DRIVERS\parport.sys
F83F6000 - \SystemRoot\system32\DRIVERS\serial.sys
F8D52000 - \SystemRoot\system32\DRIVERS\serenum.sys
F8D56000 - \SystemRoot\system32\DRIVERS\gameenum.sys
F8368000 - \SystemRoot\system32\drivers\smwdm.sys
F8344000 - \SystemRoot\system32\drivers\portcls.sys
F8986000 - \SystemRoot\system32\drivers\drmk.sys
F8DA8000 - \SystemRoot\system32\drivers\aeaudio.sys
F8996000 - \SystemRoot\system32\DRIVERS\fetnd5bv.sys
F8EE3000 - \SystemRoot\system32\DRIVERS\audstub.sys
F8A06000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F8D62000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F793D000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F8A16000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F8A26000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F8BD6000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F792C000 - \SystemRoot\system32\DRIVERS\psched.sys
F8A36000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F8BDE000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F8BE6000 - \SystemRoot\system32\DRIVERS\raspti.sys
F78B3000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F8A46000 - \SystemRoot\system32\DRIVERS\termdd.sys
F8BEE000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F8BF6000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F8DCA000 - \SystemRoot\system32\DRIVERS\swenum.sys
F787F000 - \SystemRoot\system32\DRIVERS\update.sys
F8618000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F8A56000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F8A86000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F8DD4000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F8C0E000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F8DD8000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F8E5A000 - \SystemRoot\System32\Drivers\Null.SYS
F8DDA000 - \SystemRoot\System32\Drivers\Beep.SYS
F8E5B000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F8C1E000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F8C26000 - \SystemRoot\System32\drivers\vga.sys
F8DDC000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8DDE000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F8C2E000 - \SystemRoot\System32\Drivers\Msfs.SYS
F8C36000 - \SystemRoot\System32\Drivers\Npfs.SYS
F8D32000 - \SystemRoot\system32\DRIVERS\rasacd.sys
AAF03000 - \SystemRoot\system32\DRIVERS\ipsec.sys
AAEAB000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F8AB6000 - \SystemRoot\System32\Drivers\aswTdi.SYS
AAE83000 - \SystemRoot\system32\DRIVERS\netbt.sys
AAE24000 - \SystemRoot\System32\vsdatant.sys
AADDA000 - \SystemRoot\System32\drivers\afd.sys
F8AC6000 - \SystemRoot\system32\DRIVERS\netbios.sys
AADAF000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F7928000 - \SystemRoot\system32\ckldrv.sys
AAD40000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F8AD6000 - \SystemRoot\System32\Drivers\Fips.SYS
AAD1F000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F8AE6000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F88F6000 - \SystemRoot\system32\drivers\LVUSBSta.sys
AAA76000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS
F8C3E000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
F8F6C000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F8C4E000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
AA996000 - \SystemRoot\system32\DRIVERS\WlanUZXP.sys
F7908000 - \SystemRoot\system32\DRIVERS\usbscan.sys
F8C56000 - \SystemRoot\system32\DRIVERS\usbprint.sys
F7904000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F8916000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F77D3000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
F77CF000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F89C6000 - \SystemRoot\System32\Drivers\Cdfs.SYS
AA97E000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F8E00000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
AAE10000 - \SystemRoot\System32\drivers\Dxapi.sys
F8B36000 - \SystemRoot\System32\watchdog.sys
BF9C2000 - \SystemRoot\System32\drivers\dxg.sys
F8F6B000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D4000 - \SystemRoot\System32\ati2dvag.dll
BFA17000 - \SystemRoot\System32\ati2cqag.dll
BFA5C000 - \SystemRoot\System32\atikvmag.dll
BFA92000 - \SystemRoot\System32\ati3duag.dll
BFD24000 - \SystemRoot\System32\ativvaxx.dll
A890A000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
A85EB000 - \SystemRoot\System32\Drivers\Fastfat.SYS
A8445000 - \SystemRoot\System32\Drivers\aswMon2.SYS
A8288000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F8DBC000 - \SystemRoot\System32\Drivers\ParVdm.SYS
A8237000 - \SystemRoot\system32\DRIVERS\atjsgt.sys
A81FA000 - \SystemRoot\system32\drivers\wdmaud.sys
A883E000 - \SystemRoot\system32\drivers\sysaudio.sys
A8260000 - \SystemRoot\system32\DRIVERS\linsgt.sys
A8092000 - \SystemRoot\system32\DRIVERS\srv.sys
F8B86000 - \SystemRoot\system32\drivers\LVPr2Mon.sys
A7DFE000 - \SystemRoot\System32\Drivers\aswRdr.SYS
A7ADA000 - \??\C:\WINDOWS\system32\ZDPNDIS5.SYS
F8EEF000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 137

