S'abonner :  Newsletters    Magazines
Avis sur les produits Avis sur les logiciels Avis sur les jeux Actualités A propos de 01net
616 utilisateurs connectés
Forum de 01net / Sécurité / Virus - pub disk cleaner + accés à 89.188.16.10 [résolu]

Virus - pub disk cleaner + accés à 89.188.16.10 [résolu]

Al1fini le 08 juin 2007 à 21h42
Bonsoir,

Je suis puis trois jours victime d'un virus, je pense.

Mon PC lance des pages internet tout seul pour arriver sur une page http://89.188.16.10 ... ou sur une pub pour Disk Cleaner 2006 ... ou une fenêtre m'expliquant qu'il faut que je fasse un ménage dans les virus ...

a priori,la solution n'a pas l'air immédiate et demande une analyse au coup par coup.

Quelqu'un pourrait t-il me donner un coup de main ?

Merci d'avance
-->Message édité par Al1fini le 09/06/2007 21:42:57<--
répondre
Malekal_morte le 08 juin 2007 à 21h43
Bonjour,

- Télécharge HiJackThis de Merijn sur ton bureau.
- Renomme le fichier HiJackThis.exe en Scanner.exe pour cela, fais un clic droit sur le fichier HiJackThis.exe et choisis renommer dans la liste
- Tape Scanner.exe et Appuye sur la touche Entrée.
- Génère un rapport en suivant ces indications :
- Double-clic sur Scanner.exe
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis -
-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur
répondre
Al1fini le 08 juin 2007 à 21h47
Voici mon rapport HijackThis ...

Logfile of HijackThis v1.99.1
Scan saved at 21:46:36, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Scanner.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {890C6610-5BB9-4ADC-A6AB-9131B3315CFF} - C:\WINDOWS\system32\mljgg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CFDE1CF9-75B3-4B1E-B9A7-B5FB88A171E6} - C:\WINDOWS\system32\awtutqq.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\leolgfut.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\yqpqwsjn.dll",realset
O4 - HKLM\..\Run: [j6261635] rundll32 C:\WINDOWS\system32\j6261635.dll sook
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [FreeBrowser] C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: FreePCvcR.lnk = C:\Program Files\FreePCvcR\FreePCvcR.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_ce(...)
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.com/v4/eCodec-v4.464.exe
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O20 - Winlogon Notify: awtutqq - C:\WINDOWS\SYSTEM32\awtutqq.dll
O20 - Winlogon Notify: mljgg - C:\WINDOWS\system32\mljgg.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

répondre
Al1fini le 08 juin 2007 à 22h03
Désolé, j'ai été un peu long mais mon poste a rebouté et depuis plus de FireFox (il me reste IE) ...
Voici le rapport de SmitFaudfix

SmitFraudFix v2.131

Rapport fait à 22:02:39,90, 08/06/2007
Executé à partir de I:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alain


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alain\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Alain\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

répondre
Al1fini le 08 juin 2007 à 22h15
Voila donc ce que j ai trouve - avec mon clavier en qwerty

06/08/07 22:07:28 [Info]: BlackLight Engine 1.0.61 initialized
06/08/07 22:07:28 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/08/07 22:07:28 [Note]: 7019 4
06/08/07 22:07:28 [Note]: 7005 0
06/08/07 22:07:45 [Note]: 7006 0
06/08/07 22:07:45 [Note]: 7011 3544
06/08/07 22:07:45 [Note]: 7026 0
06/08/07 22:07:45 [Note]: 7026 0
06/08/07 22:07:48 [Note]: FSRAW library version 1.7.1021
06/08/07 22:12:22 [Note]: 2000 1012
06/08/07 22:12:28 [Note]: 7007 0
répondre
Al1fini le 08 juin 2007 à 22h52
J'ai récupéré mon clavier en azerty - je ne comprend pas ce qui se passe ... j'ai cassé aussi deux firefox avant de pouvoir le relancer ... avec un plantage quand même ...
Mais bon, vois tu quelque chose
répondre
Malekal_morte le 08 juin 2007 à 23h27
Télécharge Combofix sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Clic sur le menu Démarrer puis executer et copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v mljgg awtutqq
puis clic sur OK.

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.
-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur
répondre
Al1fini le 08 juin 2007 à 23h50
Ouf, reboot violent avec Combofix ... mais voici le rapport :
"Alain" - 2007-06-08 23:35:41 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Alain\Bureau\"
Command switches used :: "/v mljgg awtutqq"

ADS removed - svchost.exe: deleted 68 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\eypahpkp.dll
C:\WINDOWS\system32\jnidwkgr.dll
C:\WINDOWS\system32\mfrxieax.dll
C:\WINDOWS\system32\sillndyf.dll
C:\WINDOWS\system32\wwxkipxb.dll
C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\awtutqq.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users.\documents\setup.exe
C:\install.log


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_WINDOWS_LOG


((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 )))))))))))))))))))))))))))))))


2007-06-08 21:53 <REP> d-------- C:\backups
2007-06-08 21:07 <REP> d-------- C:\Program Files\Navilog1
2007-06-08 21:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
2007-06-08 21:01 58,420 --a------ C:\WINDOWS\system32\leolgfut.dll
2007-06-07 07:28 <REP> d-------- C:\DOCUME~1\Alain\APPLIC~1\InstallShield
2007-06-06 21:58 55,316 --a------ C:\WINDOWS\system32\ofvmdqws.dll
2007-06-06 19:44 <REP> d-------- C:\Program Files\Lavasoft
2007-06-06 19:44 <REP> d-------- C:\DOCUME~1\Alain\APPLIC~1\Lavasoft
2007-06-05 21:56 14,868 --a------ C:\WINDOWS\system32\dffaljfw.exe
2007-06-05 21:56 10,752 --a------ C:\WINDOWS\system32\j6261635.dll
2007-06-04 21:55 2,580 --a------ C:\WINDOWS\system32\ushwbdgf.exe
2007-06-04 21:55 131,124 --a------ C:\WINDOWS\system32\yqpqwsjn.dll
2007-06-04 19:59 <REP> d-------- C:\VProRecovery
2007-06-04 00:12 2,580 --a------ C:\WINDOWS\system32\xhaikyuv.exe
2007-06-03 18:48 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-03 18:48 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2007-06-03 18:48 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2007-06-03 18:48 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2007-06-03 18:48 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
2007-06-03 18:48 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
2007-06-03 18:48 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
2007-06-03 18:48 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2007-06-02 21:38 2,580 --a------ C:\WINDOWS\system32\oqvhvqfg.exe
2007-06-02 13:37 <REP> d-------- C:\Program Files\iTunes
2007-06-01 23:18 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys
2007-06-01 23:18 14,072 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys
2007-06-01 23:18 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
2007-06-01 23:17 131,944 --a------ C:\WINDOWS\system32\drivers\symsnap.sys
2007-06-01 23:17 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-01 23:12 <REP> d-------- C:\Program Files\Norton Ghost
2007-06-01 21:41 2,580 --a------ C:\WINDOWS\system32\toibpovm.exe
2007-06-01 21:09 <REP> d-------- C:\Program Files\MagicISO
2007-05-28 18:03 <REP> d-------- C:\Test2_fichiers
2007-05-28 17:19 <REP> d-------- C:\Test_fichiers
2007-05-16 21:09 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2007-05-16 21:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-05-16 21:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-05-16 21:09 <REP> d-------- C:\DOCUME~1\Alain\APPLIC~1\ScanSoft
2007-05-16 21:08 <REP> d-------- C:\Program Files\ScanSoft
2007-05-16 21:07 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-05-16 21:07 <REP> d-------- C:\Program Files\ArcSoft
2007-05-16 19:41 57,344 --a------ C:\WINDOWS\system32\CNCI600.DLL
2007-05-16 19:41 197,632 --a------ C:\WINDOWS\system32\CNMLM87.DLL
2007-05-16 19:41 135,168 --a------ C:\WINDOWS\system32\CNCL600.DLL
2007-05-16 19:41 106,496 --a------ C:\WINDOWS\system32\cnco600.dll
2007-05-16 19:41 1,298,432 --a------ C:\WINDOWS\system32\CNCC600.DLL
2007-05-16 19:41 <REP> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2007-05-16 19:41 <REP> d--h----- C:\Program Files\CanonBJ
2007-05-16 19:41 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-08 20:48:23 -------- d-----w C:\DOCUME~1\Alain\APPLIC~1\EoRezo
2007-06-08 20:02:40 1,488 ----a-w C:\WINDOWS\system32\tmp.reg
2007-06-07 05:29:28 -------- d-----w C:\Program Files\TomTom HOME
2007-06-07 05:29:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-06 19:23:11 -------- d-----w C:\Program Files\AdwareAlert
2007-06-03 10:01:50 71,248 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-03 10:01:50 458,230 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-02 20:22:32 -------- d-----w C:\DOCUME~1\Alain\APPLIC~1\Symantec
2007-06-02 18:49:21 -------- d-----w C:\Program Files\Mahjongg Towers
2007-06-02 11:38:09 -------- d-----w C:\Program Files\iPod
2007-06-01 21:14:11 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-06-01 20:34:31 -------- d-----w C:\Program Files\eMule
2007-05-16 19:12:26 -------- d-----w C:\Program Files\Canon
2007-05-16 19:09:32 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-05-05 17:49:07 -------- d-----w C:\Program Files\QuickTime
2007-05-04 05:18:59 -------- d-----w C:\DOCUME~1\Alain\APPLIC~1\ItsLabel
2007-05-04 05:07:21 -------- d-----w C:\Program Files\eoRezo
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-28 21:05:58 -------- d-----w C:\DOCUME~1\Alain\APPLIC~1\vlc
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-28 18:12:18 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{64F56FC1-1272-44CD-BA6E-39723696E350}=C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll [2007-01-25 10:22]
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}=C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 14:37]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2006-10-12 11:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 20:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 01:37]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [2004-09-21 13:35]
"FreeBrowser"="C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe" [2006-01-27 23:31]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [2006-10-22 11:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"=C:\Program Files\Video ActiveX Object\pmsngr.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6d5c193-bd1d-11db-9b4c-000ea601a0ca}]
AutoRun\command- H:\InstallTomTomHOME.exe


