virus msn - Sécurité, virus et assimilés::Trojan et spywares

Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...

Auteur

Message

1 2 3 4

alfounette

Posté le 04/04/2008 18:33:38

rebonjour

voila mon rapport combofix ...

merci encore pour toutes ces analyses.

ComboFix 08-03-23.5 - alexandra 2008-04-04 18:24:42.5 - NTFSx86
Endroit: C:\Documents and Settings\alexandra\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
-- Script messages for sUBs --
Findstr -MIF:/ sursen
CF6584.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
.

2008-04-02 19:43 . 2008-04-02 19:43 14,848 --a------ C:\WINDOWS\system32\twext32.dll
2008-03-25 18:50 . 2008-03-25 18:50 14,848 --a------ C:\WINDOWS\system32\dspspres.dll
2008-03-24 19:55 . 2008-03-24 19:55 171,020 --a------ C:\QooBox.zip
2008-03-24 16:51 . 2008-03-24 16:51 268 --ah----- C:\sqmdata11.sqm
2008-03-24 16:51 . 2008-03-24 16:51 244 --ah----- C:\sqmnoopt11.sqm
2008-03-23 23:46 . 2008-03-23 23:46 268 --ah----- C:\sqmdata10.sqm
2008-03-23 23:46 . 2008-03-23 23:46 244 --ah----- C:\sqmnoopt10.sqm
2008-03-22 22:48 . 2008-03-22 22:48 268 --ah----- C:\sqmdata09.sqm
2008-03-22 22:48 . 2008-03-22 22:48 244 --ah----- C:\sqmnoopt09.sqm
2008-03-22 22:26 . 2008-03-22 22:26 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-03-22 22:14 . 2008-03-22 22:14 268 --ah----- C:\sqmdata08.sqm
2008-03-22 22:14 . 2008-03-22 22:14 244 --ah----- C:\sqmnoopt08.sqm
2008-03-22 18:38 . 2008-03-31 19:13 250 --a------ C:\WINDOWS\gmer.ini
2008-03-22 13:33 . 2008-03-22 13:33 268 --ah----- C:\sqmdata07.sqm
2008-03-22 13:33 . 2008-03-22 13:33 244 --ah----- C:\sqmnoopt07.sqm
2008-03-21 23:52 . 2008-03-21 23:52 268 --ah----- C:\sqmdata06.sqm
2008-03-21 23:52 . 2008-03-21 23:52 244 --ah----- C:\sqmnoopt06.sqm
2008-03-20 23:03 . 2008-03-20 23:03 268 --ah----- C:\sqmdata05.sqm
2008-03-20 23:03 . 2008-03-20 23:03 244 --ah----- C:\sqmnoopt05.sqm
2008-03-20 22:23 . 2008-03-20 22:23 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-20 22:22 . 2005-10-21 03:47 30,592 --a------ C:\WINDOWS\system32\drivers\rndismpx.sys
2008-03-20 22:22 . 2005-10-21 03:47 30,592 --a--c--- C:\WINDOWS\system32\dllcache\rndismpx.sys
2008-03-20 22:22 . 2005-10-21 03:47 12,800 --a------ C:\WINDOWS\system32\drivers\usb8023x.sys
2008-03-20 22:22 . 2005-10-21 03:47 12,800 --a--c--- C:\WINDOWS\system32\dllcache\usb8023x.sys
2008-03-20 22:21 . 2008-03-20 22:21 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-03-20 22:21 . 2008-03-22 21:46 <REP> d-------- C:\Program Files\Microsoft ActiveSync
2008-03-19 21:38 . 2008-03-19 21:38 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-03-19 21:21 . 2008-03-19 21:21 <REP> d-------- C:\Program Files\Avira
2008-03-19 21:21 . 2008-03-19 21:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-18 20:03 . 2008-03-18 20:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-16 20:44 . 2008-03-17 19:01 <REP> d-------- C:\Program Files\Navilog1
2008-03-15 16:59 . 2008-03-15 16:59 <REP> d-------- C:\_OTMoveIt
2008-03-15 16:01 . 2008-03-15 18:11 <REP> d-------- C:\Program Files\Notepad++
2008-03-15 16:01 . 2008-03-15 16:06 <REP> d-------- C:\Documents and Settings\alexandra\Application Data\Notepad++
2008-03-15 15:23 . 2008-03-15 15:23 244 --ah----- C:\sqmnoopt04.sqm
2008-03-15 15:23 . 2008-03-15 15:23 232 --ah----- C:\sqmdata04.sqm
2008-03-15 13:21 . 2008-03-15 13:21 <REP> d-------- C:\Documents and Settings\alexandra\PATCH GENUINE
2008-03-14 22:32 . 2008-03-14 22:32 <REP> d-------- C:\Program Files\Trend Micro
2008-03-12 19:45 . 2008-03-12 19:45 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-12 19:45 . 2008-02-27 14:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-12 19:44 . 2008-03-12 19:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-12 19:44 . 2008-03-12 19:44 <REP> d-------- C:\Documents and Settings\alexandra\Application Data\TuneUp Software
2008-03-12 19:43 . 2008-03-12 19:44 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-12 19:42 . 2008-04-02 19:38 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-09 18:58 . 2008-03-09 18:58 <REP> d-------- C:\Documents and Settings\alexandra\Application Data\Serif
2008-03-09 18:36 . 2008-03-09 18:36 <REP> d-------- C:\Program Files\Micro application
2008-03-09 18:27 . 2008-03-09 18:27 <REP> d-------- C:\Program Files\CCleaner
2008-03-06 21:31 . 2006-11-29 14:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-06 21:27 . 2008-03-06 21:27 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-04 21:25 . 2008-03-04 21:25 244 --ah----- C:\sqmnoopt03.sqm
2008-03-04 21:25 . 2008-03-04 21:25 232 --ah----- C:\sqmdata03.sqm
2008-03-04 21:06 . 2008-03-04 21:06 244 --ah----- C:\sqmnoopt02.sqm
2008-03-04 21:06 . 2008-03-04 21:06 232 --ah----- C:\sqmdata02.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 15:55 --------- d-----w C:\Documents and Settings\alexandra\Application Data\WholeSecurity
2008-03-30 17:00 --------- d-----w C:\Documents and Settings\alexandra\Application Data\uTorrent
2008-03-24 14:41 --------- d-----w C:\Program Files\X-masTree
2008-03-19 18:17 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-12 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-09 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-08 17:36 --------- d-----w C:\Program Files\Windows Live
2008-02-21 17:42 --------- d-----w C:\Documents and Settings\alexandra\Application Data\Image Zone Express
2008-02-15 17:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 13:09 --------- d-----w C:\Documents and Settings\alexandra\Application Data\HP
2008-02-10 18:25 --------- d-----w C:\Documents and Settings\alexandra\Application Data\eBay
2008-02-10 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\eBay
2008-02-10 18:22 --------- d-----w C:\Program Files\eBay
2008-02-10 18:20 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2005-06-24 17:36 39,036 ----a-w C:\WINDOWS\inf\lgusbmodem.sys
2005-05-26 10:04 22,328 ----a-w C:\WINDOWS\inf\lgbus9x.sys
2005-05-26 10:01 38,144 ----a-w C:\WINDOWS\inf\lgusbdiag.sys
2005-05-26 10:01 21,344 ----a-w C:\WINDOWS\inf\lgusbbus.sys
2004-10-20 13:23 21,696 ----a-w C:\WINDOWS\inf\fbxusb.sys
2004-10-20 13:23 21,344 ----a-w C:\WINDOWS\inf\fbxusb32.sys
2004-07-13 20:12 14,924 ----a-w C:\WINDOWS\inf\OMVA.sys
2004-07-09 03:27 48,512 ----a-w C:\WINDOWS\inf\stream.sys
2004-07-09 03:26 83,968 ----a-w C:\WINDOWS\inf\nabtsfec.sys
2004-07-09 03:26 18,688 ----a-w C:\WINDOWS\inf\wstcodec.sys
2004-07-09 03:26 16,384 ----a-w C:\WINDOWS\inf\ccdecode.sys
2004-07-09 03:26 14,976 ----a-w C:\WINDOWS\inf\streamip.sys
2004-07-09 03:26 10,880 ----a-w C:\WINDOWS\inf\slip.sys
2004-07-09 03:26 10,112 ----a-w C:\WINDOWS\inf\ndisip.sys
2003-03-29 14:45 89,184 ----a-w C:\WINDOWS\inf\imagedrv.sys
2003-03-27 12:38 127,145 ----a-w C:\WINDOWS\inf\adiusbaw.sys
2003-03-25 16:02 46,455 ----a-w C:\WINDOWS\inf\adildr.sys
2002-10-01 12:43 119,798 ----a-w C:\WINDOWS\inf\spca561.sys
2002-09-25 12:20 200,704 ----a-w C:\WINDOWS\inf\AdADIx32.dll
2002-09-16 10:25 941,516 ----a-r C:\WINDOWS\inf\ALCXWDM.SYS
2002-09-11 02:57 46,592 ----a-r C:\WINDOWS\inf\SOUNDMAN.EXE
2002-07-24 02:30 32,128 ----a-w C:\WINDOWS\inf\VIAAGP1.SYS
2002-04-01 06:42 19,072 ----a-r C:\WINDOWS\inf\usbehci.sys
2001-12-26 01:13 487,424 ----a-r C:\WINDOWS\inf\D125UFW.dll
2001-12-01 00:57 921,650 ----a-r C:\WINDOWS\inf\SCANINTF.dll
2001-12-01 00:57 49,200 ----a-r C:\WINDOWS\inf\SYSERROR.exe
2001-12-01 00:57 28,720 ----a-r C:\WINDOWS\inf\SG63CPL.DLL
2001-12-01 00:57 253,992 ----a-r C:\WINDOWS\inf\TPM.dll
2001-12-01 00:57 2,514,988 ----a-r C:\WINDOWS\inf\IOP.dll
2001-12-01 00:57 184,364 ----a-r C:\WINDOWS\inf\DEVUI.dll
2001-12-01 00:57 180,272 ----a-r C:\WINDOWS\inf\IMGENH.dll
2001-12-01 00:57 1,044,520 ----a-r C:\WINDOWS\inf\CSUI.dll
2001-12-01 00:55 102,400 ----a-r C:\WINDOWS\inf\D125UUD.DLL
2001-09-28 00:31 729,088 ----a-r C:\WINDOWS\inf\D125UAG.DLL
2001-09-11 01:44 98,304 ----a-r C:\WINDOWS\inf\RMSLANTC.DLL
2001-09-11 01:44 479,232 ----a-r C:\WINDOWS\inf\NBSCOR4M.DLL
2001-09-11 01:44 36,864 ----a-r C:\WINDOWS\inf\NBS4MB.DLL
2001-09-11 01:44 24,576 ----a-r C:\WINDOWS\inf\JDA_MEM.DLL
2001-09-11 01:44 24,576 ----a-r C:\WINDOWS\inf\JDA_CIMG.DLL
2001-08-28 14:00 94,864 ----a-w C:\WINDOWS\inf\twain.dll
2001-08-28 14:00 49,680 ----a-w C:\WINDOWS\inf\twunk_16.exe
2001-08-28 14:00 49,152 ----a-w C:\WINDOWS\inf\cnbjmon.dll
2001-08-28 14:00 46,592 ----a-w C:\WINDOWS\inf\twain_32.dll
2001-08-28 14:00 322,560 ----a-w C:\WINDOWS\inf\msvcrt.dll
2001-08-28 14:00 25,600 ----a-w C:\WINDOWS\inf\twunk_32.exe
2001-08-23 04:00 4,608 ----a-w C:\WINDOWS\inf\mspqm.sys
2001-08-17 20:53 13,824 ----a-w C:\WINDOWS\inf\usbscan.sys
2001-05-24 13:24 22,395 ----a-w C:\WINDOWS\inf\fpga.bin
2001-04-11 11:10 327,740 ----a-r C:\WINDOWS\inf\UCS32P.DLL
2001-02-09 09:43 4,981 ----a-w C:\WINDOWS\inf\AdADIx2K.dll
2001-02-08 10:05 46,892 ----a-w C:\WINDOWS\inf\adadix16.dll
1998-06-17 10:14 45,056 ----a-r C:\WINDOWS\inf\CANOIT32.exe
1998-06-17 10:14 119,808 ----a-r C:\WINDOWS\inf\ITLIB32.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-24_11.49.29,93 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-03-22 20:24:15 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-30 14:08:41 59,576 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-22 20:24:15 72,366 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-03-30 14:08:41 72,366 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-03-22 20:24:15 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-30 14:08:41 395,336 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-03-22 20:24:15 461,404 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-03-30 14:08:41 461,404 ----a-w C:\WINDOWS\system32\perfh00C.dat
- 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3839C36-E76C-44E0-B6F1-18AA9668A91E}]
2008-04-02 19:43 14848 --a------ C:\WINDOWS\system32\twext32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:07 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 21:25 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-07-13 23:14 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 01:07]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-06-11 12:40]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2004-07-13 22:13]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:55]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2004-07-13 22:13]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2004-07-13 22:13]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-12 19:45]
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2004-07-13 22:12]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-04 16:00:01 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 18:29:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-04 18:31:38
ComboFix-quarantined-files.txt 2008-04-04 16:31:32
ComboFix2.txt 2008-03-24 19:31:50
ComboFix3.txt 2008-03-24 18:50:59
ComboFix4.txt 2008-03-24 11:47:38
ComboFix5.txt 2008-03-24 10:49:57
.
2008-03-14 17:38:01 --- E O F ---