Liste des programmes installes

7-Zip 4.42
ABBYY FineReader 6.0 Sprint
Ad-Aware SE Personal
Adibou V.3.10 (C:) 
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Illustrator 10 Evaluation
Adobe Photoshop CS
Adobe Photoshop Elements
Adobe Reader 8.1.1 - Français
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Apple Software Update
AsusUpdate
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
AVG Anti-Spyware 7.5
CCleaner (remove only)
Diskeeper Lite
DivX Content Uploader
DivX Web Player
FileZilla (remove only)
Friendly-Strike2
GTK+ 2.10.6-1 runtime environment
HijackThis 2.0.2
iTunes
iWebAlbum 2.02
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 3
K-Lite Mega Codec Pack 3.3.0
Kaspersky Online Scanner
Language pack for Ad-Aware SE
Les Sims 2
Lexmark 2300 Series
LimeWire 4.14.10
Livebox
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Lyra Jukebox Applications
Macromedia Dreamweaver 8
Macromedia Extension Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft Bootvis
Microsoft GIF Animator
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 CD-ROM 2
Microsoft Office 2000 Premium
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows XP (KB937894)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour pour Windows XP (KB942763)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Motorola Driver Installation
Mozilla Firefox (2.0.0.11)
Mozilla Thunderbird (2.0.0.9)
MP3 Player Recovery Device Drivers
MSXML 4.0 SP2 (KB936181)
MVision
Nero 6 Ultra Edition
Notepad++
Nvu 1.0
Pharaon
PhotoFiltre
Platform
PowerDVD
Programme de gestion Camera de Logitech®
QuickTime
Rapide Créateur D'Icône 5.1
SAGEM Wi-Fi 11g USB adapter (Driver)
SAGEM Wi-Fi 11g USB adapter (Tool)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update pour Microsoft .NET Framework 2.0 (KB928365)
SetBrowser (remove only)
Solutions de télécopie Lexmark
SoundMAX
Spybot - Search & Destroy 1.4
Spyware Doctor 5.0
SUPER © Version 2007.bld.23 (July 4, 2007)
The GIMP 2.2.17
Tomb Raider: Anniversary Demo 1.0
Trixie
Ulead GIF Animator 2.0 Full Version
Ulead GIF Animator 5 Evaluation
UMVPLStandalone
Utilitaires Sierra
VIA Integrated Setup Wizard
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VideoLAN VLC media player 0.8.6a
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
ZoneAlarm



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est D414-F162

Répertoire de C:\Program Files

09/12/2007 11:31 <REP> .
09/12/2007 11:31 <REP> ..
19/06/2006 18:00 <REP> 7-Zip
20/06/2006 12:10 <REP> Abbyy FineReader 6.0 Sprint
12/12/2007 16:45 <REP> Adobe
18/10/2007 16:40 <REP> adslTV
14/06/2006 15:25 <REP> Ahead
14/06/2006 17:30 <REP> Alwil Software
28/11/2007 15:43 <REP> America's Army
28/11/2007 15:43 <REP> America's Army Server Manager
30/01/2007 18:06 <REP> Analog Devices
21/09/2007 18:34 <REP> Apple Software Update
28/11/2007 14:57 <REP> Aspyr Media, Inc
14/06/2006 11:12 <REP> ASUS
14/06/2006 11:32 <REP> ATI Technologies
07/03/2007 16:54 <REP> AviSynth 2.5
27/01/2007 19:56 <REP> Back To Gaya
14/06/2006 11:10 <REP> Bhelpuri
14/03/2007 18:23 <REP> Browster
06/10/2006 17:33 <REP> Buddy Icon Constructor FREE
31/08/2006 09:43 <REP> Call of Duty Single Player Demo
28/11/2007 15:39 <REP> CamStudio
06/10/2006 19:14 <REP> CCleaner
14/10/2006 22:40 <REP> CoffeeCup Software
05/12/2007 15:42 <REP> Common Files
14/06/2006 11:12 <REP> ComPlus Applications
29/09/2007 16:37 <REP> ConWare
27/06/2006 12:35 <REP> CyberLink
07/08/2007 13:37 <REP> DivX
28/11/2007 15:50 <REP> EA GAMES
10/12/2006 15:47 <REP> EasyPHP1-8
09/08/2007 13:37 <REP> eRightSoft
01/09/2006 10:20 <REP> Executive Software
12/12/2007 16:46 <REP> Fichiers communs
11/08/2007 21:06 <REP> FileZilla
15/10/2007 16:51 <REP> GIMP-2.0
16/08/2007 12:33 <REP> Google
07/12/2007 19:03 <REP> Grisoft
16/06/2007 18:07 <REP> Icon Constructor 3
12/12/2007 16:17 <REP> Internet Explorer
20/10/2007 14:12 <REP> iPod
20/10/2007 14:12 <REP> iTunes
01/11/2007 16:36 <REP> iWebAlbum
17/10/2007 13:51 <REP> Java
08/08/2007 18:28 <REP> K-Lite Codec Pack
07/12/2007 20:14 <REP> Lavasoft
20/06/2006 12:09 <REP> Lexmark 2300 Series
20/06/2006 12:09 <REP> Lexmark Fax Solutions
07/10/2007 10:41 <REP> LimeWire
27/08/2007 18:09 <REP> Logitech
12/12/2007 15:22 <REP> Lx_cats
05/05/2007 14:23 <REP> Macromedia
04/01/2007 11:07 <REP> Maïdo Production
16/05/2007 17:39 <REP> Microsoft Bootvis
09/05/2007 16:21 <REP> Microsoft CAPICOM 2.1.0.2
24/06/2006 14:31 <REP> microsoft frontpage
17/09/2006 14:35 <REP> Microsoft GIF Animator
24/06/2006 14:26 <REP> Microsoft Office
01/12/2007 18:18 <REP> Microsoft SQL Server Compact Edition
25/06/2006 13:40 <REP> Microsoft Visual Studio
29/04/2007 16:03 <REP> Mindscape
14/06/2006 11:14 <REP> Movie Maker
13/12/2007 12:56 <REP> Mozilla Firefox
13/12/2007 12:56 <REP> Mozilla Thunderbird
12/01/2007 18:43 <REP> msn gaming zone
08/12/2007 15:06 <REP> MSN Messenger
15/08/2007 11:26 <REP> MSXML 4.0
14/01/2007 18:16 <REP> Namo
14/06/2006 11:14 <REP> NetMeeting
07/08/2007 09:27 <REP> NiProD
14/10/2007 13:32 <REP> Notepad++
12/09/2006 17:38 <REP> Nvu
16/06/2006 18:56 <REP> OpenOffice.org 2.0
28/11/2007 15:55 <REP> OpenOffice.org 2.2
18/10/2007 16:43 <REP> Opera
14/06/2007 13:36 <REP> Outlook Express
20/01/2007 15:11 <REP> PhotoFiltre
27/06/2006 12:40 <REP> PowerArchiver
17/08/2007 15:18 <REP> QuickTime
07/08/2006 16:12 <REP> QwertZ
03/10/2007 18:34 <REP> Rapide Créateur D'Icône
20/08/2006 10:16 <REP> Real
22/04/2007 19:11 <REP> Riva
01/12/2007 13:08 <REP> SAGEM
10/03/2007 20:24 <REP> SAGEM Wi-Fi USB 802(2).11g
01/12/2007 13:08 <REP> SAGEM Wi-Fi USB 802.11g
10/03/2007 20:24 <REP> SAGEM(2)
14/06/2006 11:14 <REP> Services en ligne
20/05/2007 13:39 <REP> SetBrowser
25/10/2007 17:07 <REP> Sierra On-Line
16/08/2007 14:07 <REP> Spybot - Search & Destroy
09/12/2007 14:05 <REP> Spyware Doctor
21/04/2007 15:39 <REP> Sunbelt Software
15/10/2007 15:25 <REP> The Learning Company
25/11/2006 18:13 <REP> Thomson
28/11/2007 15:40 <REP> THQ
08/12/2007 18:03 <REP> Tomb Raider - Anniversary Demo
22/04/2007 18:39 <REP> Total Video Converter
08/12/2007 12:37 <REP> Trend Micro
01/03/2007 17:34 <REP> Ubisoft
17/05/2007 16:56 <REP> Ulead GIF Animator 2.0
25/10/2006 16:26 <REP> Ulead Systems
14/06/2006 11:36 <REP> VIA
31/01/2007 14:58 <REP> VideoLAN
04/01/2007 16:04 <REP> Visicom Media
01/12/2007 13:17 <REP> Wanadoo
24/11/2007 11:39 <REP> Warcraft III
08/12/2007 15:04 <REP> Windows Live
31/03/2007 16:45 <REP> Windows Media Components
10/03/2007 20:23 <REP> Windows Media Connect 2
29/06/2007 17:43 <REP> Windows Media Player
14/06/2006 11:12 <REP> Windows NT
11/08/2007 16:15 <REP> WinRAR
14/06/2006 11:16 <REP> xerox
21/11/2007 20:07 <REP> Yahoo!
18/08/2006 17:43 <REP> ZC2.10
21/04/2007 16:46 <REP> Zone Labs
0 fichier(s) 0 octets
117 Rép(s) 20 981 755 904 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est D414-F162