Contents of the 'Scheduled Tasks' folder
2007-06-02 08:14:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-08 23:43:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-08 23:44:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-08 23:44

--- E O F ---


Quant au rapport HiJackThis, le voici maintenant :

Logfile of HijackThis v1.99.1
Scan saved at 23:50:28, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [FreeBrowser] C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: FreePCvcR.lnk = C:\Program Files\FreePCvcR\FreePCvcR.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_ce(...)
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.com/v4/eCodec-v4.464.exe
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE


répondre
Malekal_morte le 08 juin 2007 à 23h56
Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations : http://forum.malekal.com/ftopic3123.php

Clairement, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place : http://www.malekal.com/tutorial_antivir.php
- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.

-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.

Redémarre en mode normal.

Poste le rapport ici.

Poste un nouveau rapport HijackThis.
-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur
répondre
Al1fini le 09 juin 2007 à 13h10
Bonjour,

Me revoici, je ne me suis pas endormi mais le scan de 750 Go vient de se terminer ... car cette nuit je n'étais pas devant pour répondre aux alertes.

Voilà le rapport du scan :



AntiVir PersonalEdition Classic
Report file date: samedi 9 juin 2007 00:13

Scanning for 811469 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: FRODON

Version information:
BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.38.1.170 5569024 Bytes 21/05/2007 22:07:34
ANTIVIR2.VDF : 6.38.1.227 320000 Bytes 05/06/2007 22:07:34
ANTIVIR3.VDF : 6.38.2.10 77312 Bytes 08/06/2007 22:07:34
AVEWIN32.DLL : 7.4.0.32 2478592 Bytes 08/06/2007 22:07:34
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.10 360488 Bytes 08/06/2007 22:07:34
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: K:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 9 juin 2007 00:13

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!
Boot sector 'I:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '35' files ).


Starting the file scan:

Begin scan in 'C:\' <System500A>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\backups\backup-20070608-215334-563.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46ccd4e3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F967136.exe
[DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[INFO] The file was moved to '46a2d4e8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F9A1B32.exe
[DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[INFO] The file was moved to '46a2d4eb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F9A1B32.fil
[DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Agent.AY Backdoor server programs
[INFO] The file was moved to '46a2d4ee.qua'!
C:\Program Files\Xinox Software\JCreatorV3\loader.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '46cad856.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Documents\setup.exe.vir
[DETECTION] Is the Trojan horse TR/Proxy.Horst.Gen
[INFO] The file was moved to '46ddd84f.qua'!
C:\WINDOWS\$NtServicePackUninstall$\rtcimsp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\dffaljfw.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\j6261635.dll
[DETECTION] Is the Trojan horse TR/Click.Small.MW
[INFO] The file was moved to '469bda7c.qua'!
C:\WINDOWS\system32\leolgfut.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ofvmdqws.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\oqvhvqfg.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\toibpovm.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ushwbdgf.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\xhaikyuv.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\yqpqwsjn.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd9181.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Data500A>
D:\Download\Logiciels\Jeux\Elisa\Kidz - Rayman CP Calcul - 6 à 7 ans - CloneCD - francais - drizzt.ace
[0] Archive type: ACE
--> Rayman CP Calcul et lecture - 6 … 7 ans - jacquette front.BMP
[WARNING] Error creating the file
--> Rayman CP Calcul et lecture - 6 … 7 ans - jacquette back.BMP
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Download\Logiciels\Jeux\Elisa\Kidz - Rayman CP Lecture - 6 à 7 ans - CloneCD - francais - drizzt.ace
[0] Archive type: ACE
--> Rayman CP Calcul et lecture - 6 … 7 ans - jacquette front.BMP
[WARNING] Error creating the file
--> Rayman CP Calcul et lecture - 6 … 7 ans - jacquette back.BMP
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Download\Logiciels\Utilitaires\DupKillerSetup.exe
[WARNING] The file could not be opened!
D:\Download\Logiciels\Utilitaires\DupSetup.exe
[WARNING] The file could not be opened!
D:\Download\Logiciels\Utilitaires\JCreator_Pro_v3[1].00.092_Fixed.zip
[0] Archive type: ZIP
--> loader.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '46dc51db.qua'!
D:\Download\Logiciels\Utilitaires\Webroot.Spy.Sweeper.v4.5.5.607.Multilingual.WinALL.Retail.Read.NFO.rar
[0] Archive type: RAR
--> keygen.exe
[DETECTION] Contains signature of the dropper DR/SdBot.537088
[INFO] The file was moved to '46cc5245.qua'!
D:\Download\Logiciels\Utilitaires\winamp524_full_bundle_emusic-7plus.exe
[WARNING] The file could not be opened!
D:\Download\Musique\Corneille.-.Parce.Qu.On.Vient.De.Loin.-.Mp3.-.2003.-.By.The.Dude.teste.www.divxovore.com.ace
[0] Archive type: ACE
--> Corneille Parce Qu'On Vient De Loin - MP3 - 2003 - By The Dude\05-Rˆves_De_Star.mp3
[WARNING] Error creating the file
--> Corneille Parce Qu'On Vient De Loin - MP3 - 2003 - By The Dude\06-Avec_Classe.mp3
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Download\Musique\Henri.Des.comptines.12.albums.complet.par.oncleblu.rar
[0] Archive type: RAR
--> La.R‚cr‚.-.Les.jolies.chansons.de.nos.Enfants--_--.livret.illust
[1] Archive type: ACE
--> La R‚cr‚ - Une Souris Verte et les jolies chansons de nos Enfants\Avignon.jpg
[WARNING] Error creating the file
--> La R‚cr‚ - Une Souris Verte et les jolies chansons de nos Enfants\Dodo_l'enfant_do.jpg
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Download\Musique\Indochine.Paradize.Nouvel.Album.2002.testé.www.divxovore.com.ace
[0] Archive type: ACE
--> INDOCHINE - Paradize - Nouvel Album 2002 - 192Kbit -par Freddo\Indochine - 09 - La Nuit Des F‚es.mp3
[WARNING] Error creating the file
--> INDOCHINE - Paradize - Nouvel Album 2002 - 192Kbit -par Freddo\Indochine - 01 - Paradize.mp3
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Download\Musique\Joe_Cocker___Greatest_Hits_@192kbps.ace
[0] Archive type: ACE
--> Joe Cocker\Desktop.ini
[WARNING] Error creating the file
--> Joe Cocker\Greatest Hits [EMI]\Desktop.ini
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Download\Musique\L'integral De Hf Thiefaine (22 Albums).ace
[0] Archive type: ACE
--> Program Files\eMule\Incoming\HUBERT FELIX THIEFAINE - 84.88\84.88.jpg
[WARNING] Error creating the file
--> Program Files\eMule\Incoming\HUBERT FELIX THIEFAINE - 84.88\84.88 back.jpg
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Download\Musique\Les Garçons Bouchers - Vacarmelite Ou La Nonne Bruyante ( EAC, MPC, Extreme).ace
[0] Archive type: ACE
--> Les Gar‡ons Bouchers - Vacarm‚lite ou la nonne bruyante\front.jpg
[WARNING] Error creating the file
--> Les Gar‡ons Bouchers - Vacarm‚lite ou la nonne bruyante\Vacarm‚lite ou la nonne bruyante.m3u
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Download\Musique\Michel Polnareff - Présent Passé - Album Compil' 2003 256Kbs By Cybermen.ace
[0] Archive type: ACE
--> MichelPolnareff - Pr‚sentPass‚ - FaceCD.jpg
[WARNING] Error creating the file
--> MichelPolnareff - Pr‚sentPass‚ - DosCD.jpg
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Download\Musique\Michel.Sardou.-.Best.of.MS.-.Album.complet.Nov.2003.+.covers.by.Fire.ace
[0] Archive type: ACE
--> Michel Sardou - Best of MS - Album complet Nov 2003 + covers by Fire\MS CD 2\Michel Sardou - Best of MS - CD 2 - 05 - Il ‚tait l… (le fauteuil).mp3
[WARNING] Error creating the file
--> Michel Sardou - Best of MS - Album complet Nov 2003 + covers by Fire\MS CD 2\Michel Sardou - Best of MS - CD 2 - 02 - Verdun.mp3
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Download\Musique\Sinead O'connor - Discografia mp3 - By Char 2002.ace
[0] Archive type: ACE
--> S¡nead O'Connor by CHAR 2002\So far...... the best of\Sinead_O_Conner_-_Sofar-front.jpg
[WARNING] Error creating the file
--> S¡nead O'Connor by CHAR 2002\So far...... the best of\Sinead_O_Conner_-_Sofar-back.jpg
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Emule\Incoming\Hot Games Pack 5.2.zip
[0] Archive type: ZIP
--> Hot Games Pack 5.2.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
D:\Windows _ uninstall\$NtServicePackUninstall$\1394bus.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\61883.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\6to4svc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\accwiz.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\acgenral.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\aclayers.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\aclua.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\aclui.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\acpi.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\acspecfc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\activeds.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\actmovie.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\actxprxy.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\acverfyr.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\acxtrnal.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\admexs.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\admin.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\admin.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\admparse.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\admwprox.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\adsiis51.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\adsldp.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\adsldpc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\adsmsext.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\adsnt.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\advapi32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\advpack.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\aec.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\afd.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\agentanm.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\agentctl.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\agentdp2.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\agentdpv.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\agentmpx.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\agentpsh.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\agentsr.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\agentsvr.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\agtintl.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ahui.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\alg.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\alrsvc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\amdk6.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\amdk7.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\amstream.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\appconf.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\apphelp.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\appmgmts.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\appmgr.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\arp1394.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\asferror.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\asfsipc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\asp51.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\asr_fmt.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\asr_pfu.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\asycfilt.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\asyncmac.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\at.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atapi.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ati2dvaa.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ati2dvag.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ati2mtaa.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ati2mtag.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ati3d1ag.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ati3d2ag.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atinbtxx.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atinmdxx.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atinpdxx.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atinraxx.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atinrvxx.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atinsnxx.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atinttxx.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atintuxx.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atinxbxx.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atinxsxx.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atl.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atmadm.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atmarpc.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atmfd.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atmlane.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\atmlib.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\audiosrv.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\author.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\author.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\authz.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\autochk.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\autoconv.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\autofmt.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\autolfn.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\avc.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\avifil32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\basesrv.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\batmeter.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\batt.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\bdasup.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\bidispl.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\bitsprx2.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\bitsprx3.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\blackbox.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\bridge.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\browselc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\browser.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\browseui.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\browsewm.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cabinet.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cabview.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\callcont.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\camocx.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\catsrv.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\catsrvps.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\catsrvut.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ccdecode.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cdfs.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cdfview.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cdm.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cdosys.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cdrom.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\certcli.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\certmgr.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cewmdm.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cfgbkend.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cfgmgr32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cfgwiz.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cimwin32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cintime.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cintsetp.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ciodm.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cipher.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cisvc.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\classpnp.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\clbcatex.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\clbcatq.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cleanmgr.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cliconfg.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cliconfg.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\clipbrd.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\clipsrv.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\clusapi.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cmbatt.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cmcfg32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cmd.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cmdevtgprov.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cmdial32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cmdl32.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cmmon32.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cmprops.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cmstp.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cmutil.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cnbjmon.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\coadmin.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\colbact.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\comadmin.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\comctl32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\comdlg32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\compatui.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\compfilt.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\compstui.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\comrepl.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\comres.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\comsvcs.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\comuid.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\conf.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\confmrsl.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\conime.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\corpol.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cplexe.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\credui.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\crusoe.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\crypt32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cryptdlg.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cryptdll.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cryptext.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cryptnet.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cryptsvc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cryptui.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cscdll.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cscript.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\cscui.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\csrsrv.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\csrss.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ctfmon.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\custsat.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\d3d8.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\d3d8thk.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\d3d9.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\d3dim700.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\danim.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dao360.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dataclen.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\davcdata.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\davclnt.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dbghelp.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dbmsrpcn.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dbnetlib.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dbnmpntw.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dcap32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dciman32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ddeshare.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ddraw.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ddrawex.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\defrag.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\devenum.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\devmgr.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dfrgfat.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dfrgntfs.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dfrgsnap.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dfrgui.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dfsshlex.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dgnet.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dhcpcsvc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dialer.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\diantz.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\digest.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dinput.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dinput8.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\directdb.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\disk.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\diskdump.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\diskpart.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dlimport.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dllhost.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmadmin.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmband.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmboot.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmcompos.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmdskmgr.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmime.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmio.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmloader.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmremote.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmscript.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmserver.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmstyle.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmsynth.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmusic.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmusic.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dmutil.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dnsapi.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dnsrslvr.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\docprop2.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dosx.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpcdll.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dplaysvr.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dplayx.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpmodemx.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpnaddr.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpnet.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpnhpast.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpnhupnp.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpnlobby.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpnsvr.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpvacm.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpvoice.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpvsetup.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpvvox.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dpwsockx.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\drmclien.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\drmk.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\drmkaud.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\drmstor.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\drmv2clt.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\drprov.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ds32gt.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dsdmo.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dsdmoprp.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dskquota.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dsound.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dsound3d.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dsprop.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dsprpres.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dsquery.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dssec.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dssenh.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dsuiext.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dswave.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dumprep.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\duser.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dvdupgrd.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dwwin.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dx7vb.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dx8vb.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dxdiag.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dxdiagn.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dxg.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dxmasf.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dxmrtp.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dxtmsft.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\dxtrans.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\efsadu.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\els.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\encapi.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\encdec.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ersvc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\es.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\esent.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\esscli.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\eudcedit.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\evcreate.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\eventcreate.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\eventlog.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\evntagnt.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\evntcmd.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\evntrprv.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\evntwin.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\evtgprov.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\explorer.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\expsrv.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\exstrace.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\extrac32.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fastfat.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fastprox.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\faultrep.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\faxpatch.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fdc.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fdeploy.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\feclient.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\filemgmt.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\findstr.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fldrclnr.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\flpydisk.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fontext.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fontview.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp40ext.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp4amsft.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp4anscp.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp4apws.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp4areg.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp4atxt.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp4autl.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp4avnb.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp4avss.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp4awebs.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp4awel.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp98sadm.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fp98swin.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fpadmcgi.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fpadmdll.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fpcount.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fpencode.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fpexedll.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fpmmc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fpmmcsat.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fpremadm.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fpsrvadm.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fpsrvwin.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\framebuf.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\framedyn.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ftp.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ftpmib.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ftpsv251.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxsapi.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxsclnt.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxscom.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxscomex.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxscover.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxsdrv.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxsevent.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxsext32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxsmon.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxsocm.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxsperf.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxsres.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxsst.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxssvc.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxst30.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxstiff.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxsui.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxswzrd.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\fxsxp32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\gameenum.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\gckernel.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\gdi32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\glu32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\gpedit.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\gpkrsrc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\gpresult.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\gprslt.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\gptext.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\grpconv.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\guitrn.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\guitrn_a.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\gzip.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\h323cc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\h323msp.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hal.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\halaacpi.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\halacpi.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\halapic.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\halmacpi.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\halmps.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hccoin.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\helpctr.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\helpsvc.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hh.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hhsetup.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hid.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hidclass.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hidir.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hidparse.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hidserv.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hmmapi.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hnetcfg.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hnetwiz.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hostmib.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hotplug.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hscupd.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\httpext.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\httpmb51.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\httpod51.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\htui.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\hypertrm.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\i8042prt.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iasrad.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\icaapi.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iccvid.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\icm32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\icmp.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iconlib.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\icwconn.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\icwconn1.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\icwconn2.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\icwdial.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\icwdl.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\icwhelp.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\icwphbk.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\icwrmind.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\icwutil.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\idq.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ie4uinit.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ieakeng.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ieaksie.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iedkcs32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iepeers.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iernonce.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iesetup.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iexplore.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iexpress.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ifmon.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\igmpagnt.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iis.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iisadmin.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iische51.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iisext51.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iisfecnv.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iislog51.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iismap.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iisrstas.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\iisrtl.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\ils.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imagehlp.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imapi.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imapi.sys
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imekrcic.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imekrmbx.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imeshare.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imgutil.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imjp81k.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imjpcic.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imjpcus.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imjpdct.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imjpdct.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imjpdsvr.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imjpinst.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imjpmig.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imjprw.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imjputy.exe
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imjputyc.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\imm32.dll
[WARNING] The file could not be opened!
D:\Windows _ uninstall\$NtServicePackUninstall$\inetcfg.dll
répondre
Al1fini le 09 juin 2007 à 13h13
Re ...