XmichouX

Posté le 05/04/2008 11:33:57

Re,

Je n'arrive pas à localiser la source ... :s

alfounette

Posté le 05/04/2008 12:10:38

bonjour

olala c'est foutu pour moi ?

XmichouX

Posté le 05/04/2008 15:07:17

En attente de solution ^^

alfounette

Posté le 05/04/2008 17:23:15

ok merci tu em feras signe ?

XmichouX

Posté le 05/04/2008 23:50:21

Re,

On va regarder plus en profondeur

Merci de bien lire et suivre attentivement ce qui est écrit car tu dois appuyer sur une touche lors du scan.. si tu ne le fais pas le rapport ne sera pas entier et tu devras recommencer donc :

Télécharge DiagHelp.zip (de Malekal) sur ton bureau (Tuto)

Dézippe le ,ouvre le nouveau dossier DiagHelp, et double-clic sur go.cmd (le .cmd peut ne pas apparaître! )

Choisis l’option 1 dans la fenêtre qui s’ouvrira.
Ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand cela t’est demandé..

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

A la fin de l'analyse, ton ordi devra peut-être être redémarré... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note..

Ce dernier se trouve également >> C:\resultat.txt <<
Poste le rapport ici.

Si tu obtiens un fichier C:\upload_moi.zip, merci de l’envoyer sur http://upload.malekal.com/.
Tuto

********

Télécharge SREng (par Smallfrogs) de ce lien:
http://www.kztechs.com/eng/download.html

Extrais tout son contenu sur ton Bureau
Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double clique sur SREng.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]

Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.

********

Sélectionne l’intégralité du cadre ci-dessous :

@echo off
CD %userprofile%
dir /s /a PATCH GENUINE > "%userprofile%\bureau\info.log"
cd bureau
info.log
del info.log, info.bat
exit

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de info.bat
Double-clique dessus. Poste le rapport généré.

-->Message édité par XmichouX le 06/04/2008 10:53:44<--

alfounette

Posté le 06/04/2008 11:39:30

Bonjour

ok je reviens avec tous les rapports, merci

alfounette

Posté le 06/04/2008 11:54:01

rebonjour

fichier envoyé a malekal.
rapport sreng suit

encore merci....

alfounette

Posté le 06/04/2008 11:56:38

re..

voila le rapport sreng

[CODE]

2008-04-06,11:55:21

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<msnmsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<avgnt><"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min> [Avira GmbH]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify]
<WinlogonNotify: ckpNotify><ckpNotify.dll> [Check Point Software Technologies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

==================================
Startup Folders
N/A

==================================
Services
[AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler][Running/Auto Start]
<"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"><Avira GmbH>
[AntiVir PersonalEdition Classic Guard / AntiVirService][Running/Auto Start]
<"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"><Avira GmbH>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Nero BackItUp Scheduler 3 / Nero BackItUp Scheduler 3][Running/Auto Start]
<C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe><Nero AG>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"><Nero AG>
[Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Disabled]
<"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[Check Point SecuRemote Service / SR_Service][Running/Auto Start]
<"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"><Check Point Software Technologies>
[Check Point SecuRemote WatchDog / SR_WatchDog][Running/Auto Start]
<"C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe"><Check Point Software Technologies>
[Symantec Core LC / Symantec Core LC][Running/Auto Start]
<C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe><Symantec Corporation>
[TuneUp Drive Defrag Service / TuneUp.Defrag][Stopped/Manual Start]
<C:\WINDOWS\System32\TuneUpDefragService.exe><TuneUp Software GmbH>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
<"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