Répertoire de C:\Program Files\fichiers communs

12/12/2007 16:46 <REP> .
12/12/2007 16:46 <REP> ..
12/12/2007 16:46 <REP> Adobe
30/11/2007 19:30 <REP> Adobe Systems Shared
14/06/2006 15:25 <REP> Ahead
24/06/2006 14:27 <REP> Designer
20/01/2007 18:50 <REP> GTK
27/06/2006 13:44 <REP> InstallShield
17/06/2006 17:33 <REP> Java
27/08/2007 18:15 <REP> LogiShrd
01/04/2007 16:37 <REP> Logitech
05/05/2007 14:25 <REP> Macromedia
20/10/2006 18:13 <REP> MAGIX Shared
06/12/2007 17:02 <REP> Microsoft Shared
05/12/2007 15:42 <REP> Motorola Shared
14/06/2006 11:14 <REP> MSSoap
14/06/2006 12:07 <REP> ODBC
03/08/2007 13:21 <REP> Real
14/06/2006 11:14 <REP> Services
14/06/2006 12:07 <REP> SpeechEngines
22/04/2007 16:25 <REP> SWF Studio
14/06/2007 13:36 <REP> System
12/12/2007 16:46 <REP> Vbox
03/08/2007 13:21 <REP> xing shared
0 fichier(s) 0 octets
24 Rép(s) 20 981 764 096 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est D414-F162

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

29/06/2007 17:40 <REP> .
29/06/2007 17:40 <REP> ..
18/05/2001 15:57 561 209 MSONSEXT.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
18/03/1999 06:37 593 977 RAGENT.DLL
4 fichier(s) 1 405 156 octets
2 Rép(s) 20 981 764 096 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est D414-F162

Répertoire de C:\Program Files\common files

05/12/2007 15:42 <REP> .
05/12/2007 15:42 <REP> ..
05/12/2007 15:42 <REP> Motorola Shared
0 fichier(s) 0 octets
3 Rép(s) 20 981 764 096 octets libres