La fin du message précédent scan disque qui semble trop long pour tenir sur le forum (703 Ko) !

End of the scan: samedi 9 juin 2007 12:54
Used time: 12:41:34 min

The scan has been done completely.

11337 Scanning directories
969777 Files were scanned
19 viruses and/or unwanted programs were found
0 classified as suspicious:
6 files were deleted
0 files were repaired
13 files were moved to quarantine
0 files were renamed
3100 Files cannot be scanned
969758 Files not concerned
8370 Archives were scanned
3166 Warnings
283 Notes
0 Hidden objects were found

-->Message édité par Al1fini le 09/06/2007 13:17:15<--
répondre
Al1fini le 09 juin 2007 à 13h15
En relisant ton message précedent, j'ai vu (trop tard) que tu ne voulais le check que sur le C:, il est dans le message précédent.

Pour HiJackThis, j'ai ceci maintenant :
Logfile of HijackThis v1.99.1
Scan saved at 13:05:31, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Scanner.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HiJackThis\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [FreeBrowser] C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: FreePCvcR.lnk = C:\Program Files\FreePCvcR\FreePCvcR.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_ce(...)
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.com/v4/eCodec-v4.464.exe
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE


Si tu vois quelque chose ? - moi pas vraiment ... ;^)
répondre
Malekal_morte le 09 juin 2007 à 13h44
Merci de bien lire et suivre attentivement ce qui est écrit car tu dois appuyer sur une touche lors du scan.. si tu ne le fais pas le rapport ne sera pas entier et tu devras recommencer donc :

- Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

- A la fin de l'analyse, il peut-être (pas obligatoire) demandé de redemanderl'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
-------
Supprimer les popups de pubs intempestives
Sécuriser votre ordinateur
répondre
Al1fini le 09 juin 2007 à 16h34
Je pense avoir bien suivi les instructions et j'ai un message de fin de Diaghelp par contre, la fenêtre DOS de commande reste ouverte en :
Liste les fichiers des repertoires sensibles...

Donc j'espère avoir tout ci dessous :
DiagHelp version v1.1.1 - http://www.malekal.com
excute le 09/06/2007 à 16:20:54,78


Liste des derniers fichies modifies/crees dans windir\system32
C:\WINDOWS\System32/drivers\WimFltr.sys -->28/03/2007 20:49:42
C:\WINDOWS\System32/drivers\symsnap.sys -->28/03/2007 20:29:12
C:\WINDOWS\System32/drivers\v2imount.sys -->28/03/2007 20:29:10
C:\WINDOWS\System32/drivers\vproeventmonitor.sys -->28/03/2007 20:23:50
C:\WINDOWS\System32/drivers\GEARAspiWDM.sys -->28/03/2007 20:12:18
C:\WINDOWS\System32/drivers\avipbb.sys -->20/03/2007 09:55:45
C:\WINDOWS\System32/drivers\ssmdrv.sys -->01/03/2007 10:34:36

C:\WINDOWS\System32\CONFIG.NT -->09/06/2007 00:04:24
C:\WINDOWS\System32\mcrh.tmp -->08/06/2007 22:04:08
C:\WINDOWS\System32\tmp.txt -->08/06/2007 22:02:40
C:\WINDOWS\System32\tmp.reg -->08/06/2007 22:02:40
C:\WINDOWS\System32\njswqpqy.ini -->08/06/2007 21:57:00
C:\WINDOWS\System32\leolgfut.dll -->08/06/2007 21:01:44
C:\WINDOWS\System32\wpa.dbl -->08/06/2007 21:00:23
C:\WINDOWS\System32\ofvmdqws.dll -->06/06/2007 21:58:03
C:\WINDOWS\System32\dffaljfw.exe -->05/06/2007 21:56:14
C:\WINDOWS\System32\ushwbdgf.exe -->04/06/2007 21:55:38
C:\WINDOWS\System32\yqpqwsjn.dll -->04/06/2007 21:55:34
C:\WINDOWS\System32\wytbceqs.ini -->04/06/2007 21:55:12
C:\WINDOWS\System32\xhaikyuv.exe -->04/06/2007 00:12:29
C:\WINDOWS\System32\PerfStringBackup.INI -->03/06/2007 12:01:50
C:\WINDOWS\System32\perfh00C.dat -->03/06/2007 12:01:50
C:\WINDOWS\System32\perfh009.dat -->03/06/2007 12:01:50
C:\WINDOWS\System32\perfc00C.dat -->03/06/2007 12:01:50
C:\WINDOWS\System32\perfc009.dat -->03/06/2007 12:01:50
C:\WINDOWS\System32\oqvhvqfg.exe -->02/06/2007 21:38:37
C:\WINDOWS\System32\toibpovm.exe -->01/06/2007 21:41:52
C:\WINDOWS\System32\MRT.exe -->27/04/2007 22:45:12
C:\WINDOWS\System32\jupdate-1.6.0_01-b06.log -->27/04/2007 21:43:47
C:\WINDOWS\System32\QuickTimeVR.qtx -->27/04/2007 09:42:00
C:\WINDOWS\System32\QuickTime.qts -->27/04/2007 09:42:00
C:\WINDOWS\System32\msi.dll -->18/04/2007 18:14:18

C:\WINDOWS\0.log -->09/06/2007 13:03:01
C:\WINDOWS\WindowsUpdate.log -->09/06/2007 13:02:54
C:\WINDOWS\wiadebug.log -->09/06/2007 13:02:52
C:\WINDOWS\wiaservc.log -->09/06/2007 13:02:51
C:\WINDOWS\bootstat.dat -->09/06/2007 13:02:28
C:\WINDOWS\ntbtlog.txt -->09/06/2007 10:58:46
C:\WINDOWS\wmsetup.log -->09/06/2007 10:55:14
C:\WINDOWS\SchedLgU.Txt -->09/06/2007 00:09:41
C:\WINDOWS\setupapi.log -->09/06/2007 00:06:07
C:\WINDOWS\NeroDigital.ini -->06/06/2007 19:31:25
C:\WINDOWS\setupact.log -->01/06/2007 23:08:37
C:\WINDOWS\catchme.exe -->28/05/2007 04:23:11
C:\WINDOWS\tsoc.log -->24/05/2007 16:01:57
C:\WINDOWS\tabletoc.log -->24/05/2007 16:01:57
C:\WINDOWS\ocmsn.log -->24/05/2007 16:01:57


Le volume dans le lecteur C s'appelle System500A
Le numéro de série du volume est 56E7-A86C

Répertoire de C:\WINDOWS\system

14/08/2002 16:03 4 672 WOWPOST.EXE
1 fichier(s) 4 672 octets
0 Rép(s) 11 008 774 144 octets libres
Le volume dans le lecteur C s'appelle System500A
Le numéro de série du volume est 56E7-A86C