==================================
Drivers
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[avgio / avgio][Running/System Start]
<\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys><Avira GmbH>
[avgntflt / avgntflt][Running/Manual Start]
<\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys><Avira GmbH>
[avipbb / avipbb][Running/System Start]
<system32\DRIVERS\avipbb.sys><AVIRA GmbH>
[InCD Storage Helper Driver / BsStor][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\bsstor.sys><B.H.A Co.,Ltd.>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\catchme.sys><N/A>
[Pilote de carte Intel (R) PRO / E100B][Running/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[SecuRemote Miniport / FW1][Running/Manual Start]
<system32\DRIVERS\fw.sys><Check Point Software Technologies>
[gmer / gmer][Stopped/Manual Start]
<System32\DRIVERS\gmer.sys><GMER>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Running/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Running/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Running/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
<system32\DRIVERS\HSFBS2S2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
<system32\DRIVERS\HSFDPSP2.sys><Conexant Systems, Inc.>
[Imagedrv / Imagedrv][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\imagedrv.sys><Ahead Software AG>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[VPN-1 SecureClient Adapter / OMVA][Stopped/Manual Start]
<system32\DRIVERS\OMVA.sys><Check Point Software Technologies>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[SecureClient Application Policy Module / Scap][Running/Auto Start]
<System32\DRIVERS\Scap.sys><Check Point Software Technologies>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[ssmdrv / ssmdrv][Running/System Start]
<system32\DRIVERS\ssmdrv.sys><Avira GmbH>
[symlcbrd / symlcbrd][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\symlcbrd.sys><Symantec Corporation>
[USBIO Driver (usbio.sys) / USBIO][Stopped/Manual Start]
<System32\Drivers\usbio.sys><Thesycon GmbH, Germany>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VPN-1 Module / VPN-1][Running/Auto Start]
<\SystemRoot\System32\drivers\vpn.sys><Check Point Software Technologies>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSFCXTS2.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[eBay Toolbar Helper]
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} <C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll, eBay Inc.>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Programme d'aide de l'Assistant de connexion Windows Live]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, Microsoft Corporation>
[]
{D3839C36-E76C-44E0-B6F1-18AA9668A91E} <C:\WINDOWS\system32\twext32.dll, N/A>
[Java Plug-in 1.6.0_03]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[BlogThisToolbarButton Class]
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} <C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll, Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MI3AA1~1\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MI3AA1~1\INetRepl.dll, Microsoft Corporation>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, Microsoft Corporation>
[eBay Toolbar]
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} <C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll, eBay Inc.>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[Outlook Today's Data-binding control]
{0468C085-CA5B-11D0-AF08-00609797F0E0} <C:\PROGRA~1\MICROS~2\Office12\OUTLCTL.DLL, >
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[eBay Toolbar Helper]
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} <C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll, eBay Inc.>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Programme d'aide de l'Assistant de connexion Windows Live]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[eBay Toolbar]
{92085AD4-F48A-450D-BD93-B28CC7DF67CE} <C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll, eBay Inc.>
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, Microsoft Corporation>
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, Microsoft Corporation>
[Contrôle de l'Assistant de connexion Windows Live]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx, Macromedia, Inc.>
[]
{D3839C36-E76C-44E0-B6F1-18AA9668A91E} <C:\WINDOWS\system32\twext32.dll, N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[Recherche sur eBay]
<res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html, N/A>