c:\Documents and Settings\Administrateur\.limewire\.NetworkShare\LimeWireWin4.14.12.exe
c:\Documents and Settings\Administrateur\.limewire\.NetworkShare\Incomplete\T-3378808-LimeWireWin4.14.4.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Administrateur\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\ComboFix.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\HiJackThis.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Spyware Doctor.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\tomb_raider_10th_anniversary_demo_multilangues.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\MSN\clean-messenger_clean_messenger_2.7.0178_francais_15541.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\MSN\windows-live-messenger_windows_live_messenger_8.1.0178.00_francais_19367.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\Ad aware Se Personal.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\AdobeIllustrator10fr.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\Atlantis Gate Activation.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\AVG Anti-Spyware.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\ccsetup203.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\Crack.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\dk25.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\FileZilla.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\Firefox Setup 2.0.0.11.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\Internet Explorer 7.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\iwebalbum.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\Language Ad aware Se Personal.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\NotePad++.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\SGC.EXE
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\SUPER.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\The Gimp 2.0.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\Ulead GIF Animator 5.0 Trial French - Bidjan.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\Ulead GIF Animator 5.0.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\Xtremsplit.exe
c:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\Adobe Illustrator 10\Illustrator 10\Setup.exe
c:\Documents and Settings\Administrateur\Local Settings\Application Data\MessLive\MessLive_Patch.exe_Url_1vymjctpigker0uqkrlcvfwxvazpiwsz
c:\Documents and Settings\Administrateur\Local Settings\Application Data\MessLive\MessLive_Patch.exe_Url_a5145fdjgc10rub2s2kuvzellke5nvfa
c:\Documents and Settings\Administrateur\Local Settings\Temp\AutoRun.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\alcotest.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\America.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\aspen.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\Cable capers.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\Cat-vac.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\Croco.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\Dinde.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\DirtBike2.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\eggsparty.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\Elch.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\FOOTBALL.EXE
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\Gardien De Foot.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\GOLDORAK.EXE
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\j20.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\Kill Kenny.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\montre digitale belge.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\MountainBike.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\optical.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\Pacman.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\PACMAN1.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\pharaon.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\pilsner_1.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\pingpong.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\tetris1.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\Tomato Bounce.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\War on Terrorism.exe
c:\Documents and Settings\Administrateur\Mes documents\Mes jeux\Volley\volley.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe
c:\Documents and Settings\Administrateur\Application Data\Aveso\SimpleCSS.dll
c:\Documents and Settings\Administrateur\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll
c:\Documents and Settings\Administrateur\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ytz4ka2e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ytz4ka2e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\Administrateur\Application Data\Thunderbird\Profiles\ifhj7x05.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\components\mintray-9178506d-2005072516-trunk.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\MMSEF.dll
c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\VMSEF.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_B20ACF8469774D3.tar.gz a l'adresse http://upload.malekal.com


Merci !
13 Décembre 2007 23:12:01

Re

Quand apparaissent les pubs ?


Télécharge DrWeb
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

La version est automatiquement à jour.
Installe le.
Lance le.
Une analyse des processus se lance.
Ensuite, choisis le lecteur à scanner et lance l'analyse.

Poste le rapport.
15 Décembre 2007 11:30:51

Re,

Les pubs apparaissent souvent après m'être connecté (5min environ), ensuite, elles apparaissent quotidiennement (je ne peux pas te donner d'approximatisation car c'est aléatoire).

Pour ce qui concerne DrWeb, je ne peux pas poster de rapport parce que yen a pas, cependant, j'ai fait une capture d'écran de ce qu'il m'a trouvé (Après la capture, je l'ai est supprimé).



Merci !



15 Décembre 2007 12:18:42

Quel type de pub ?

Utilises tu le bloqueur de pub d'IE7 ?

Poste un nouveau Hijackthis.
15 Décembre 2007 12:32:08

Le type de pub varie: Souvent, c'est image sur le poker, tout à l'heure c'était sur l'iphone, etc...

Je n'utilise pas du tout ie7, mais firefox. je n'est donc surrement pas activé ce bloqueur de pub ie7.

Voici le rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35, on 15/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112w.bay112.mail.live.com/mail/resources/MsnPU...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8177 bytes

Merci.
15 Décembre 2007 12:58:27

Re,

voici un exemple du type de pub que je reçoit...

15 Décembre 2007 14:46:52

Re,

Oui, j'ai déjà Adblock plus sur en modules complémentaires.
voici le rapport clean (Trouvé dans c:/rapport_clean.txt, je suppose que c'est cela):

15/12/2007 a 14:46:41,15

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\grwinsthlp.exe FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll" FOUND

Merci.

15 Décembre 2007 14:53:30

Oui, c'est le bon rapport.

Relance Clean. Choisis l'option 2 pour faire le ménage et poste le rapport.


Regarde si tu as ce dossier
C:\Program Files\Common files\WinTools
Si c'est le cas, supprime le.
15 Décembre 2007 15:07:05

Je n'ai pas trouvé C:\Program Files\Common files\WinTools (J'ai également regardé en affichant les dossiers et fichiers masqués).

Voici le rapport (Cependant, le rapport indique que le scan a été fait en mode sans échec mais ce n'est pas le cas puisque je l'est fait sur windows, faut t'il que je le fasse en mode sans échec ?)

Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 15/12/2007 a 15:04:46,12

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\grwinsthlp.exe
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll"
Impossible de supprimer "C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll"

*** Suppression des clefs du registre effectuee..

Merci
15 Décembre 2007 15:28:24

Re,

J'ai l'impression qu'on est sur la bonne voie. :) 

15 Décembre 2007 19:04:11

R

Oui, fais le en mode sans échec, car un fichier a résisté.

On continue les recherches.