Répertoire de C:\WINDOWS\system32

20/08/2004 01:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 11 008 774 144 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle System500A
Le numéro de série du volume est 56E7-A86C

Répertoire de C:\WINDOWS\Downloaded Program Files

16/05/2007 21:09 <REP> .
16/05/2007 21:09 <REP> ..
13/03/2004 21:22 181 136 AxisCamControl.ocx
22/01/2004 23:14 65 desktop.ini
25/07/2002 17:13 24 576 dwusplay.dll
25/07/2002 17:13 196 608 dwusplay.exe
28/03/2002 17:05 1 268 erma.inf
12/01/2004 09:43 9 811 fdjeux.osd
16/02/2005 16:15 401 408 isusweb.dll
25/08/2003 19:12 1 096 iuctl.inf
20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
30/10/2003 17:55 925 696 npaecviz.dll
30/10/2003 18:00 216 npaecviz.inf
17/06/2002 10:55 380 928 npSeaTools_EN.dll
17/06/2002 11:30 892 npSeaTools_EN.inf
09/10/2003 10:32 144 QTPlugin.inf
08/12/2003 14:58 3 759 swflash.inf
21/10/2004 18:55 1 390 teleir_cert.osd
16 fichier(s) 2 130 155 octets

Total des fichiers listés :
16 fichier(s) 2 130 155 octets
2 Rép(s) 11 008 770 048 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2



Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

Rechercher adresses sensibles dans le fichier HOSTS...



catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 16:21:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
360 - sched.exe
540 - explorer.exe
572 - VProSvc.exe
716 - cmd.exe
736 - csrss.exe
760 - winlogon.exe
808 - services.exe
820 - lsass.exe
888 - NPROTECT.EXE
988 - svchost.exe
1076 - svchost.exe
1172 - svchost.exe
1276 - svchost.exe
1288 - svchost.exe
1664 - spoolsv.exe
1708 - avguard.exe
1908 - VProTray.exe
1912 - firefox.exe
2060 - avgnt.exe
2436 - iPodService.exe
2668 - SATARaid.exe
3788 - alg.exe

Total number of processes = 23
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F79EF000 - \WINDOWS\system32\KDCOM.DLL
F78FF000 - \WINDOWS\system32\BOOTVID.dll
F73FE000 - sptd.sys
F79F1000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F73E6000 - \WINDOWS\System32\Drivers\SPTD9181.SYS
F73C3000 - xmasbus.sys
F7394000 - ACPI.sys
F7383000 - pci.sys
F74EF000 - isapnp.sys
F74FF000 - ohci1394.sys
F750F000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
F7AB7000 - pciide.sys
F776F000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F751F000 - MountMgr.sys
F7364000 - ftdisk.sys
F79F3000 - dmload.sys
F733E000 - dmio.sys
F7777000 - PartMgr.sys
F752F000 - VolSnap.sys
F777F000 - ElbyVCD.sys
F7326000 - \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
F730E000 -
F72F6000 - si3112r.sys
F79F5000 - xmasscsi.sys
F7903000 - SiWinAcc.sys
F753F000 - disk.sys
F754F000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F72D6000 - fltmgr.sys
F72C4000 - sr.sys
F755F000 - PxHelp20.sys
F72A5000 - symsnap.sys
F728E000 - KSecDD.sys
F7201000 - Ntfs.sys
F71D4000 - NDIS.sys
F7787000 - nv_agp.sys
F71B9000 - Mup.sys
F76DF000 - \SystemRoot\System32\DRIVERS\amdk7.sys
F7887000 - \SystemRoot\System32\DRIVERS\usbohci.sys
F70DD000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F70CB000 - \SystemRoot\System32\DRIVERS\NVENET.sys
F75BF000 - \SystemRoot\system32\drivers\nvax.sys
F7095000 - \SystemRoot\system32\DRIVERS\HSFBS2S2.sys
F7072000 - \SystemRoot\system32\DRIVERS\ks.sys
F6F73000 - \SystemRoot\system32\DRIVERS\HSFDPSP2.sys
F6ECB000 - \SystemRoot\system32\DRIVERS\HSFCXTS2.sys
F7847000 - \SystemRoot\System32\Drivers\Modem.SYS
F75CF000 - \SystemRoot\System32\DRIVERS\imapi.sys
F7175000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys
F716D000 - \SystemRoot\system32\drivers\pfc.sys
F75DF000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F75EF000 - \SystemRoot\System32\DRIVERS\redbook.sys
F7877000 - \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
F788F000 - \SystemRoot\System32\DRIVERS\InCDPass.sys
F6DF3000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys
F6DDF000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F6D95000 - \SystemRoot\System32\Drivers\dtscsi.sys
F78E7000 - \SystemRoot\System32\DRIVERS\fdc.sys
F6D84000 - \SystemRoot\System32\DRIVERS\serial.sys
F7100000 - \SystemRoot\System32\DRIVERS\serenum.sys
F6D70000 - \SystemRoot\System32\DRIVERS\parport.sys
F75FF000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F760F000 - \SystemRoot\System32\DRIVERS\L8042Pr2.sys
F761F000 - \SystemRoot\System32\DRIVERS\LMouFlt2.sys
F7817000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F718D000 - \SystemRoot\System32\DRIVERS\itchfltr.sys
F7A01000 - \SystemRoot\System32\DRIVERS\LKbdFlt2.sys
F7827000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7BDF000 - \SystemRoot\system32\drivers\msmpu401.sys
F6D4C000 - \SystemRoot\system32\drivers\portcls.sys
F762F000 - \SystemRoot\system32\drivers\drmk.sys
F7181000 - \SystemRoot\System32\DRIVERS\gameenum.sys
F7BE6000 - \SystemRoot\System32\DRIVERS\audstub.sys
F763F000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F7179000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F6D35000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F764F000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F765F000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F78BF000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F6C84000 - \SystemRoot\System32\DRIVERS\psched.sys
F766F000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F78EF000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F77B7000 - \SystemRoot\System32\DRIVERS\raspti.sys
F6C53000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F767F000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7A07000 - \SystemRoot\System32\DRIVERS\swenum.sys
F6BF7000 - \SystemRoot\System32\DRIVERS\update.sys
F7169000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
F768F000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F7A0B000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F769F000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F6B82000 - \SystemRoot\system32\drivers\nvapu.sys
F6A91000 - \SystemRoot\system32\drivers\nvmcp.sys
F6A80000 - \SystemRoot\system32\drivers\nvarm.sys
F77C7000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F7A13000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7AC6000 - \SystemRoot\System32\Drivers\Null.SYS
F7A17000 - \SystemRoot\System32\Drivers\Beep.SYS
F77E7000 - \SystemRoot\System32\drivers\vga.sys
F7A1B000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7A1F000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7A21000 - \SystemRoot\System32\Drivers\InCDrec.SYS
B6FCB000 - \SystemRoot\System32\Drivers\InCDfs.SYS
F782F000 - \SystemRoot\System32\Drivers\Msfs.SYS
F783F000 - \SystemRoot\System32\Drivers\Npfs.SYS
F79E7000 - \SystemRoot\System32\DRIVERS\rasacd.sys
B6FB8000 - \SystemRoot\System32\DRIVERS\ipsec.sys
B6F60000 - \SystemRoot\System32\DRIVERS\tcpip.sys
B6F38000 - \SystemRoot\System32\DRIVERS\netbt.sys
F76FF000 - \SystemRoot\System32\DRIVERS\wanarp.sys
B6E76000 - \SystemRoot\System32\drivers\afd.sys
F770F000 - \SystemRoot\System32\DRIVERS\netbios.sys
F7857000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
B6E4B000 - \SystemRoot\System32\DRIVERS\rdbss.sys
B6DDC000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F772F000 - \SystemRoot\System32\Drivers\Fips.SYS
B6D89000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
F773F000 - \SystemRoot\system32\DRIVERS\avipbb.sys
F7A2B000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
F75AF000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B6D65000 - \SystemRoot\System32\Drivers\dump_diskdump.sys
B6D49000 - \SystemRoot\System32\Drivers\dump_si3112r.sys
BF800000 - \SystemRoot\System32\win32k.sys
F6BDB000 - \SystemRoot\System32\drivers\Dxapi.sys
F780F000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7BCD000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA34000 - \SystemRoot\System32\ati3duag.dll
B6D25000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
B5FAD000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
B5F30000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
B5EF3000 - \SystemRoot\system32\drivers\wdmaud.sys
B61D0000 - \SystemRoot\system32\drivers\sysaudio.sys
F7AB1000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F7B11000 - \??\C:\WINDOWS\system32\drivers\aslm75.sys
B5F71000 - \SystemRoot\System32\Drivers\Aspi32.SYS
F7A2F000 - \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS
B5D01000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys
B5F0C000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
B5BA3000 - \SystemRoot\System32\DRIVERS\srv.sys
B5BF9000 - \??\C:\WINDOWS\system32\drivers\PfModNT.sys
B5F81000 - \SystemRoot\System32\DRIVERS\secdrv.sys
F7897000 - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
F78CF000 - \SystemRoot\system32\DRIVERS\v2imount.sys
B5928000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F7BA7000 - \??\C:\DOCUME~1\Alain\LOCALS~1\Temp\mc21.tmp
B56AE000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS
B6048000 - \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
B54B5000 - \SystemRoot\System32\Drivers\HTTP.sys
B5340000 - \SystemRoot\System32\DRIVERS\ipnat.sys
F7B7D000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 153

Liste des programmes installes

Ad-Aware SE Personal
Adobe Reader 7.0.9 - Français
AdwareAlert 3.6.2.1
Alcohol 120%
Apple Software Update
ArcSoft PhotoStudio 5.5
ASUS Probe V2.20.08
AsusUpdate
ATI - Utilitaire de désinstallation du logiciel
ATI Control Panel
ATI Display Driver
ATI HydraVision
Avira AntiVir PersonalEdition Classic
Big Kahuna Reef
BitTornado 0.3.7
BSPlayer
Canon MP Navigator 3.0
Canon MP600
Canon PhotoRecord
Canon PIXMA iP4000
Canon PowerShot A40 WIA Driver
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.2
Canon Utilities ZoomBrowser EX
ccCommon
CD-LabelPrint
CleanUp!
CloneCD
Codeur Windows Media Série 9
Codeur Windows Media Série 9
Correctif Windows XP - KB834707
Correctif Windows XP - KB867282
Correctif Windows XP - KB873333
Correctif Windows XP - KB873339
Correctif Windows XP - KB885250
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB890047
Correctif Windows XP - KB890175
Correctif Windows XP - KB890859
Correctif Windows XP - KB890923
Correctif Windows XP - KB891781
Correctif Windows XP - KB893066
Correctif Windows XP - KB893086
Creative MediaSource
DivX Player
DivX Pro Codec Adware
DVD X Rescue
Easy-WebPrint
Easy Memory
eMule
Enregistrement utilisateur de Canon MP600
eoClock 3.5
eoEngine 4.5
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
Free Mp3 Wma Converter V 1.5.1
FreeBrowser (remove only)
G6 U-DISK Manager Uninstall
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HomePlayer 1.5
InCD
InterVideo WinDVD 4
InterVideo WinDVD Creator
InterVideo WinRip
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 SDK, SE v1.4.2_03
Java(TM) SE Runtime Environment 6 Update 1
JCreator Pro 3.00
Kakuro Master
Lecteur Windows Media 10
LiveReg (Symantec Corporation)
LiveUpdate 2.7 (Symantec Corporation)
Logiciel iTouch de Logitech
Logitech MouseWare 9.61
Logitech Resource Center
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic ISO Maker v5.4 (build 0239)
MahJong v1.1
Mahjongg Towers
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Office 2000 Premium
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Windows XP (KB883939)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB896688)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899588)
Mise à jour de sécurité pour Windows XP (KB899589)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901190)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB903235)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB905915)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB908531)
Mise à jour de sécurité pour Windows XP (KB911280)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911567)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912812)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913446)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB916281)
Mise à jour de sécurité pour Windows XP (KB917159)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB918899)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920214)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921398)
Mise à jour de sécurité pour Windows XP (KB921883)
Mise à jour de sécurité pour Windows XP (KB922616)
Mise à jour de sécurité pour Windows XP (KB922760)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925454)
Mise à jour de sécurité pour Windows XP (KB925486)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929969)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931768)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB896727)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB929338)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mozilla Firefox (2.0.0.4)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MuVo Driver
Navilog1 Version 2.0.3
Nero 6 Ultra Edition
Norton Ghost
Norton SystemWorks
Norton SystemWorks 2005 Premier
Norton SystemWorks 2005 Premier (Symantec Corporation)
Norton Utilities
NSW_DRM_COLLECTION
NVIDIA nForce Drivers
PowerDVD
QuickTime
RealPlayer
River Past Video Cleaner
SATARaid
SC Ver 2.58
ScanSoft OmniPage SE 4.0
Seagate SeaTools English Online
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update pour Microsoft .NET Framework 2.0 (KB917283)
Serials 2000
Shockwave
SpaceMan 99
SuperCopier2
TELL ME MORE
Timershot Powertoy for Windows XP
TomTom HOME
VideoLAN VLC media player 0.8.5-freehd
Visionneuse Journal Windows Microsoft
Voice Editor
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Service Pack 2
WinRAR archiver
WinZip



Le volume dans le lecteur C s'appelle System500A
Le numéro de série du volume est 56E7-A86C

Répertoire de C:\Program Files

09/06/2007 13:05 <REP> .
09/06/2007 13:05 <REP> ..
19/07/2004 10:23 <REP> 321Studios
05/11/2006 14:34 <REP> Absolutist.com
27/01/2006 22:11 <REP> Adobe
06/06/2007 21:23 <REP> AdwareAlert
06/02/2004 19:48 <REP> Ahead
14/07/2004 16:43 <REP> Alcohol Soft
24/02/2006 23:57 <REP> Alwil Software
09/06/2007 00:05 <REP> AntiVir PersonalEdition Classic
17/03/2007 10:19 <REP> Apple Software Update
16/05/2007 21:07 <REP> ArcSoft
23/01/2004 00:14 <REP> ASUS
23/01/2004 00:19 <REP> ATI Technologies
22/10/2006 14:00 <REP> Auralog
27/02/2006 21:16 <REP> Big Kahuna Reef
26/11/2005 23:28 <REP> BitTornado
11/05/2005 19:31 <REP> Borland
16/05/2007 21:12 <REP> Canon
04/03/2006 16:51 <REP> CleanUp!
23/01/2004 20:51 <REP> Common Files
22/01/2004 23:13 <REP> ComPlus Applications
28/04/2005 21:54 <REP> Creative
29/01/2004 20:29 <REP> CyberLink
22/10/2006 12:58 <REP> DAEMON Tools
02/02/2004 23:49 <REP> directx
02/02/2004 22:33 <REP> DivX
08/05/2005 15:48 <REP> Easy Memory
02/02/2004 23:37 <REP> Elaborate Bytes
01/06/2007 22:34 <REP> eMule
04/05/2007 07:07 <REP> eoRezo
29/10/2005 00:06 <REP> fdjeux
06/06/2007 20:14 <REP> Fichiers communs
05/01/2007 20:07 <REP> Free Audio Pack
25/02/2006 13:42 <REP> FreeBrowser
25/12/2006 13:30 <REP> G6 U-DISK Manager
22/10/2006 11:22 <REP> Google
29/01/2004 22:05 <REP> Grenouille.com
23/01/2004 22:31 <REP> HighMAT CD Writing Wizard
09/06/2007 13:05 <REP> HiJackThis
17/02/2007 16:23 <REP> HomePlayer1.5
02/06/2007 09:59 <REP> Internet Explorer
23/01/2004 00:34 <REP> InterVideo
02/06/2007 13:38 <REP> iPod
19/07/2004 10:33 <REP> IrfanView
02/06/2007 13:38 <REP> iTunes
27/04/2007 21:43 <REP> Java
22/02/2006 22:11 <REP> kakuro master demo
06/06/2007 19:44 <REP> Lavasoft
23/01/2004 00:31 <REP> Logitech
01/06/2007 21:31 <REP> MagicISO
02/06/2007 20:49 <REP> Mahjongg Towers
12/02/2005 18:45 <REP> Messenger
23/01/2004 00:36 <REP> microsoft frontpage
23/01/2004 00:36 <REP> Microsoft Office
23/01/2004 00:37 <REP> Microsoft Visual Studio
04/09/2004 18:50 <REP> Movie Maker
01/06/2007 21:06 <REP> Mozilla Firefox
22/01/2004 23:13 <REP> MSN Gaming Zone
08/06/2007 21:13 <REP> Navilog1
04/09/2004 18:48 <REP> NetMeeting
01/06/2007 23:13 <REP> Norton Ghost
20/02/2006 19:36 <REP> Norton SystemWorks
13/12/2006 21:33 <REP> Outlook Express
29/09/2004 05:15 <REP> PopCap Games
05/05/2007 19:49 <REP> QuickTime
12/08/2004 23:45 <REP> Real
19/12/2005 04:32 <REP> River Past
30/03/2007 20:21 <REP> SC
16/05/2007 21:08 <REP> ScanSoft
07/08/2004 16:12 <REP> Seagate
30/07/2004 14:45 <REP> Serials 2000
22/01/2004 23:14 <REP> Services en ligne
23/01/2004 00:12 <REP> Silicon Image
30/01/2004 00:09 <REP> SpaceMan 99
17/09/2005 08:33 <REP> SuperCopier2
22/02/2006 19:37 <REP> Symantec
07/06/2007 07:29 <REP> TomTom HOME
06/01/2007 18:04 <REP> VideoLAN
19/12/2005 04:29 <REP> Webteh
19/08/2006 11:03 <REP> Winamp
23/01/2004 00:14 <REP> Winbond
23/01/2004 22:35 <REP> Windows Journal Viewer
05/02/2004 20:47 <REP> Windows Media Components
22/10/2006 14:01 <REP> Windows Media Player
04/09/2004 18:48 <REP> Windows NT
25/01/2004 18:17 <REP> WinRAR
13/07/2004 19:10 <REP> WinZip
22/01/2004 23:15 <REP> xerox
27/02/2004 20:33 <REP> Xinox Software
0 fichier(s) 0 octets
90 Rép(s) 11 007 930 368 octets libres
Le volume dans le lecteur C s'appelle System500A
Le numéro de série du volume est 56E7-A86C

Répertoire de C:\Program Files\fichiers communs

06/06/2007 20:14 <REP> .
06/06/2007 20:14 <REP> ..
29/10/2005 00:09 <REP> Adobe
26/01/2004 22:23 <REP> Ahead
23/01/2004 00:37 <REP> Designer
03/02/2004 00:35 <REP> DirectX
18/08/2004 13:41 <REP> EPSON
16/05/2007 21:09 <REP> InstallShield
02/02/2004 22:10 <REP> Java
23/01/2004 00:29 <REP> Logitech
02/06/2007 09:59 <REP> Microsoft Shared
29/10/2005 01:53 <REP> MimarSinan
22/01/2004 23:13 <REP> MSSoap
30/07/2005 18:14 <REP> NSV
22/01/2004 23:06 <REP> ODBC
19/12/2005 15:32 <REP> Real
19/12/2005 04:32 <REP> River Past
16/05/2007 21:09 <REP> ScanSoft Shared
22/01/2004 23:14 <REP> Services
22/01/2004 23:06 <REP> SpeechEngines
18/04/2004 23:46 <REP> SWF Studio
01/06/2007 23:14 <REP> Symantec Shared
13/12/2006 21:33 <REP> System
22/05/2004 20:52 <REP> tcprjjjh
19/12/2005 15:32 <REP> xing shared
0 fichier(s) 0 octets
25 Rép(s) 11 007 930 368 octets libres
Le volume dans le lecteur C s'appelle System500A
Le numéro de série du volume est 56E7-A86C

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

22/01/2004 23:22 <REP> .
22/01/2004 23:22 <REP> ..
18/05/2001 18:57 561 209 MSONSEXT.DLL
03/06/1999 15:09 122 937 MSOWS409.DLL
07/03/2001 10:00 127 033 MSOWS40c.DLL
18/03/1999 06:37 593 977 RAGENT.DLL
4 fichier(s) 1 405 156 octets
2 Rép(s) 11 007 926 272 octets libres
Le volume dans le lecteur C s'appelle System500A
Le numéro de série du volume est 56E7-A86C

Répertoire de C:\Program Files\common files

23/01/2004 20:51 <REP> .
23/01/2004 20:51 <REP> ..
31/07/2004 06:02 <REP> System
0 fichier(s) 0 octets
3 Rép(s) 11 007 926 272 octets libres
Le volume dans le lecteur C s'appelle System500A
Le numéro de série du volume est 56E7-A86C

Répertoire de C:\

12/05/2007 18:22 68 096 diff.exe
12/05/2007 18:22 103 424 grep.exe
24/05/2001 13:59 162 304 UNWISE.EXE
3 fichier(s) 333 824 octets
0 Rép(s) 11 007 926 272 octets libres
c:\Documents and Settings\Alain\timeseal.exe
c:\Documents and Settings\Alain\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Alain\Application Data\EoRezo\tmp.exe
c:\Documents and Settings\Alain\Application Data\Macromedia\Flash Player\localhost\DOCUME~1\Alain\LOCALS~1\Temp\Jgl_Rt\redbeard.exe
c:\Documents and Settings\Alain\Bureau\ComboFix.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Alain\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Alain\Local Settings\Application Data\Symantec_Corporation\VProConsole.exe_Url_lpdc2k50jgmq1bxprss5e1wfkmvu5yvj
c:\Documents and Settings\Alain\Mes documents\TomTom\HOME\Backups\GO\Backup01\Storage\installtomtomhome.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.2.0.34\iTunesSetupAdmin.exe
c:\Documents and Settings\Alain\Application Data\Creative\Media Database\JetFileBackup\Expsrv.dll
c:\Documents and Settings\Alain\Application Data\Creative\Media Database\JetFileBackup\Msado15.dll
c:\Documents and Settings\Alain\Application Data\Creative\Media Database\JetFileBackup\Msadox.dll
c:\Documents and Settings\Alain\Application Data\Creative\Media Database\JetFileBackup\Msadrh15.dll
c:\Documents and Settings\Alain\Application Data\Creative\Media Database\JetFileBackup\Msjet40.dll
c:\Documents and Settings\Alain\Application Data\Creative\Media Database\JetFileBackup\Msjetoledb40.dll
c:\Documents and Settings\Alain\Application Data\Creative\Media Database\JetFileBackup\Msjint40.dll
c:\Documents and Settings\Alain\Application Data\Creative\Media Database\JetFileBackup\Msjro.dll
c:\Documents and Settings\Alain\Application Data\Creative\Media Database\JetFileBackup\Msjter40.dll
c:\Documents and Settings\Alain\Application Data\Creative\Media Database\JetFileBackup\Msjtes40.dll
c:\Documents and Settings\Alain\Application Data\Creative\Media Database\JetFileBackup\Mswstr10.dll
c:\Documents and Settings\Alain\Application Data\Creative\Media Database\JetFileBackup\vbajet32.dll
c:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\6dyider2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\6dyider2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\Alain\Local Settings\Application Data\assembly\dl2\62CNT7X0.CC3\PDEGNQGK.BBV\e375e001\009b944c_db6dc501\SudokuSolverControl.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0401\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0401\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0401\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0404\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0404\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0404\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0405\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0405\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0405\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0406\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0406\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0406\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0407\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0407\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0407\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0408\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0408\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0408\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0409\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0409\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0409\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040b\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040b\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040b\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040c\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040c\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040c\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040e\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040e\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\040e\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0410\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0410\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0410\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0411\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0411\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0411\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0412\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0412\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0412\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0413\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0413\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0413\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0414\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0414\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0414\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0415\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0415\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0415\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0419\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0419\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0419\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041D\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041D\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041D\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041E\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041E\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041E\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041F\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041F\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\041F\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0804\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0804\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0804\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0816\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0816\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0816\CNMur87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0c0a\CNMlr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0c0a\CNMsr87.dll
c:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP600 Printer\LanguageModules\0c0a\CNMur87.dll

****** Fin du rapport DiagHelp
répondre
Al1fini le 09 juin 2007 à 18h31
Mon cas est si désespéré que cela que vous préférez ne pas m'en parler ?

Non je plaisante, je crois voir que vous êtes trés sollicité ...

Juste pour remettre mon sujet en route.

Cordialement
répondre
Malekal_morte le 09 juin 2007 à 18h55
  • Télécharge OTMoveIt de OldTimer.
  • Sauvegarde le sur ton Bureau.
  • Double-Clique sur OTMoveIt.exe pour le lancer.
  • Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :[/list]
    C:\WINDOWS\System32\leolgfut.dll
    C:\WINDOWS\System32\ofvmdqws.dll
    C:\WINDOWS\System32\dffaljfw.exe
    C:\WINDOWS\System32\ushwbdgf.exe
    C:\WINDOWS\System32\yqpqwsjn.dll
    C:\WINDOWS\System32\wytbceqs.ini
    C:\WINDOWS\System32\xhaikyuv.exe
    C:\WINDOWS\System32\oqvhvqfg.exe
    C:\WINDOWS\System32\toibpovm.exe
    C:\Program Files\AdwareAlert
    C:\Program Files\fichiers communs\tcprjjjh

    [list]
  • Retourne dans OTMoveit, fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt.
    Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.

    Poste nous le rapport de OTMoveIT dispo ici : C:\_OTMoveIt\MovedFiles, en pièce jointe.

    Poste un nouveau rapport HijackThis.
    -------
    Supprimer les popups de pubs intempestives
    Sécuriser votre ordinateur
    • répondre
    Al1fini le 09 juin 2007 à 19h06
    Bien alors, suite a OTMoveit, je trouve le rapport suivant :

    LoadLibrary failed for C:\WINDOWS\System32\leolgfut.dll
    C:\WINDOWS\System32\leolgfut.dll NOT unregistered.
    C:\WINDOWS\System32\leolgfut.dll moved successfully.
    LoadLibrary failed for C:\WINDOWS\System32\ofvmdqws.dll
    C:\WINDOWS\System32\ofvmdqws.dll NOT unregistered.
    C:\WINDOWS\System32\ofvmdqws.dll moved successfully.
    C:\WINDOWS\System32\dffaljfw.exe moved successfully.
    C:\WINDOWS\System32\ushwbdgf.exe moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\System32\yqpqwsjn.dll
    C:\WINDOWS\System32\yqpqwsjn.dll NOT unregistered.
    C:\WINDOWS\System32\yqpqwsjn.dll moved successfully.
    C:\WINDOWS\System32\wytbceqs.ini moved successfully.
    C:\WINDOWS\System32\xhaikyuv.exe moved successfully.
    C:\WINDOWS\System32\oqvhvqfg.exe moved successfully.
    C:\WINDOWS\System32\toibpovm.exe moved successfully.
    C:\Program Files\AdwareAlert\Settings moved successfully.
    C:\Program Files\AdwareAlert\Registry Backups moved successfully.
    C:\Program Files\AdwareAlert\Quarantine\27-12-2006-11-11-13 moved successfully.
    C:\Program Files\AdwareAlert\Quarantine\23-11-2006-19-51-41 moved successfully.
    C:\Program Files\AdwareAlert\Quarantine\2-6-2006-19-33-59 moved successfully.
    C:\Program Files\AdwareAlert\Quarantine moved successfully.
    C:\Program Files\AdwareAlert moved successfully.
    C:\Program Files\fichiers communs\tcprjjjh\tbennhnnap moved successfully.
    C:\Program Files\fichiers communs\tcprjjjh\rabnppaj moved successfully.
    C:\Program Files\fichiers communs\tcprjjjh moved successfully.

    Created on 06/09/2007 18:59:48


    Lors d'un nouveau run de HiJackThis, j'ai ceci :

    Logfile of HijackThis v1.99.1
    Scan saved at 19:04:08, on 09/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Norton Ghost\Agent\VProTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [FreeBrowser] C:\Program Files\FreeBrowser\FreeBrowser\FreeBrowser.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    O4 - Startup: FreePCvcR.lnk = C:\Program Files\FreePCvcR\FreePCvcR.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: SATARaid.lnk = ?
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_ce(...)
    O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.emcodec.com/v4/eCodec-v4.464.exe
    O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.157.152.82/AxisCamControl.ocx
    O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE


    Alors docteur, qu'en pensez vous ?
    Si vous pouviez me rassurer un peu en me disant que l'on avance ... parce que moi je ne sais absolument pas ce que l'on fait depuis bien longtemps ;^).
    répondre
    Al1fini le 09 juin 2007 à 20h39
    Voilà qui est fait ...

    Est ce que c'est terminé ?
    répondre
    Al1fini le 09 juin 2007 à 21h21
    Voilà, suite a run de System mechanic 7, et a reboot ,le nouveau run m'informe que plus rien n'est a réparer ...

    Dois je considérer que s'en ai fini de mes virus (anciens) ?

    répondre
    Al1fini le 09 juin 2007 à 21h30
    Un grand merci à vous tous et de sincère félicitations pour ce travail accompli (et je ne parle pas que de moi ...). Votre tache est infinie, car il vous faut gérer les cas au coup par coup ... et votre entrain est remarquable.

    Encore une question - la dernière - Que faut il pour acquérir votre niveau d'analyse sur ces questions de sécurité ? - pour ne plus avoir à vous déranger au cas ou ... on se trouve en présence de virus.
    répondre
    Malekal_morte le 10 juin 2007 à 08h54

    C'est OK, tu n'es plus infecté en suivant les dernières manipulations ci-dessous et lire ATTENTIVEMENT ce qui suit :)

    Essaye de rapporter ton infection sur le site que je te donne ci-dessous, ce serait super cool ;)

    Ton infection : Virtumonde

    Finir le nettoyage :
    - Nettoye ton ordinateur avec CCleaner : http://www.malekal.com/tutorial_CCleaner.html
    - Désactive puis réactive la restauration du système :
    - Mode d'emploi Windows XP
    - Tu peux ensuite désinstaller tous les programmes que l'on a utilisé.



    je t'invite à jeter un coup d'oeil à ces liens dans la mesure du possible, essaye de rapporter ton infection :

    Pour les utilisateurs d'Avast! Vous n'êtes pas protégé en utilisant Avast!. Antivir est vraiment très performant, c'est pourquoi, je te conseille d'opter pour cet antivirus qui est gratuit (surtout si tu as Avast!), voici le tutorial d'Antivir : http://www.malekal.com/tutorial_antivir.php
    Pour plus d'informations, voici un petit comparatif : http://forum.malekal.com/ftopic3123.php

    Comment se protéger des virus : - Tout ceci est résume sur cette page : Sécuriser son ordinateur et connaître les menaces
    Je t'invite aussi à mettre à jour tous les composants de ton système - Garde l'habitude de les maintenir à jour, un ordinateur avec des logiciels non à jour = infection ! tu peux scanner ton ordinateur pour vérifier quels sont les progammes non à jour en suivant les directives de cette page : http://www.malekal.com/scan_vulnerabilite.php

    Faire bouger les choses :

    Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :
    - Voir les règles de Malware-Complaints
    - Enregistre sur le forum à partir du bouton register en haut :
    Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
    Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

    Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10&sid=0ea0981a2025873f(...)

    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

    Pour poster un message, clics sur le bouton "post reply" et remplir les informations - NE PAS CREER UN SUJET avec le bouton New Topic.

    Pour toutes aides pour poster ton message, tu peux consulter ce lien : http://www.malekal.com/malwarecomplaints.html
    Si tu as des questions ou des problèmes, n'hésites pas à me demander ici ou à contacter un des modérateurs du forum : Kimberly, AgnesD ou ipl_001.
    -------
    Supprimer les popups de pubs intempestives
    Sécuriser votre ordinateur
    répondre


    PRODUITS

    TÉLÉCHARGER - LOGICIELS

    JEUX VIDÉOS

    LOISIRS

    01NET PRO

    AVIS ET COMMENTAIRES

    A PROPOS DE 01NET

    Forum de 01net / Sécurité / Virus - pub disk cleaner + accés à 89.188.16.10 [résolu]
    publicité
    Shopping
    Maillots de bain : les vacances commencent !

    01Informatique
    01 INFORMATIQUE
    L'hebdo de référence des décideurs informatiques.
    Micro Hebdo
    MICRO HEBDO
    L'hebdo qui vous simplifie la micro
    et Internet.
    L'Ordinateur Individuel
    L'ORDINATEUR INDIVIDUEL
    Le mensuel informatique qui vous informe et vous conseille.
    Nous contacter  |  Charte de confiance  |  Voir notice légale

    01net.  -  01men  -  RMC  -  BFM Radio  -  BFM TV  -  La Tribune  -  TousLesPodcasts  -  01informatique.fr  -  Association RMC-BFM
    Tous droits réservés © 1999 - 2009 Internext - 01net.