==================================
Running Processes
[PID: 528 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.7]
[C:\WINDOWS\system32\ckpNotify.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 644 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1056 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\uxtuneup.dll] [TuneUp Software GmbH, 2.0.0.10]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1108 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1160 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1604 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 6.01.00.009]
[C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.005]
[C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 6.01.00.009]
[C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 6.01.00.009]
[C:\WINDOWS\system32\hpzll054.dll] [Hewlett-Packard Company, 60.054.45.00]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp054.dll] [Hewlett-Packard Corporation, 60.054.45.00]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL] [Microsoft Corporation, 5.2.3790.120 (srv03_qfe.031205-1652)]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL] [Microsoft Corporation, 5.2.3790.184 (srv03_qfe.040410-1236)]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzle054.dll] [HP, 60.054.45.00]
[PID: 1612 / alexandra][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll] [Nero AG, 3, 1, 0, 8]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\WINDOWS\system32\twext32.dll] [N/A, ]
[C:\Program Files\Microsoft Office\Office12\msohevi.dll] [Microsoft Corporation, 12.0.4518.1014]
[C:\Program Files\Adobe\Reader 8.0\Reader\viewerps.dll] [, 1, 0, 0, 1]
[PID: 1696 / SYSTEM][C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe] [Avira GmbH, 7.00.00.82]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.dll] [Avira GmbH, 7.00.00.01]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll] [Avira GmbH, 7.00.00.20]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardmsg.dll] [Avira GmbH, 7.00.11.00]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll] [, 3, 3, 17, 1]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPREF.DLL] [Avira GmbH, 7.00.02.02]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\SMTPLIB.DLL] [Avira GmbH, 1.02.00.17]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVPACK32.DLL] [Avira GmbH, 7.06.00.03]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\unacev2.dll] [N/A, ]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\AVEWIN32.DLL] [Avira GmbH, 7.6.0.81]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll] [Avira GmbH, 1.00.00.04]
[PID: 1908 / alexandra][C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe] [Avira GmbH, 7.02.00.16]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\cclib.dll] [Avira GmbH, 7.02.00.03]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[c:\program files\avira\antivir personaledition classic\ccgen.dll] [Avira GmbH, 7.02.00.10]
[c:\program files\avira\antivir personaledition classic\ccgenrc.dll] [Avira GmbH, 7.02.04.02]
[c:\program files\avira\antivir personaledition classic\ccguard.dll] [Avira GmbH, 7.00.01.35]
[c:\program files\avira\antivir personaledition classic\ccgrdrc.dll] [Avira GmbH, 7.00.06.00]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll] [Avira GmbH, 1.00.00.04]
[c:\program files\avira\antivir personaledition classic\ccupdate.dll] [Avira GmbH, 7.02.00.04]
[c:\program files\avira\antivir personaledition classic\ccupdrc.dll] [Avira GmbH, 7.02.01.00]
[c:\program files\avira\antivir personaledition classic\cclic.dll] [Avira GmbH, 7.02.00.04]
[c:\program files\avira\antivir personaledition classic\cclicrc.dll] [Avira GmbH, 7.02.01.00]
[c:\program files\avira\antivir personaledition classic\ccmsg.dll] [Avira GmbH, 7.00.00.00]
[PID: 1924 / alexandra][C:\Program Files\Microsoft ActiveSync\Wcescomm.exe] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\RAPI.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Microsoft ActiveSync\TCP2UDP.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Microsoft ActiveSync\dtptdns.dll] [Microsoft Corporation, 4.5.5096.0]
[PID: 1972 / alexandra][C:\PROGRA~1\MI3AA1~1\rapimgr.exe] [Microsoft Corporation, 4.5.5096.0]
[C:\WINDOWS\system32\CEUTIL.dll] [Microsoft Corporation, 4.5.5096.0]
[C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll] [Microsoft Corporation, 4.5.5096.0]
[PID: 452 / SYSTEM][C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe] [Avira GmbH, 7.00.00.62]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\schedr.dll] [Avira GmbH, 7.00.24.00]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avevtlog.dll] [Avira GmbH, 7.00.00.20]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll] [, 3, 3, 17, 1]
[C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll] [Avira GmbH, 1.00.00.04]
[PID: 412 / SYSTEM][C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe] [Nero AG, 3, 1, 0, 0]
[C:\Program Files\Nero\Nero8\Nero BackItUp\NB.dll] [Nero AG, 3, 1, 0, 0]
[C:\Program Files\Nero\Nero8\Nero BackItUp\NeroAPIGlueLayerUnicode.dll] [Nero AG, 8.1.1.0]
[C:\Program Files\Nero\Nero8\Nero BackItUp\LBFC.dll] [Nero AG, 3, 1, 0, 0]
[C:\Program Files\Nero\Nero8\Nero BackItUp\NBHDMgr.dll] [Nero AG, 3, 1, 0, 0]
[PID: 320 / SYSTEM][C:\WINDOWS\system32\HPZipm12.exe] [HP, 10, 1, 1, 5]
[PID: 572 / SERVICE RÉSEAU][C:\WINDOWS\system32\locator.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092 / SYSTEM][C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe] [Check Point Software Technologies, 1, 0, 0, 1]
[C:\Program Files\CheckPoint\SecuRemote\bin\OS.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPDtRegSvr.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpprod50.dll] [Check Point Software Technologies, 54,1,000,020]
[C:\Program Files\CheckPoint\SecuRemote\bin\DataStruct.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\addreg.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\dtrtm.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpfwsys.dll] [Check Point Software Technologies, 54,8,000,004]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpsys.dll] [Check Point Software Technologies, 54,8,000,004]
[C:\Program Files\CheckPoint\SecuRemote\bin\cvars.dll] [Check Point Software Technologies, 54,1,000,008]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpopenssl.dll] [Check Point Software Technologies, 54,8,000,001]
[C:\Program Files\CheckPoint\SecuRemote\bin\ComUtils.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\Resolve.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\mastersapi.dll] [Check Point Software Technologies, 54,1,000,087]
[C:\Program Files\CheckPoint\SecuRemote\bin\fwsmtpobj.dll] [Check Point Software Technologies, 54,1,000,087]
[C:\Program Files\CheckPoint\SecuRemote\bin\objlib.dll] [Check Point Software Technologies, 54,1,000,087]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPSrvIS.dll] [Check Point Software Technologies, 54,1,000,005]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpbcrypt.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpcert.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\Encode.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpprng.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpcryptutil.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\ndb.dll] [Check Point Software Technologies, 54,1,000,002]
[C:\Program Files\CheckPoint\SecuRemote\bin\AppUtils.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\EventUtils.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\fwadb.dll] [Check Point Software Technologies, 54,1,000,087]
[C:\Program Files\CheckPoint\SecuRemote\bin\skey.dll] [Check Point Software Technologies, 54,1,000,087]
[C:\Program Files\CheckPoint\SecuRemote\bin\fwsetdb.dll] [Check Point Software Technologies, 54,1,000,002]
[C:\Program Files\CheckPoint\SecuRemote\bin\userc.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\FwBinding.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\sic.dll] [Check Point Software Technologies, 54,1,000,002]
[C:\Program Files\CheckPoint\SecuRemote\bin\cp_policy.dll] [Check Point Software Technologies, 54,1,000,004]
[C:\Program Files\CheckPoint\SecuRemote\bin\sicauth.dll] [Check Point Software Technologies, 54,1,000,002]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpca.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\ckpssl.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\CP_version_info.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\ckp_scv.dll] [Check Point Software Technologies, 54,8,000,311]
[c:\program files\checkpoint\securemote\scv\scvmonitor.dll] [Check Point Software Technologies, 54,8,000,005]
[c:\program files\checkpoint\securemote\scv\scriptrun.dll] [Check Point Software Technologies, 54,8,000,005]
[c:\program files\checkpoint\securemote\scv\regmonitor.dll] [Check Point Software Technologies, 54,8,000,005]
[c:\program files\checkpoint\securemote\scv\processmonitor.dll] [Check Point Software Technologies, 54,8,000,005]
[c:\program files\checkpoint\securemote\scv\osmonitor.dll] [Check Point Software Technologies, 54,8,000,005]
[c:\program files\checkpoint\securemote\scv\hwmonitor.dll] [Check Point Software Technologies, 54,8,000,005]