Télécharge SREng (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html

Extrais tout son contenu sur ton Bureau
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double clique sur SREng.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse
16 Décembre 2007 12:57:47

Re,

j'ai refais scan en mode sans échec.
Voici le rapport de SReng:

  1. 2007-12-16,12:56:43
  2.  
  3. System Repair Engineer 2.5.16.900
  4. Smallfrogs (http://www.KZTechs.com)
  5.  
  6. Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
  7.  
  8. Follow item(s) have been choosed:
  9. All Boot Items (Including Registry, Startup Folders, Services and so on)
  10. Browser Add-ons
  11. Runing Processes (Including process model information)
  12. File Associations
  13. Winsock Provider
  14. Autorun.Inf
  15. HOSTS File
  16. Process Privileges Scan
  17.  
  18.  
  19. Boot Items
  20. Registry
  21. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  22. <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
  23. <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
  24. <updateMgr><; C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0> [N/A]
  25. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  26. <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
  27. <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
  28. <ZoneAlarm Client><"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.]
  29. <Tweak UI><RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp> [Microsoft Corporation]
  30. <LogitechCommunicationsManager><"C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"> [(Verified)Logitech Inc]
  31. <LXCGCATS><rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16> [(Verified)Microsoft Windows Publisher]
  32. <Adobe Reader Speed Launcher><; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
  33. <ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [N/A]
  34. <EzPrint><; "C:\Program Files\Lexmark 2300 Series\ezprint.exe"> [Lexmark International Inc.]
  35. <FaxCenterServer><; "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s> []
  36. <iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)"Apple Computer, Inc."]
  37. <LogitechQuickCamRibbon><; "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide> [(Verified)Logitech Inc]
  38. <LVCOMSX><; "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"> [(Verified)Logitech Inc]
  39. <lxcgmon.exe><; "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"> [Lexmark International, Inc.]
  40. <MULTIMEDIA KEYBOARD><; C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe> [N/A]
  41. <NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
  42. <QuickTime Task><; "C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.]
  43. <RemoteControl><; "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
  44. <TkBellExe><; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
  45. <WOOTASKBARICON><; C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe> [N/A]
  46. <WOOWATCH><; C:\PROGRA~1\Wanadoo\Watch.exe> [N/A]
  47. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  48. <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
  49. <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)"Sun Microsystems, Inc."]
  50. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  51. <AppInit_DLLs><> [N/A]
  52. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  53. <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
  54. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  55. <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
  56. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
  57. <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
  58. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
  59. <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Publisher]
  60. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
  61. <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
  62. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
  63. <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
  64. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
  65. <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
  66. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
  67. <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
  68. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
  69. <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
  70. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
  71. <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
  72. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
  73. <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
  74. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
  75. <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
  76.  
  77. ==================================
  78. Startup Folders
  79. [Adobe Gamma Loader]
  80. <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
  81. [Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter]
  82. <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk --> C:\PROGRA~1\SAGEMW~2.11G\WLANUTL.exe [ ]><N>
  83.  
  84. ==================================
  85. Services
  86. [Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  87. <"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"><>
  88. [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
  89. <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
  90. [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  91. <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
  92. [ATI Smart / ATI Smart][Stopped/Auto Start]
  93. <C:\WINDOWS\system32\ati2sgag.exe><>
  94. [avast! Antivirus / avast! Antivirus][Running/Auto Start]
  95. <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
  96. [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
  97. <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
  98. [avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
  99. <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
  100. [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  101. <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
  102. [Crypkey License / Crypkey License][Running/Auto Start]
  103. <crypserv.exe><Kenonic Controls Ltd.>
  104. [Diskeeper / Diskeeper][Running/Auto Start]
  105. <"C:\Program Files\Executive Software\DiskeeperLite\DKService.exe"><Executive Software International, Inc.>
  106. [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  107. <"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
  108. [Service de l'iPod / iPod Service][Stopped/Manual Start]
  109. <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
  110. [LVCOMSer / LVCOMSer][Running/Auto Start]
  111. <"C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe"><Logitech Inc.>
  112. [Process Monitor / LVPrcSrv][Running/Auto Start]
  113. <c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe><Logitech Inc.>
  114. [LVSrvLauncher / LVSrvLauncher][Stopped/Auto Start]
  115. <C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe><Logitech Inc.>
  116. [lxcg_device / lxcg_device][Stopped/Manual Start]
  117. <C:\WINDOWS\system32\lxcgcoms.exe -service><>
  118. [PnkBstrA / PnkBstrA][Running/Auto Start]
  119. <C:\WINDOWS\system32\PnkBstrA.exe><N/A>
  120. [PnkBstrB / PnkBstrB][Stopped/Manual Start]
  121. <C:\WINDOWS\system32\PnkBstrB.exe><N/A>
  122. [PC Tools Auxiliary Service / sdAuxService][Stopped/Manual Start]
  123. <C:\Program Files\Spyware Doctor\svcntaux.exe><PC Tools>
  124. [PC Tools Security Service / sdCoreService][Stopped/Manual Start]
  125. <C:\Program Files\Spyware Doctor\swdsvc.exe><PC Tools>
  126. [SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  127. <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
  128. [TrueVector Internet Monitor / vsmon][Running/Auto Start]
  129. <C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>
  130. [Service Windows Media Connect / WMConnectCDS][Stopped/Manual Start]
  131. <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
  132.  
  133. ==================================
  134. Drivers
  135. [aeaudio / aeaudio][Running/Manual Start]
  136. <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
  137. [ASUSHWIO / ASUSHWIO][Stopped/Manual Start]
  138. <\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys><N/A>
  139. [ati2mtag / ati2mtag][Running/Manual Start]
  140. <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
  141. [atjsgt / atjsgt][Running/Auto Start]
  142. <system32\DRIVERS\atjsgt.sys><N/A>
  143. [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  144. <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
  145. [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  146. <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
  147. [catchme / catchme][Stopped/Manual Start]
  148. <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys><N/A>
  149. [VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Running/Manual Start]
  150. <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
  151. [Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet / FETNDIS][Stopped/Manual Start]
  152. <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
  153. [GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
  154. <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
  155. [File Security Driver / IKFileSec][Stopped/Manual Start]
  156. <\SystemRoot\system32\drivers\ikfilesec.sys><PCTools Research Pty Ltd.>
  157. [System Filter Driver / IKSysFlt][Stopped/Manual Start]
  158. <system32\drivers\iksysflt.sys><PCTools Research Pty Ltd.>
  159. [System Security Driver / IKSysSec][Stopped/Manual Start]
  160. <system32\drivers\iksyssec.sys><PCTools Research Pty Ltd.>
  161. [linsgt / linsgt][Running/Auto Start]
  162. <system32\DRIVERS\linsgt.sys><N/A>
  163. [Logitech AEC Driver / LVcKap][Stopped/Manual Start]
  164. <system32\DRIVERS\LVcKap.sys><Logitech Inc.>
  165. [Logitech Machine Vision Engine Loader / LVMVDrv][Stopped/Manual Start]
  166. <system32\DRIVERS\LVMVDrv.sys><Logitech Inc.>
  167. [Logitech LVPr2Mon Driver / LVPr2Mon][Running/Manual Start]
  168. <system32\drivers\LVPr2Mon.sys><>
  169. [Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start]
  170. <system32\drivers\LVUSBSta.sys><Logitech Inc.>
  171. [Motorola USB CDC ACM Driver / motmodem][Stopped/Manual Start]
  172. <system32\DRIVERS\motmodem.sys><Motorola>
  173. [NetworkX / NetworkX][Running/System Start]
  174. <\SystemRoot\system32\ckldrv.sys><N/A>
  175. [PCANDIS5 Protocol Driver / PCANDIS5][Stopped/Manual Start]
  176. <\??\C:\WINDOWS\system32\PCANDIS5.SYS><N/A>
  177. [Logitech QuickCam Express(PID_0928) / PID_0928][Running/Manual Start]
  178. <system32\DRIVERS\LV561AV.SYS><Logitech Inc.>
  179. [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
  180. <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  181. [Secdrv / Secdrv][Stopped/Manual Start]
  182. <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
  183. [SAGEM 802.11g XG760 1211 Driver / SG760_XP][Running/Manual Start]
  184. <system32\DRIVERS\WlanUZXP.sys><ZyDAS Technology Corporation>