[c:\program files\checkpoint\securemote\scv\hotfixmonitor.dll] [Check Point Software Technologies, 54,8,000,005]
[c:\program files\checkpoint\securemote\scv\groupmonitor.dll] [Check Point Software Technologies, 54,8,000,005]
[c:\program files\checkpoint\securemote\scv\browsermonitor.dll] [Check Point Software Technologies, 54,8,000,005]
[c:\program files\checkpoint\securemote\scv\antivirusmonitor.dll] [Check Point Software Technologies, 54,8,000,005]
[C:\Program Files\CheckPoint\SecuRemote\bin\vpn.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\srcert.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\FileHash_DYN.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\clientProviders.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\entProv.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\p12Prov.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\p11Prov.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\capiProv.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpii.dll] [Check Point Software Technologies, 54,8,000,004]
[C:\Program Files\CheckPoint\SecuRemote\bin\keydb_usersr.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpsic.dll] [Check Point Software Technologies, 54,1,000,002]
[C:\Program Files\CheckPoint\SecuRemote\bin\messaging.dll] [Check Point Software Technologies, 54,1,000,002]
[C:\Program Files\CheckPoint\SecuRemote\bin\sicobj.dll] [Check Point Software Technologies, 54,1,000,087]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpauth.dll] [Check Point Software Technologies, 54,8,000,004]
[C:\Program Files\CheckPoint\SecuRemote\bin\Resolver.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\bind82.dll] [N/A, ]
[C:\Program Files\CheckPoint\SecuRemote\bin\exm_objlib.dll] [Check Point Software Technologies, 54,1,000,002]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpP11Modules.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\srcln_usersr.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\vpninfo_usersr.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpstatlib.dll] [Check Point Software Technologies, 54,8,000,002]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpstatreg.dll] [Check Point Software Technologies, 54,8,000,002]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpdag.dll] [Check Point Software Technologies, 54,8,000,004]
[C:\Program Files\CheckPoint\SecuRemote\bin\IkeStatus.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\ReportDT.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\tunnel_test_usersr.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\ieproxy_usersr.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\RunAs.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\ikessl_usersr.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\CAEnroll_usersr.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPLogLUUID.dll] [Check Point Software Technologies, 54,1,000,006]
[C:\Program Files\CheckPoint\SecuRemote\bin\proxystub.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\dispatcher.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\swinst.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\sitemgr.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\simpipc.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\scvmgr.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\polmgr.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\dtftpclient.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\verify.dll] [Check Point Software Technologies, 54,1,000,087]
[C:\Program Files\CheckPoint\SecuRemote\bin\polclnt.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\dtmessage.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\logmgr.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\connmgr.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPLogRepository.dll] [Check Point Software Technologies, 54,1,000,006]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPLogKlogUnify.dll] [Check Point Software Technologies, 54,1,000,006]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPLogLuuidDatabase.dll] [Check Point Software Technologies, 54,1,000,006]
[C:\Program Files\CheckPoint\SecuRemote\bin\cp_bdb.dll] [Check Point Software Technologies, 54,1,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\dt_ie_proxy.dll] [Check Point Software Technologies, 54,8,000,302]
[PID: 1364 / SYSTEM][C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\OS.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\CP_version_info.dll] [Check Point Software Technologies, 54,8,000,003]
[PID: 1396 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\hpowiax2.dll] [Hewlett-Packard, 7.0.0.177]
[PID: 1432 / SYSTEM][C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe] [Symantec Corporation, 1, 8, 54, 419]
[C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcnet.dll] [Symantec Corporation, 1, 8, 54, 419]
[C:\WINDOWS\system32\MSVCR71.DLL] [Microsoft Corporation, 7.10.3052.4]
[PID: 1416 / SERVICE LOCAL][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 2360 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2540 / alexandra][C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe] [Check Point Software Technologies, 1, 0, 0, 1]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpprod50.dll] [Check Point Software Technologies, 54,1,000,020]
[C:\Program Files\CheckPoint\SecuRemote\bin\DataStruct.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\OS.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpbcrypt.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpprng.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpopenssl.dll] [Check Point Software Technologies, 54,8,000,001]
[C:\Program Files\CheckPoint\SecuRemote\bin\CP_version_info.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\Resolve.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\objlib.dll] [Check Point Software Technologies, 54,1,000,087]
[C:\Program Files\CheckPoint\SecuRemote\bin\CPSrvIS.dll] [Check Point Software Technologies, 54,1,000,005]
[C:\Program Files\CheckPoint\SecuRemote\bin\ComUtils.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpcert.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\Encode.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpcryptutil.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\ndb.dll] [Check Point Software Technologies, 54,1,000,002]
[C:\Program Files\CheckPoint\SecuRemote\bin\AppUtils.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\EventUtils.dll] [Check Point Software Technologies, 54,8,000,003]
[C:\Program Files\CheckPoint\SecuRemote\bin\FileHash_DYN.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\gui.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\proxystub.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\dispatcher.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\ReportDT.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\IkeStatus.dll] [Check Point Software Technologies, 54,8,000,302]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpii.dll] [Check Point Software Technologies, 54,8,000,004]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpfwsys.dll] [Check Point Software Technologies, 54,8,000,004]
[C:\Program Files\CheckPoint\SecuRemote\bin\cpsys.dll] [Check Point Software Technologies, 54,8,000,004]
[C:\Program Files\CheckPoint\SecuRemote\bin\cvars.dll] [Check Point Software Technologies, 54,1,000,008]
[C:\Program Files\CheckPoint\SecuRemote\bin\mastersapi.dll] [Check Point Software Technologies, 54,1,000,087]
[C:\Program Files\CheckPoint\SecuRemote\bin\fwsmtpobj.dll] [Check Point Software Technologies, 54,1,000,087]
[C:\Program Files\CheckPoint\SecuRemote\bin\fwadb.dll] [Check Point Software Technologies, 54,1,000,087]
[C:\Program Files\CheckPoint\SecuRemote\bin\skey.dll] [Check Point Software Technologies, 54,1,000,087]
[C:\Program Files\CheckPoint\SecuRemote\bin\fwsetdb.dll] [Check Point Software Technologies, 54,1,000,002]
[C:\Program Files\CheckPoint\SecuRemote\bin\simpipc.dll] [Check Point Software Technologies, 54,8,000,311]
[C:\Program Files\CheckPoint\SecuRemote\bin\logredir.dll] [Check Point Software Technologies, 54,8,000,311]
[PID: 3372 / alexandra][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\system32\mucltui.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 3736 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe] [Microsoft Corporation, 8.5.1302.1018]
[C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018]
[PID: 4484 / alexandra][C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe] [eBay Inc., 2.5000.10.5]
[PID: 5004 / alexandra][C:\Documents and Settings\alexandra\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Documents and Settings\alexandra\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1696, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1908, C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGNT.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1092, C:\PROGRAM FILES\CHECKPOINT\SECUREMOTE\BIN\SR_SERVICE.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2540, C:\PROGRAM FILES\CHECKPOINT\SECUREMOTE\BIN\SR_GUI.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