  185. [smwdm / smwdm][Running/Manual Start]
  186. <system32\drivers\smwdm.sys><Analog Devices, Inc.>
  187. [Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  188. <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
  189. [srescan / srescan][Running/Boot Start]
  190. <\SystemRoot\system32\ZoneLabs\srescan.sys><Zone Labs, LLC>
  191. [ViaIde / ViaIde][Running/Boot Start]
  192. <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
  193. [viamraid / viamraid][Running/Boot Start]
  194. <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
  195. [viasRaid / viasRaid][Running/Boot Start]
  196. <\SystemRoot\system32\DRIVERS\viasraid.sys><VIA Technologies inc,.ltd>
  197. [videX32 / videX32][Running/Boot Start]
  198. <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
  199. [vsdatant / vsdatant][Running/System Start]
  200. <System32\vsdatant.sys><Zone Labs, LLC>
  201. [Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
  202. <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
  203. [ZDCndis5 Protocol Driver / ZDCndis5][Stopped/Manual Start]
  204. <\??\C:\WINDOWS\system32\ZDCndis5.SYS><N/A>
  205. [ZDPNDIS5 NDIS Protocol Driver / ZDPNDIS5][Running/Manual Start]
  206. <\??\C:\WINDOWS\system32\ZDPNDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
  207.  
  208. ==================================
  209. Browser Add-ons
  210. [Aide pour le lien d'Adobe PDF Reader]
  211. {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
  212. []
  213. {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
  214. [SSVHelper Class]
  215. {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
  216. [Java Plug-in 1.6.0_03]
  217. {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
  218. [Trixie.CmdDispatch]
  219. {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} <C:\WINDOWS\system32\mscoree.DLL, Microsoft Corporation>
  220. []
  221. {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
  222. [Messenger]
  223. {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, N/A>
  224. [CKAVWebScan Object]
  225. {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
  226. [MSN Photo Upload Tool]
  227. {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
  228. [Java Plug-in 1.6.0_03]
  229. {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
  230. [MessengerStatsClient Class]
  231. {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
  232. [PhotoPickConvert Class]
  233. {9122D757-5A4F-4768-82C5-B4171D8556A7} <C:\WINDOWS\Downloaded Program Files\PhtPkMSN.dll, Microsoft Corporation>
  234. [Java Plug-in 1.6.0_02]
  235. {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
  236. [Java Plug-in 1.6.0_03]
  237. {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
  238. [Java Plug-in 1.6.0_03]
  239. {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
  240. [Shockwave Flash Object]
  241. {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  242. [QuickTime Object]
  243. {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
  244. [Aide pour le lien d'Adobe PDF Reader]
  245. {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
  246. [CKAVWebScan Object]
  247. {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
  248. [Windows Genuine Advantage Validation Tool]
  249. {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
  250. [InformationCardSigninHelper Class]
  251. {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
  252. [Trixie.CmdDispatch]
  253. {20CCCFEC-D26F-4FFE-996B-388B39C8CCCA} <C:\WINDOWS\system32\mscoree.DLL, Microsoft Corporation>
  254. [Windows Media Player]
  255. {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
  256. [Tabular Data Control]
  257. {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
  258. [QuickTime Object]
  259. {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
  260. [MSN Photo Upload Tool]
  261. {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
  262. []
  263. {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
  264. [Shell Name Space]
  265. {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
  266. [CKAVReportCtrl Object]
  267. {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
  268. [WUWebControl Class]
  269. {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
  270. [Windows Media Player]
  271. {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  272. [MUWebControl Class]
  273. {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
  274. [Active Desktop Mover]
  275. {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
  276. [Windows Media Services DRM Storage object]
  277. {760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\drmstor.dll, Microsoft Corporation>
  278. [SSVHelper Class]
  279. {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
  280. [Microsoft Web Browser]
  281. {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
  282. [Java Plug-in 1.6.0_03]
  283. {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
  284. [SearchAssistantOC]
  285. {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
  286. [VIDEO__X_MS_WMV Moniker Class]
  287. {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  288. [RealPlayer G2 Control]
  289. {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
  290. [Shockwave Flash Object]
  291. {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
  292. []
  293. {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
  294. []
  295. {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
  296.  
  297. ==================================
  298. Running Processes
  299. [PID: 756 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  300. [PID: 804 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  301. [PID: 832 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  302. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  303. [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4132]
  304. [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.5.0540.0]
  305. [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  306. [PID: 880 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  307. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  308. [PID: 892 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  309. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  310. [PID: 1048 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132]
  311. [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
  312. [PID: 1060 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  313. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  314. [PID: 1120 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  315. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  316. [PID: 1260 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  317. [C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  318. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
  319. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
  320. [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
  321. [PID: 1308 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  322. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  323. [PID: 1492 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  324. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  325. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
  326. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
  327. [PID: 1892 / Matthieu][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132]
  328. [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
  329. [PID: 1972 / Matthieu][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
  330. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
  331. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
  332. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  333. [C:\PROGRA~1\WINDOW~2\wmpband.dll] [Microsoft Corporation, 9.00.00.3250]
  334. [C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll] [Logitech Inc., 10.0.0.1438]
  335. [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
  336. [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  337. [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
  338. [C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
  339. [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
  340. [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
  341. [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
  342. [PID: 332 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0]
  343. [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
  344. [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
  345. [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
  346. [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
  347. [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
  348. [PID: 440 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0]
  349. [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
  350. [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
  351. [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
  352. [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
  353. [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
  354. [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
  355. [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
  356. [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
  357. [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
  358. [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
  359. [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0]
  360. [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
  361. [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
  362. [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
  363. [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
  364. [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
  365. [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0]
  366. [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0]
  367. [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0]
  368. [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0]
  369. [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0]
  370. [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0]
  371. [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
  372. [PID: 652 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
  373. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  374. [C:\WINDOWS\system32\lxcglmpm.DLL] [, 1.154.7.0]
  375. [C:\WINDOWS\system32\LXPRMON.DLL] [N/A, ]
  376. [C:\WINDOWS\system32\IMGMAN32.dll] [Data Techniques, Inc., 7.20 ]
  377. [C:\WINDOWS\system32\IM31IMG.DIL] [Data Techniques, Inc., 7.20 ]
  378. [C:\WINDOWS\system32\LXPMONRC.DLL] [, ]
  379. [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxcgPP5C.dll] [Lexmark International, Inc., 2.15.111.14]
  380. [PID: 700 / SYSTEM][c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe] [Logitech Inc., 10.0.0.1438]
  381. [PID: 808 / SYSTEM][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [GRISOFT s.r.o., 7, 5, 1, 22]
  382. [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
  383. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  384. [PID: 1164 / SYSTEM][C:\WINDOWS\system32\crypserv.exe] [Kenonic Controls Ltd., 5.4.0]
  385. [PID: 1240 / SYSTEM][C:\Program Files\Executive Software\DiskeeperLite\DKService.exe] [Executive Software International, Inc., 7.0.418.0]
  386. [C:\Program Files\Executive Software\DiskeeperLite\PSAPI.DLL] [Microsoft Corporation, 5.00.1849.1]
  387. [C:\Program Files\Executive Software\DiskeeperLite\DKLib.dll] [Executive Software International, Inc., 7.0.418.0]
  388. [C:\Program Files\Executive Software\DiskeeperLite\DkRes.dll] [Executive Software International, Inc., 7.0.418.0]
  389. [PID: 1404 / SYSTEM][C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe] [Logitech Inc., 1.0.1.2021]
  390. [C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSCli.dll] [Logitech Inc., 1.0.1.2021]
  391. [C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSPS.dll] [, ]
  392. [PID: 1696 / SYSTEM][C:\WINDOWS\system32\PnkBstrA.exe] [N/A, ]
  393. [PID: 1760 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
  394. [PID: 1788 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  395. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  396. [C:\Program Files\Lexmark 2300 Series\lxcgdrs.dll] [Lexmark International, Inc., 2.6.62.11]
  397. [C:\WINDOWS\system32\lxcgcfg.dll] [Lexmark International, 1, 0, 0, 1]
  398. [C:\Program Files\Lexmark 2300 Series\lxcgcnv4.dll] [N/A, ]
  399. [PID: 2228 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0]
  400. [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
  401. [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
  402. [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
  403. [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
  404. [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
  405. [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
  406. [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
  407. [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
  408. [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
  409. [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
  410. [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
  411. [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
  412. [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
  413. [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
  414. [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
  415. [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
  416. [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
  417. [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
  418. [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0]
  419. [PID: 2284 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  420. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  421. [PID: 2308 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0]
  422. [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
  423. [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
  424. [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
  425. [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
  426. [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
  427. [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
  428. [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
  429. [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
  430. [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
  431. [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
  432. [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0]
  433. [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
  434. [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0]
  435. [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
  436. [PID: 2348 / Matthieu][C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe] [Logitech Inc., 1.0.1.2021]
  437. [C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSCli.dll] [Logitech Inc., 1.0.1.2021]
  438. [C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVCSPS.dll] [, ]
  439. [PID: 2412 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  440. [C:\WINDOWS\System32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  441. [PID: 2784 / Matthieu][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0]
  442. [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
  443. [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
  444. [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
  445. [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
  446. [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
  447. [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
  448. [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
  449. [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
  450. [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
  451. [C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll] [Logitech Inc., 10.0.0.1438]
  452. [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
  453. [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
  454. [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
  455. [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
  456. [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0]
  457. [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0]
  458. [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
  459. [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
  460. [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0]
  461. [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0]
  462. [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0]
  463. [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
  464. [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0]
  465. [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0]
  466. [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0]
  467. [PID: 2800 / Matthieu][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
  468. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
  469. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
  470. [C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll] [Logitech Inc., 10.0.0.1438]
  471. [PID: 2840 / Matthieu][C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe] [, ]
  472. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  473. [C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll] [Logitech Inc., 10.0.0.1438]
  474. [PID: 2932 / Matthieu][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  475. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  476. [C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll] [Logitech Inc., 10.0.0.1438]
  477. [PID: 2944 / Matthieu][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00]
  478. [C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
  479. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
  480. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
  481. [C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
  482. [C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
  483. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  484. [C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll] [Logitech Inc., 10.0.0.1438]
  485. [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
  486. [C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
  487. [C:\Program Files\MSN Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
  488. [C:\WINDOWS\system32\msdmo.dll] [, ]
  489. [C:\Program Files\MSN Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)]
  490. [C:\Program Files\MSN Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80]
  491. [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
  492. [C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
  493. [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
  494. [PID: 3008 / Matthieu][C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe] [ , 2, 0, 7, 8]
  495. [C:\Program Files\SAGEM Wi-Fi USB 802.11g\dot1x_dll.dll] [, 2, 1, 1, 0]
  496. [C:\WINDOWS\system32\ZDPN50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.55]
  497. [C:\Program Files\SAGEM Wi-Fi USB 802.11g\SSLEAY32.dll] [N/A, ]
  498. [C:\Program Files\SAGEM Wi-Fi USB 802.11g\LIBEAY32.dll] [N/A, ]
  499. [C:\Program Files\SAGEM Wi-Fi USB 802.11g\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
  500. [C:\Program Files\SAGEM Wi-Fi USB 802.11g\ZDWLAN.dll] [, 1, 0, 49, 21]
  501. [C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll] [Logitech Inc., 10.0.0.1438]
  502. [PID: 3748 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
  503. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  504. [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
  505. [PID: 200 / SERVICE RÉSEAU][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  506. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  507. [PID: 3692 / Matthieu][C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
  508. [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
  509. [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
  510. [C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
  511. [C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll] [Logitech Inc., 10.0.0.1438]
  512. [C:\Documents and Settings\Administrateur\Bureau\MATTHIEU\Téléchargements\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
  513.  
  514. ==================================
  515. File Associations
  516. .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  517. .EXE OK. ["%1" %*]
  518. .COM OK. ["%1" %*]
  519. .PIF OK. ["%1" %*]
  520. .REG OK. [regedit.exe "%1"]
  521. .BAT OK. ["%1" %*]
  522. .SCR OK. ["%1" /s]
  523. .CHM OK. ["C:\WINDOWS\hh.exe" %1]
  524. .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
  525. .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  526. .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  527. .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  528. .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  529. .LNK OK. [{00021401-0000-0000-C000-000000000046}]
  530.  
  531. ==================================
  532. Winsock Provider
  533. N/A
  534.  
  535. ==================================
  536. Autorun.Inf
  537. N/A
  538.  
  539. ==================================
  540. HOSTS File
  541. 127.0.0.1 localhost
  542.  
  543. ==================================
  544. Process Privileges Scan
  545. Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3008, C:\PROGRAM FILES\SAGEM WI-FI USB 802.11G\WLANUTL.EXE]
  546. Special Privilege Enabled: SeDebugPrivilege [PID = 3692, C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\BUREAU\MATTHIEU\TÉLÉCHARGEMENTS\SRENGPS.EXE]
  547. Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3692, C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\BUREAU\MATTHIEU\TÉLÉCHARGEMENTS\SRENGPS.EXE]
  548.  
  549. ==================================
  550. API HOOK
  551. N/A
  552.  
  553. ==================================
  554. Hidden Process
  555. N/A
  556.  
  557. ==================================