[/CODE]

alfounette

Posté le 06/04/2008 11:59:34

et voila le infobat..

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 68BB-EF80

XmichouX

Posté le 06/04/2008 15:05:30

Re,

Bizarre pour le .bat ...

Tu as PATCH GENUINE dans C:\Documents and Settings\Alexandra ?
Tu utilises plusieurs sessions ? (Celle d'alexandra ?)

Si tu as ce dossier, peux-tu me dire ce qui se trouve dedans s'il te plaît.

Et tu n'as pas posté le rapport DiagHelp

alfounette

Posté le 06/04/2008 15:19:19

re...
j'ai deux sessions, une administrateur et une alexandra
je ne me sers jamais de celle administrateur.
pour le patch j'ai ete obligée, j'ai achete mon pc dans une boutique d'informatique qui a fermée lorsque j'ai achete mon ordi les logiciels etaient installées dessus et je n'ai pas eu de copie....donc debrouille oblige

pour le diaghelp le voila merci

DiagHelp version v1.4 - http://www.malekal.com
excute le 06/04/2008 à 11:42:01,54

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->06/04/2008 11:41:56
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->06/04/2008 11:41:51
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->06/04/2008 11:41:06
C:\WINDOWS\prefetch\WINZIP32.EXE-382A5A28.pf -->06/04/2008 11:38:51
C:\WINDOWS\prefetch\HPQUSGL.EXE-1A66A7E1.pf -->06/04/2008 11:38:06
C:\WINDOWS\prefetch\FIREFOX.EXE-0C3AF13F.pf -->06/04/2008 11:31:47
C:\WINDOWS\prefetch\USNSVC.EXE-2DF2835C.pf -->06/04/2008 11:14:50
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->06/04/2008 11:07:44
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->06/04/2008 11:07:39
C:\WINDOWS\prefetch\~2.EXE-05DEFAF9.pf -->06/04/2008 11:07:28

C:\WINDOWS\System32\drivers\gmer.sys -->22/03/2008 18:38:43
C:\WINDOWS\System32\drivers\avipbb.sys -->19/03/2008 21:25:52
C:\WINDOWS\System32\drivers\mrxdav.sys -->18/12/2007 11:51:35
C:\WINDOWS\System32\drivers\symlcbrd.sys -->24/11/2007 12:02:16
C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 12:25:54
C:\WINDOWS\System32\drivers\tcpip.sys -->30/10/2007 19:20:55
C:\WINDOWS\System32\drivers\imagesrv.sys -->24/09/2007 10:05:58

C:\WINDOWS\System32\ckpNotify.log -->06/04/2008 11:06:05
C:\WINDOWS\System32\wpa.dbl -->06/04/2008 11:06:04
C:\WINDOWS\System32\twext32.dll -->02/04/2008 19:43:46
C:\WINDOWS\System32\perfh00C.dat -->30/03/2008 16:08:41
C:\WINDOWS\System32\perfh009.dat -->30/03/2008 16:08:41
C:\WINDOWS\System32\perfc00C.dat -->30/03/2008 16:08:41
C:\WINDOWS\System32\perfc009.dat -->30/03/2008 16:08:41
C:\WINDOWS\System32\PerfStringBackup.INI -->30/03/2008 16:08:38
C:\WINDOWS\System32\dspspres.dll -->25/03/2008 18:50:18
C:\WINDOWS\System32\TuneUpDefragService.exe -->12/03/2008 19:45:00
C:\WINDOWS\System32\FNTCACHE.DAT -->10/03/2008 18:41:31
C:\WINDOWS\System32\MRT.exe -->05/03/2008 18:30:54
C:\WINDOWS\System32\uxtuneup.dll -->27/02/2008 14:15:14
C:\WINDOWS\System32\WgaTray.exe -->24/02/2008 17:47:32
C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->06/01/2008 17:17:39
C:\WINDOWS\System32\BASSMOD.dll -->16/12/2007 13:14:42
C:\WINDOWS\System32\TZLog.log -->12/12/2007 22:09:21
C:\WINDOWS\System32\MsiExec.exe.log -->11/12/2007 22:12:48
C:\WINDOWS\System32\mshtml.dll -->07/12/2007 16:37:06
C:\WINDOWS\System32\wininet.dll -->07/12/2007 03:07:05
C:\WINDOWS\System32\urlmon.dll -->07/12/2007 03:07:05
C:\WINDOWS\System32\shlwapi.dll -->07/12/2007 03:07:05
C:\WINDOWS\System32\shdocvw.dll -->07/12/2007 03:07:05
C:\WINDOWS\System32\pngfilt.dll -->07/12/2007 03:07:04
C:\WINDOWS\System32\mstime.dll -->07/12/2007 03:07:04

C:\WINDOWS\WindowsUpdate.log -->06/04/2008 11:10:46
C:\WINDOWS\0.log -->06/04/2008 11:06:52
C:\WINDOWS\setupapi.log -->06/04/2008 11:06:49
C:\WINDOWS\wiadebug.log -->06/04/2008 11:06:38
C:\WINDOWS\wiaservc.log -->06/04/2008 11:06:37
C:\WINDOWS\bootstat.dat -->06/04/2008 11:06:02
C:\WINDOWS\SchedLgU.Txt -->05/04/2008 22:29:52
C:\WINDOWS\NeroDigital.ini -->05/04/2008 20:41:50
C:\WINDOWS\system.ini -->04/04/2008 18:29:26
C:\WINDOWS\gmer.ini -->31/03/2008 19:13:24
C:\WINDOWS\ModemLog_SoftV90 Data Fax Voice Modem.txt -->29/03/2008 12:01:44
C:\WINDOWS\TemplateWizard.INI -->24/03/2008 16:36:14
C:\WINDOWS\tsoc.log -->22/03/2008 21:47:29
C:\WINDOWS\ntdtcsetup.log -->22/03/2008 21:47:29
C:\WINDOWS\iis6.log -->22/03/2008 21:47:29

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1612
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10000000 0x1b8000 3.01.0000.0008 C:\Program Files\Fichiers communs\Nero\Lib\NeroDigitalExt.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL
0x01450000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x018a0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x01140000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x01160000 0x6000 C:\WINDOWS\system32\twext32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x02210000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 600
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01260000 0x32000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x53040000 0x6000 54.08.0000.0311 C:\WINDOWS\system32\ckpNotify.dll

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 68BB-EF80

Répertoire de C:\WINDOWS\system32

04/08/2004 00:54 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 19 119 501 312 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 68BB-EF80

Répertoire de C:\WINDOWS\Downloaded Program Files

26/01/2008 19:13 <REP> .
26/01/2008 19:13 <REP> ..
23/11/2007 21:55 65 desktop.ini
30/06/2003 23:41 1 689 WMV9VCM.inf
2 fichier(s) 1 754 octets

Total des fichiers listés :
2 fichier(s) 1 754 octets
2 Rép(s) 19 119 501 312 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\Program Files\\adslTV\\vlc.exe"="C:\\Program Files\\adslTV\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe:*:Enabled:SecureClient Application"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000001
"HideStartupScripts"=dword:00000000

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 11:42:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
320 - HPZipm12.exe
452 - sched.exe
576 - csrss.exe
600 - winlogon.exe
644 - services.exe
656 - lsass.exe
796 - cmd.exe
888 - svchost.exe
964 - svchost.exe
1056 - svchost.exe
1092 - SR_Service.exe
1108 - svchost.exe
1396 - svchost.exe
1432 - symlcsvc.exe
1604 - spoolsv.exe
1612 - explorer.exe
1696 - avguard.exe
1908 - avgnt.exe
1924 - wcescomm.exe
2360 - alg.exe
2540 - SR_GUI.exe

Total number of processes = 22
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F9F32000 - \WINDOWS\system32\KDCOM.DLL
F9E42000 - \WINDOWS\system32\BOOTVID.dll
F99E2000 - ACPI.sys
F9F34000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F99D1000 - pci.sys
F9A32000 - isapnp.sys
F9F36000 - viaide.sys
F9CB2000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F9A42000 - MountMgr.sys
F99B2000 - ftdisk.sys
F9F38000 - dmload.sys
F998C000 - dmio.sys
F9CBA000 - PartMgr.sys
F9A52000 - VolSnap.sys
F9974000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
F995C000 - atapi.sys
F9A62000 - disk.sys
F9A72000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F993C000 - fltMgr.sys
F992A000 - sr.sys
F9E46000 - bsstor.sys
F9CC2000 - PxHelp20.sys
F9913000 - KSecDD.sys
F9886000 - Ntfs.sys
F9859000 - NDIS.sys
F9A82000 - viaagp.sys
F983E000 - Mup.sys
F9C22000 - \SystemRoot\system32\DRIVERS\amdk7.sys
F972F000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F971B000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F96E5000 - \SystemRoot\system32\DRIVERS\HSFBS2S2.sys
F96C2000 - \SystemRoot\system32\DRIVERS\ks.sys
F95C3000 - \SystemRoot\system32\DRIVERS\HSFDPSP2.sys
F951B000 - \SystemRoot\system32\DRIVERS\HSFCXTS2.sys
F9D3A000 - \SystemRoot\System32\Drivers\Modem.SYS
F94FE000 - \SystemRoot\system32\DRIVERS\e100b325.sys
F9D42000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F94DB000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F9D4A000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F9C32000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F9D52000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F9C42000 - \SystemRoot\system32\DRIVERS\imapi.sys
F9C52000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F9C62000 - \SystemRoot\system32\DRIVERS\redbook.sys
F93F8000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
F93D4000 - \SystemRoot\system32\drivers\portcls.sys
F9C72000 - \SystemRoot\system32\drivers\drmk.sys
F9D5A000 - \SystemRoot\system32\DRIVERS\fdc.sys
F936A000 - \SystemRoot\system32\DRIVERS\serial.sys
F9F0E000 - \SystemRoot\system32\DRIVERS\serenum.sys
F9356000 - \SystemRoot\system32\DRIVERS\parport.sys
F9F12000 - \SystemRoot\system32\DRIVERS\gameenum.sys
F9163000 - \SystemRoot\system32\DRIVERS\fw.sys
F9D62000 - \SystemRoot\system32\DRIVERS\TDI.SYS
FA025000 - \SystemRoot\system32\DRIVERS\audstub.sys
F9C82000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F9F1E000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F914C000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F9C92000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F9CA2000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F9D6A000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F9D72000 - \SystemRoot\system32\DRIVERS\raspti.sys
F911B000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F9AB2000 - \SystemRoot\system32\DRIVERS\termdd.sys
F9D7A000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F9F54000 - \SystemRoot\system32\DRIVERS\swenum.sys
F90BF000 - \SystemRoot\system32\DRIVERS\update.sys
F981A000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F9AE2000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F9802000 - \SystemRoot\system32\drivers\MODEMCSA.sys
F9B02000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F9F5E000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F9D8A000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F9F60000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F9FFB000 - \SystemRoot\System32\Drivers\Null.SYS
F9F62000 - \SystemRoot\System32\Drivers\Beep.SYS
F9D9A000 - \SystemRoot\System32\drivers\vga.sys
F9F64000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F9F66000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F9DA2000 - \SystemRoot\System32\Drivers\Msfs.SYS
F9DAA000 - \SystemRoot\System32\Drivers\Npfs.SYS
F9EDA000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F0E84000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F9B22000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F0E2C000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F0E04000 - \SystemRoot\system32\DRIVERS\netbt.sys
F0DE2000 - \SystemRoot\System32\drivers\afd.sys
F9B32000 - \SystemRoot\system32\DRIVERS\netbios.sys
F9DB2000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
F0DB7000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F0D20000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F9B42000 - \SystemRoot\System32\Drivers\Fips.SYS
F0CFF000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F9B52000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F9B62000 - \SystemRoot\system32\DRIVERS\avipbb.sys
F9F68000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
F0CF3000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F9B82000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F9DC2000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F0CEF000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F9BD2000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F0BA7000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F9F76000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F0C9B000 - \SystemRoot\System32\drivers\Dxapi.sys
F9DFA000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
FA000000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA0B000 - \SystemRoot\System32\ati2cqag.dll
BFA43000 - \SystemRoot\System32\ati3d1ag.dll
F0AB4000 - \SystemRoot\System32\Drivers\BsUDF.SYS
F0AA3000 - \SystemRoot\System32\Drivers\Udfs.SYS
F0A83000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
F07BE000 - \SystemRoot\system32\drivers\wdmaud.sys
F0B97000 - \SystemRoot\system32\drivers\sysaudio.sys
F06A4000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
F05A1000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
F9FDC000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F0485000 - \SystemRoot\System32\drivers\vpn.sys
F0581000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
F040B000 - \SystemRoot\system32\DRIVERS\srv.sys
F9D12000 - \SystemRoot\System32\DRIVERS\Scap.sys
F9D0A000 - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
F00AA000 - \SystemRoot\System32\Drivers\HTTP.sys
EFD9B000 - \SystemRoot\system32\drivers\kmixer.sys
F9DBA000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
F011F000 - \SystemRoot\system32\DRIVERS\usbscan.sys
F9E0A000 - \SystemRoot\system32\DRIVERS\usbprint.sys
F9E32000 - \SystemRoot\system32\DRIVERS\HPZius12.sys
F0002000 - \SystemRoot\system32\DRIVERS\HPZid412.sys
F033B000 - \SystemRoot\system32\DRIVERS\HPZipr12.sys
F9FFF000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 135

Liste des programmes installes

Adobe Reader 8.1.1 - Français
adsl TV
Ahead ImageDrive
AiO_Scan_CDA
AiOSoftwareNPI
Archiveur WinRAR
Assistant de connexion Windows Live
Avira AntiVir PersonalEdition Classic
AVS Video Converter 4.3.1.371
Barre d'outils MSN
BufferChm
CalendarPainter
CCleaner (remove only