Merci
17 Décembre 2007 18:43:32

bonjour,
je suis aller dans le system32 et j'ai vu que il y avait deux programme de desinstallation pour adssite je les est lancé ça a marché
je vous recontacte si ça revient
en esperant que les manips les plus simples sont les meilleurs
18 Décembre 2007 17:27:38

Bonjour,
voici le rapport du scan d'Antivir:

AntiVir PersonalEdition Classic
Report file date: mardi 18 décembre 2007 16:29

Scanning for 975324 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: B20ACF8469774D3

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 13:16:30
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 13:16:30
ANTIVIR3.VDF : 7.0.1.114 41984 Bytes 18/12/2007 13:16:30
AVEWIN32.DLL : 7.6.0.45 3084800 Bytes 18/12/2007 13:16:37
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 18 décembre 2007 16:29

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'DKService.exe' - '1' Module(s) have been scanned
Scan process 'Crypserv.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Stock>


End of the scan: mardi 18 décembre 2007 17:19
Used time: 49:27 min

The scan has been done completely.

7207 Scanning directories
248677 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
248677 Files not concerned
1705 Archives were scanned
2 Warnings
0 Notes

Merci.
A priori, Les pubs ont été supprimés puisque que ça fait 2 jours qu'elles n'apparaissent plus.
19 Décembre 2007 14:55:04

Bonjour,

Merci beaucoup pour avoir pris de ton temps afin de résoudre ce problème. ;) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS