infection psw.x vir et vundo --> analyse Hijackthis

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede Ange » 15 Nov 2007, 23:38

bsr,

Manips exécutées, voici les rapports demandés
à noter qu'au redemarrage du pc j'ai tjrs les 2 alertes antivir. J'ai effectué les manip avec la connection internet. ton poste précisait que je n'aurait plus accès à internet en cors de manip mais je n'ai pas noté que je devait couper ma connection (j'ai donc pensé qu'il s'agissait d'un copier coller de ta part... sinon j'ai tout faux et je doit recommencer ?)

merci encore de passer autant de temps sur ce problème

VundoFix V6.5.11

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 12:17:07 12/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\djgdbygg.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.11

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 09:57:06 14/11/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.11

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 14:26:40 14/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\ojpizsyx.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ojpizsyx.dll
C:\WINDOWS\system32\ojpizsyx.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.6.1

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 23:22:01 15/11/2007

Listing files found while scanning....

C:\windows\system32\njgydfpv.dll

Beginning removal...

Attempting to delete C:\windows\system32\njgydfpv.dll
C:\windows\system32\njgydfpv.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:50, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Philippe
F2 - REG:system.ini: Shell=
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [f8eb4dd2] rundll32.exe "C:\WINDOWS\system32\lknalget.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: MailWasherPro.lnk = D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4875328533
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - http://192.9.200.110/plugin/h263ctrl.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00D44E6.dat
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vtngarlc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 12432 bytes
Ange
 
Messages: 15
Inscription: 12 Nov 2007, 13:45
Localisation: Saint Brieuc

Messagede nickW » 16 Nov 2007, 23:12

Bonsoir,

La nouvelle version de VundoFix a bien travaillé!

On continue:

Au vu de la longueur de la procédure, je te conseille de l'imprimer, d'enregistrer la page dans un fichier HTML (c'est la meilleure solution), ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).


Étape 1: Ccleaner
Lancer le programme.
Note: il est inutile de modifier les paramètres autres que ceux indiqués ci-dessous:
*- Si nécessaire, aller dans le menu Options et choisir le langage: Français.
*- Dans le menu Nettoyeur - onglet Windows, cocher (si ce n'est déjà fait):
Internet Explorer: Fichiers Internet Temporaires, Cookies
Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
Avancé: Vieilles données du Prefetch
*- Dans le menu Options - sous-menu Avancé, décocher:
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
*- Dans le menu Nettoyeur - onglet Applications, cocher:
Internet: Sun Java
*- Si ce paragraphe est présent, dans le menu Nettoyeur - onglet Applications, cocher (si ce n'est déjà fait):
Firefox/Mozilla: Cache Internet, Cookies

Cliquer sur Analyse
Dans le menu Options - sous-menu Cookies, faire passer dans le panneau de droite les cookies que tu veux absolument conserver.
Puis dans le menu Nettoyeur, cliquer sur le bouton Lancer le nettoyage.
Fermer le programme.


Étape 2: The Avenger (de Swandog46), téléchargement
Télécharger The Avenger depuis http://swandog46.geekstogo.com/avenger.zip
Enregistrer ce fichier sur le Bureau.
Extraire de l'archive Avenger.zip le fichier avenger.exe et le placer sur le Bureau.


Étape 3: Création du fichier aven1.txt
Faire un copier/coller des lignes ci-dessous (dans la zone "Code") dans le Bloc-notes (alias Notepad).
Dans le Bloc-notes, vérifier (dans le menu Format) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sur le Bureau sous le nom de aven1.txt

Code: Tout sélectionner
Files to Delete:
C:\WINDOWS\system32\lknalget.dll
C:\WINDOWS\system32\__c00D44E6.dat
C:\WINDOWS\system32\ojpizsyx.dll
C:\WINDOWS\system32\selrohac.dll
C:\WINDOWS\system32\tabudrku.dll
C:\WINDOWS\system32\ktffrehf.dll
C:\WINDOWS\system32\ffbywpxr.dll
C:\WINDOWS\system32\oettlgcx.dll
C:\WINDOWS\system32\gpvoikpp.dll
C:\WINDOWS\system32\nflawsnd.dll
C:\WINDOWS\system32\njgydfpv.dll
C:\WINDOWS\system32\etmrhluj.dll
C:\WINDOWS\system32\khfge.dll
C:\WINDOWS\system32\vtngarlc.exe


Note: Le code ci-dessus a été créé exclusivement pour CET utilisateur.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 4: Service
Arrêter puis désactiver un service:

Démarrer--->Exécuter
Taper services.msc puis cliquer sur OK
Descendre jusqu'à DomainService
Faire un clic droit dessus et choisir Propriétés
Vérifier que dans la case "Chemin d'accès des fichiers exécutables" il y a bien C:\WINDOWS\system32\vtngarlc.exe
Dans Statut du service, cliquer sur Arrêter (s'il n'est pas déjà arrêté)
Cliquer sur Appliquer,
Dans Type de démarrage, choisir Désactivé
Cliquer sur Appliquer, puis sur OK


Étape 5: HijackThis
Fermer toutes les fenêtres de programme.
Lancer HijackThis.
Cliquer sur le bouton "Do a system scan only" ou "Scan"
Vérifier que HijackThis fera des sauvegardes: Dans "Config", cocher "Make backups before fixing items", puis cliquer sur le bouton "Back".
Cocher la case située devant les lignes ci-dessous, puis cliquer sur Fix checked:
(si des lignes sont absentes, le signaler en réponse, après la fin de l'ensemble des étapes).

F2 - REG:system.ini: Shell=
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [f8eb4dd2] rundll32.exe "C:\WINDOWS\system32\lknalget.dll",b
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - http://192.9.200.110/plugin/h263ctrl.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00D44E6.dat
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vtngarlc.exe (file missing)

Fermer HijackThis.


Étape 6: The Avenger (de Swandog46), exécution
Fermer toutes les fenêtres de programme (il va y avoir redémarrage du PC).
Lancer The Avenger en cliquant sur son icône située sur le Bureau.
Cliquer sur OK sur le message d'avertissement.
Sous "Script file to execute" choisir "Load script from file:".
Puis cliquer sur le bouton représentant un dossier jaune, ce qui va ouvrir une nouvelle fenêtre "Open script file"
Dans cette fenêtre, naviguer jusqu'au Bureau et sélectionner (double clic) le fichier aven1.txt
Ensuite cliquer sur le bouton représentant un feu vert pour lancer l'exécution du script.
Répondre "Oui/Yes" deux fois quand demandé.
Il va y avoir un ou deux redémarrages (avec une brève apparition d'une fenêtre de commande à fond noir).
En fin d'exécution, le rapport s'affichera dans le Bloc-notes.
Fermer le Bloc-notes.


Étape 7: Deckard's System Scanner (DSS) (de Deckard)
Fermer toutes les fenêtres de programme ouvertes, pas de connexion Internet active.
Faire un double clic sur dss.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Cliquer sur OK lorsque cela est demandé (3 fois).
Lorsque l'outil a terminé le balayage, deux fichiers texte vont s'ouvrir dans le Bloc-notes:
main.txt <- ouvert dans une fenêtre normale
extra.txt <- ouvert dans une fenêtre réduite
Fermer ces deux fenêtres du Bloc-notes.


Étape 8: Résultats
Envoyer en réponse:
*- le rapport de The Avenger (contenu du fichier C:\avenger.txt)
*- un seul des deux rapports de Deckard's System Scanner (contenu du fichier main.txt situé dans le dossier C:\Deckard\System Scanner).

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Ange » 17 Nov 2007, 11:10

:?: GROS PROBLEME

à la lecture de ton post, certaines lignes sous Hijackthis avait été modifiées car intouvables (C:\WINDOWS\system32\lknalget.dll ... lknalget.dll ayant été changée dans la Bdr), j'ai donc fixé ce que je pouvais (immédiatement alerte VUNDO de antivir) puis redémarré le pc.

voici les alertes antivir que je reçois après démarrage :

1. TR/Dldr.gen.ZV.1b
2. TR/Dldr.agen.ZV.1b

1 minute plus tard :

3. FOTOMOTO/F1
4. FOTOMOTO/F1

10 secondes plus tard :

4. TR/VUNDO.CA dans c:/documents and setting...hctp[1]
5. TR/VUNDO.CA dans c:/documents and setting...jfwbnj.dll

j'ai relancé Vundofix, mais il ne trouve pas d'infection

après une semaine de galère, je me demande si la solution ne consisterai pas à tout réinstaller ...parce que là, j'en ai franchement ras le bol... néanmoins je te poste mon dernier rapport dss
Deckard's System Scanner v20071014.68
Run by Philippe on 2007-11-17 11:15:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Philippe.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:13, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Documents and Settings\Philippe\Bureau\VundoFix.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Philippe\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Philippe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Philippe
O2 - BHO: (no name) - {05536B88-C474-4AD4-8F8D-AA8D5F8D1B0D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C693A5F-A4DB-4987-BD1E-E9EC42515867} - (no file)
O2 - BHO: (no name) - {2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A} - (no file)
O2 - BHO: (no name) - {361135C4-A534-4352-9615-135153287929} - (no file)
O2 - BHO: (no name) - {38FF3918-6D9B-48EC-88D4-660C8BA9C883} - (no file)
O2 - BHO: (no name) - {41CDEAE2-A989-4664-963B-F7053EB737C7} - (no file)
O2 - BHO: (no name) - {447f5e11-2ae5-4485-886a-6d037fcc41a0} - (no file)
O2 - BHO: (no name) - {4819FD67-4CF1-4107-B786-99F29BAAE185} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8C12E6B6-AF35-4214-9D20-B4A5DDA5EA56} - (no file)
O2 - BHO: (no name) - {9AE75DE8-2480-4D0E-8BA1-0779ADD26D60} - (no file)
O2 - BHO: (no name) - {9E005FA8-BF2E-4B5F-9798-6234A5DCC91B} - C:\WINDOWS\system32\khfge.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BB0C6E78-4247-4422-B3B7-439C87629090} - (no file)
O2 - BHO: (no name) - {BF16201C-1014-4C2A-BE23-10224974ECA5} - (no file)
O2 - BHO: (no name) - {C0770C36-B27F-4941-AD55-2F5C9EC355F8} - (no file)
O2 - BHO: (no name) - {CF32E88A-7FD0-4FC5-ABD0-F70396617ECA} - (no file)
O2 - BHO: (no name) - {E5ADACF2-0401-491B-B319-B6E342D28848} - (no file)
O2 - BHO: (no name) - {ED009073-7075-416E-B66D-2E37CA9DE699} - (no file)
O2 - BHO: {de393cd9-6d18-5d19-aba4-a3c245e925de} - {ed529e54-2c3a-4aba-91d5-81d69dc393ed} - C:\WINDOWS\system32\wdilcwuo.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: MailWasherPro.lnk = D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4875328533
O20 - Winlogon Notify: byxyvwu - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13926 bytes

-- Files created between 2007-10-17 and 2007-11-17 -----------------------------

2007-11-17 11:12:07 0 dr-h----- C:\Documents and Settings\Philippe\Recent
2007-11-17 10:50:06 82496 --a------ C:\WINDOWS\system32\wdilcwuo.dll
2007-11-17 09:49:48 82496 --a------ C:\WINDOWS\system32\hlijfcxt.dll
2007-11-16 13:00:43 85056 --a------ C:\WINDOWS\system32\ppyggsyt.dll
2007-11-16 12:57:42 81984 --a------ C:\WINDOWS\system32\hpgtwjml.dll
2007-11-16 10:34:48 81984 --a------ C:\WINDOWS\system32\lfiglety.dll
2007-11-16 09:16:15 81984 --a------ C:\WINDOWS\system32\pvfvvmbd.dll
2007-11-15 23:39:25 79936 --a------ C:\WINDOWS\system32\ewadwhua.dll
2007-11-15 23:18:15 79936 --a------ C:\WINDOWS\system32\gpkyynlb.dll
2007-11-15 14:13:17 85056 --a------ C:\WINDOWS\system32\seigypsy.dll
2007-11-15 14:10:22 79936 --a------ C:\WINDOWS\system32\rjqnbyqi.dll
2007-11-15 13:46:20 79936 --a------ C:\WINDOWS\system32\khmreyqg.dll
2007-11-15 13:07:24 85056 --a------ C:\WINDOWS\system32\moykyyyb.dll
2007-11-15 13:01:23 79936 --a------ C:\WINDOWS\system32\adkwofsu.dll
2007-11-15 09:14:56 79936 --a------ C:\WINDOWS\system32\hhrgfbes.dll
2007-11-15 09:11:56 85056 --a------ C:\WINDOWS\system32\ayvbflss.dll
2007-11-14 19:14:28 85056 --a------ C:\WINDOWS\system32\kijvghqu.dll
2007-11-14 19:08:28 79424 --a------ C:\WINDOWS\system32\uoprusva.dll
2007-11-14 18:38:22 79424 --a------ C:\WINDOWS\system32\ayuihcuo.dll
2007-11-14 16:38:20 79424 --a------ C:\WINDOWS\system32\wbqcgrta.dll
2007-11-14 15:31:05 79424 --a------ C:\WINDOWS\system32\ciuuktws.dll
2007-11-14 14:39:43 81472 --a------ C:\WINDOWS\system32\sabanhxg.dll
2007-11-14 14:16:34 85056 --a------ C:\WINDOWS\system32\tabudrku.dll
2007-11-14 13:47:49 81472 --a------ C:\WINDOWS\system32\selrohac.dll
2007-11-14 13:42:18 10816 --a------ C:\WINDOWS\system32\etmrhluj.dll
2007-11-14 09:35:53 2015 -r-h----- C:\WINDOWS\system32\drivers\hosts
2007-11-14 09:13:52 85056 --a------ C:\WINDOWS\system32\gpvoikpp.dll
2007-11-14 09:13:49 81472 --a------ C:\WINDOWS\system32\nflawsnd.dll
2007-11-13 15:41:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-13 09:30:25 245703 ---hs---- C:\WINDOWS\system32\egfhk.ini2
2007-11-13 09:21:35 88128 --a------ C:\WINDOWS\system32\ffbywpxr.dll
2007-11-13 09:15:36 80448 --a------ C:\WINDOWS\system32\oettlgcx.dll
2007-11-13 09:05:31 243976 ---hs---- C:\WINDOWS\system32\egfhk.bak2
2007-11-12 17:47:24 0 d-------- C:\Documents and Settings\Philippe\Application Data\Ufasoft
2007-11-12 16:00:22 0 d-------- C:\Documents and Settings\Philippe\Application Data\RegistrySmart
2007-11-12 15:37:45 0 d-------- C:\Program Files\MSXML 6.0
2007-11-12 15:34:26 0 d-------- C:\Program Files\MSBuild
2007-11-12 15:30:25 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-11-12 15:29:08 0 d-------- C:\Program Files\Reference Assemblies
2007-11-12 15:04:53 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-12 14:30:40 0 d-------- C:\WINDOWS\system32\fr-fr
2007-11-12 14:29:00 6505 ---hs---- C:\WINDOWS\system32\egfhk.bak1
2007-11-12 14:28:31 317536 --a------ C:\WINDOWS\system32\khfge.dll
2007-11-12 14:26:32 0 d-------- C:\WINDOWS\network diagnostic
2007-11-12 14:06:41 0 d--hs---- C:\Documents and Settings\Philippe\UserData
2007-11-12 13:13:42 4980 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-12 12:17:07 0 d-------- C:\VundoFix Backups
2007-11-12 12:07:47 0 d-------- C:\Program Files\Navilog1
2007-11-11 18:31:11 0 d-------- C:\Program Files\Avira
2007-11-11 18:31:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-11 18:28:36 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2007-11-11 18:28:08 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2007-11-11 17:41:09 0 d-------- C:\Program Files\Trend Micro
2007-11-11 16:49:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 13:54:39 0 d-------- C:\Program Files\Enigma Software Group
2007-11-11 10:42:53 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Corporation
2007-11-11 10:42:53 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2007-11-11 10:42:53 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-11 10:42:52 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2007-11-11 10:42:52 0 dr-h----- C:\Documents and Settings\Administrateur\Recent
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-11-11 10:42:52 0 dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-11 10:42:52 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2007-11-11 10:42:52 0 dr------- C:\Documents and Settings\Administrateur\Favoris
2007-11-11 10:42:52 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
2007-11-11 10:42:52 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-11 10:42:52 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2007-11-11 10:42:52 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-11-11 10:42:52 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Sun
2007-11-11 10:42:51 1048576 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2007-11-11 10:28:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-11 10:10:01 240897 -----n--- C:\WINDOWS\system32\aceeg.bak2
2007-11-10 13:42:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-11-10 13:01:21 0 d-------- C:\Program Files\Fichiers communs\Nero
2007-11-10 11:42:35 6465 -----n--- C:\WINDOWS\system32\aceeg.bak1
2007-11-06 10:01:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\Help
2007-11-02 09:13:45 0 d-------- C:\Documents and Settings\Philippe\Application Data\Nero
2007-11-02 09:08:51 0 d-------- C:\Program Files\Nero
2007-11-02 09:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-01 11:11:46 0 d-------- C:\Documents and Settings\Philippe\Application Data\Sonic
2007-11-01 11:08:26 0 d-------- C:\Documents and Settings\Philippe\Application Data\Leadertech
2007-11-01 10:22:12 0 d-------- C:\Documents and Settings\Philippe\dwhelper
2007-10-30 19:53:32 97280 --a------ C:\WINDOWS\b147.exe
2007-10-30 12:58:42 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not>
2007-10-30 12:58:42 0 d-------- C:\Program Files\OpenAL
2007-10-30 12:58:41 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not>
2007-10-30 09:48:41 0 d-------- C:\Documents and Settings\Philippe\Application Data\FileZilla
2007-10-28 14:57:33 0 d-------- C:\Program Files\DivXCodec
2007-10-28 14:55:40 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-28 14:55:40 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-28 14:25:17 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-28 14:23:05 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-28 10:59:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-10-27 12:32:18 0 d-------- C:\Documents and Settings\Philippe\Application Data\MailWasherPro
2007-10-26 13:38:47 0 d-------- C:\WINDOWS\system32\WinXP
2007-10-26 13:38:47 0 d-------- C:\WINDOWS\system32\Win2K
2007-10-26 13:38:44 192512 -----n--- C:\WINDOWS\system32\DetectHardware.exe <Not>
2007-10-26 13:38:44 143360 -----n--- C:\WINDOWS\system32\bcmwlu00.exe <Not>
2007-10-26 13:38:44 462848 -----n--- C:\WINDOWS\system32\bcmwltry.exe <Not>
2007-10-26 12:49:40 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-26 12:30:59 0 d-------- C:\Documents and Settings\Philippe\Application Data\Help
2007-10-26 08:21:39 0 d-------- C:\Documents and Settings\Philippe\Application Data\IsolatedStorage
2007-10-26 08:20:07 0 d-------- C:\WINDOWS\system32\URTTemp
2007-10-25 13:02:02 210032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2007-10-25 12:53:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-10-25 12:53:11 0 d-------- C:\Program Files\Macromedia
2007-10-25 12:53:11 0 d-------- C:\Program Files\Fichiers communs\Macromedia
2007-10-25 12:48:03 0 d-------- C:\Program Files\Symantec
2007-10-25 12:31:13 0 d-------- C:\WINDOWS\Downloaded Installations
2007-10-25 12:17:23 0 d-------- C:\Program Files\Radmin
2007-10-24 21:48:03 42392 --a------ C:\Documents and Settings\Philippe\Application Data\GDIPFONTCACHEV1.DAT
2007-10-24 14:33:06 81920 -----n--- C:\WINDOWS\system32\vdrmux.dll <Not>
2007-10-24 14:33:06 155721 -----n--- C:\WINDOWS\system32\RALMain.dll <Not>
2007-10-24 14:33:06 294912 -----n--- C:\WINDOWS\system32\pvmjpg21.dll <Not>
2007-10-24 14:33:06 44544 -----n--- C:\WINDOWS\system32\msxml4a.dll <Not>
2007-10-24 14:33:06 73728 -----n--- C:\WINDOWS\system32\MMAviAx.dll <Not>
2007-10-24 14:33:06 32768 -----n--- C:\WINDOWS\system32\MLPagAx.dll <Not>
2007-10-24 14:33:06 40960 -----n--- C:\WINDOWS\system32\langserv.dll <Not>
2007-10-24 14:33:06 204881 -----n--- C:\WINDOWS\system32\DiskIO.dll <Not>
2007-10-24 14:33:06 32838 -----n--- C:\WINDOWS\system32\Cachex.dll <Not>
2007-10-24 14:33:06 114759 -----n--- C:\WINDOWS\system32\Aviprax.dll <Not>
2007-10-24 14:32:24 0 d-------- C:\WINDOWS\system32\Quicktime
2007-10-24 14:32:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-10-24 14:32:21 0 d-------- C:\Program Files\SmartSound Software
2007-10-24 14:30:21 11264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys <Not>
2007-10-24 14:30:14 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-10-24 14:30:14 19456 --a------ C:\WINDOWS\system32\asapi.dll <Not>
2007-10-24 14:30:12 90112 --a------ C:\WINDOWS\unvise32.exe <Not>
2007-10-24 14:27:54 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not>
2007-10-24 14:25:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-24 14:24:59 0 d-------- C:\Program Files\Pinnacle
2007-10-24 14:24:35 14165 -----n--- C:\WINDOWS\system32\drivers\Pclepci.sys <Not>
2007-10-24 13:03:30 0 d-------- C:\WINDOWS\system32\LogFiles
2007-10-24 12:12:34 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-10-24 12:09:05 0 d-------- C:\Program Files\Corel
2007-10-24 12:05:41 0 d-------- C:\Program Files\Fichiers communs\Corel
2007-10-24 11:35:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2007-10-24 11:30:10 3714 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-24 11:30:10 88 -r-hs---- C:\WINDOWS\system32\8C01962A35.sys
2007-10-24 11:25:06 0 d-------- C:\Documents and Settings\Philippe\Application Data\Corel
2007-10-24 11:18:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-24 11:18:04 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-10-24 09:27:31 0 d-------- C:\WINDOWS\ShellNew
2007-10-24 09:21:46 0 d-------- C:\Program Files\MSXML 4.0
2007-10-23 12:55:40 0 d-------- C:\Documents and Settings\Philippe\Application Data\Azureus
2007-10-23 12:40:47 0 d-------- C:\Documents and Settings\Philippe\Application Data\WinRAR
2007-10-23 12:03:58 1467 --a------ C:\WINDOWS\mozver.dat
2007-10-23 12:01:44 0 d-------- C:\Documents and Settings\Philippe\Application Data\Talkback
2007-10-23 12:01:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-23 12:01:28 0 d-------- C:\Documents and Settings\Philippe\Application Data\Mozilla
2007-10-22 19:24:08 0 d-------- C:\WINDOWS\Sun
2007-10-22 16:26:05 61440 --a------ C:\WINDOWS\scrub2k.exe
2007-10-22 16:26:03 0 d-------- C:\Program Files\Hewlett-Packard
2007-10-22 15:51:03 61440 --a------ C:\WINDOWS\system32\SonyAIwo.dll <Not>
2007-10-22 15:51:03 35328 --a------ C:\WINDOWS\system32\SonyAIwd.dll <Not>
2007-10-22 15:51:03 52736 --a------ C:\WINDOWS\system32\SonyAIds.dll <Not>
2007-10-22 15:24:12 0 d-------- C:\Documents and Settings\Philippe\Application Data\AdobeUM
2007-10-22 15:17:56 0 d-------- C:\Documents and Settings\Philippe\Application Data\Macromedia
2007-10-22 15:11:54 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not>
2007-10-22 15:11:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-10-22 15:11:00 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-10-22 14:23:37 0 d-a------ C:\Documentation
2007-10-22 13:19:31 0 d-------- C:\Documents and Settings\Philippe\Application Data\Google
2007-10-22 13:18:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-10-22 13:18:08 0 d-------- C:\Update
2007-10-22 13:17:43 0 d-------- C:\WINDOWS\system32\PreInstall
2007-10-22 13:17:40 0 d--h----- C:\WINDOWS\$hf_mig$
2007-10-22 13:12:50 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-10-22 13:00:46 0 d-------- C:\Program Files\Microsoft Works
2007-10-22 12:59:43 0 d-------- C:\Program Files\Sonic
2007-10-22 12:58:52 0 d-------- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2007-10-22 12:54:27 2981888 --a------ C:\WINDOWS\system32\iplw7.dll <Not>
2007-10-22 12:54:26 2502656 --a------ C:\WINDOWS\system32\iplpx.dll <Not>
2007-10-22 12:54:26 2531328 --a------ C:\WINDOWS\system32\iplp6.dll <Not>
2007-10-22 12:54:26 2785280 --a------ C:\WINDOWS\system32\iplm6.dll <Not>
2007-10-22 12:54:26 2686976 --a------ C:\WINDOWS\system32\iplm5.dll <Not>
2007-10-22 12:54:25 2973696 --a------ C:\WINDOWS\system32\ipla6.dll <Not>
2007-10-22 12:54:25 53248 --a------ C:\WINDOWS\system32\ipl.dll <Not>
2007-10-22 12:54:25 19968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2007-10-22 12:52:33 0 d-------- C:\Program Files\MoodLogic
2007-10-22 12:52:26 757760 --a------ C:\WINDOWS\system32\CDDBUI.dll <Not>
2007-10-22 12:52:26 110592 --a------ C:\WINDOWS\system32\CddbLangFR.dll <Not>
2007-10-22 12:52:26 630784 --a------ C:\WINDOWS\system32\CDDBControl.dll <Not>
2007-10-22 12:43:16 0 d-------- C:\Documents and Settings\Philippe\Application Data\Adobe
2007-10-22 12:42:35 0 d-------- C:\Program Files\Fichiers communs\Adobe
2007-10-22 12:39:47 0 d-------- C:\Program Files\Utimaco
2007-10-22 12:39:00 0 d-------- C:\Program Files\TvTvHTML
2007-10-22 12:38:59 0 d-------- C:\Program Files\TVTV EPG Installer
2007-10-22 12:33:06 0 d-------- C:\Documents and Settings\Philippe\Application Data\Identities
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Voisinage réseau
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Voisinage d'impression
2007-10-22 12:33:05 0 dr-h----- C:\Documents and Settings\Philippe\SendTo
2007-10-22 12:33:05 5242880 --ah----- C:\Documents and Settings\Philippe\NTUSER.DAT
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Modèles
2007-10-22 12:33:05 0 dr------- C:\Documents and Settings\Philippe\Mes documents
2007-10-22 12:33:05 0 dr------- C:\Documents and Settings\Philippe\Menu Démarrer
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Local Settings
2007-10-22 12:33:05 0 dr------- C:\Documents and Settings\Philippe\Favoris
2007-10-22 12:33:05 0 d--hs---- C:\Documents and Settings\Philippe\Cookies
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Bureau
2007-10-22 12:33:05 0 dr-h----- C:\Documents and Settings\Philippe\Application Data
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Application Data\Symantec
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Application Data\Sun
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Application Data\Sony Corporation
2007-10-22 12:32:43 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-10-22 12:32:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-10-22 12:32:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2007-10-22 12:32:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Sony Corporation


-- Find3M Report ---------------------------------------------------------------

2007-11-17 10:41:33 505148 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-11-17 10:41:32 83484 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-11 17:27:41 0 d-------- C:\Program Files\Fichiers communs
2007-10-28 16:13:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-28 10:44:29 0 d-------- C:\Program Files\Google
2007-10-26 12:51:54 2508 --a------ C:\Documents and Settings\Philippe\Application Data\$_hpcst$.hpc
2007-10-25 12:49:34 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-10-23 12:06:31 0 d-------- C:\Program Files\Java
2007-10-22 22:04:20 0 d-------- C:\Program Files\Messenger
2007-10-22 15:10:54 0 d-------- C:\Program Files\Intel
2007-10-22 15:01:29 0 d-------- C:\Program Files\InterVideo
2007-10-22 14:47:02 0 d-------- C:\Program Files\sony
2007-10-22 14:45:06 0 d-------- C:\Program Files\Fichiers communs\Sony Shared
2007-10-22 14:44:28 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2007-10-10 14:53:54 184320 --a------ C:\WINDOWS\b111.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05536B88-C474-4AD4-8F8D-AA8D5F8D1B0D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C693A5F-A4DB-4987-BD1E-E9EC42515867}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B3CF38E-7433-46B3-9C04-DEA9E0EFD98A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{361135C4-A534-4352-9615-135153287929}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38FF3918-6D9B-48EC-88D4-660C8BA9C883}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41CDEAE2-A989-4664-963B-F7053EB737C7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{447f5e11-2ae5-4485-886a-6d037fcc41a0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4819FD67-4CF1-4107-B786-99F29BAAE185}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C12E6B6-AF35-4214-9D20-B4A5DDA5EA56}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AE75DE8-2480-4D0E-8BA1-0779ADD26D60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E005FA8-BF2E-4B5F-9798-6234A5DCC91B}]
12/11/2007 14:28 317536 --a------ C:\WINDOWS\system32\khfge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB0C6E78-4247-4422-B3B7-439C87629090}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF16201C-1014-4C2A-BE23-10224974ECA5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0770C36-B27F-4941-AD55-2F5C9EC355F8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF32E88A-7FD0-4FC5-ABD0-F70396617ECA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5ADACF2-0401-491B-B319-B6E342D28848}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED009073-7075-416E-B66D-2E37CA9DE699}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ed529e54-2c3a-4aba-91d5-81d69dc393ed}]
17/11/2007 10:50 82496 --a------ C:\WINDOWS\system32\wdilcwuo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [07/11/2003 18:21]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [26/08/2004 20:00]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [29/06/2004 13:49]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [19/01/2004 09:49]
"SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [29/06/2004 20:45]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [19/09/2003 18:42]
"Mouse Suite 98 Daemon"="ICO.EXE" [14/03/2002 15:46 C:\WINDOWS\system32\ico.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [19/08/2004 15:10 C:\WINDOWS\system32\bthprops.cpl]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [20/02/2004 13:12]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [20/08/2002 11:29]
"HPWS myPrintMileage Agent"="C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe" [01/12/2004 13:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"Norton Ghost 9.0"="D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [10/11/2004 10:03]
"bcmwltry"="bcmwltry.exe" [25/07/2003 07:28 C:\WINDOWS\system32\bcmwltry.exe]
"RemoveCpl"="RemoveCpl.exe" [14/01/2003 22:50 C:\WINDOWS\system32\RemoveCpl.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [11/11/2007 18:39]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [13/11/2007 15:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [26/06/2006 20:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 15:09]

C:\Documents and Settings\Philippe\Menu D‚marrer\Programmes\D‚marrage\
MailWasherPro.lnk - D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [30/10/2007 12:16:26]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [22/10/2007 12:50:13]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 08:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvwu]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfge.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2007-11-17 11:17:15 ------------



Ange
 
Messages: 15
Inscription: 12 Nov 2007, 13:45
Localisation: Saint Brieuc

Messagede Ange » 17 Nov 2007, 12:25

après réflexion j'ai décidé de m'accrocher, pas pour moi, mais pour tous ceux qui pourraient avoir ce genre de pb.

j'ai donc supprimé vundofix de mon bureau puis téléchargé une nouvelle version de vundo fix.
j'ai lancé l'appli dont voici le rapport (pas piqué des vers) :
note : je n'ai plus aucune alerte antivir après le redemmarrage du PC !!! je ne touche plus à rien et j'attend ton post

MERCI POUR TOUT

VundoFix V6.6.1

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 09:30:13 16/11/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.6.1

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 09:59:40 17/11/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.6.1

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 10:41:48 17/11/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 11:57:50 17/11/2007

Listing files found while scanning....


VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 12:09:05 17/11/2007

Listing files found while scanning....

C:\windows\system32\egfhk.bak1
C:\windows\system32\egfhk.bak2
C:\windows\system32\egfhk.ini
C:\windows\system32\egfhk.ini2
C:\windows\system32\egfhk.tmp
C:\windows\system32\etmrhluj.dll
C:\windows\system32\khfge.dll
C:\windows\system32\ojpizsyx.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\egfhk.bak1
C:\windows\system32\egfhk.bak1 Has been deleted!

Attempting to delete C:\windows\system32\egfhk.bak2
C:\windows\system32\egfhk.bak2 Has been deleted!

Attempting to delete C:\windows\system32\egfhk.ini
C:\windows\system32\egfhk.ini Has been deleted!

Attempting to delete C:\windows\system32\egfhk.ini2
C:\windows\system32\egfhk.ini2 Has been deleted!

Attempting to delete C:\windows\system32\egfhk.tmp
C:\windows\system32\egfhk.tmp Has been deleted!

Attempting to delete C:\windows\system32\etmrhluj.dll
C:\windows\system32\etmrhluj.dll Has been deleted!

Attempting to delete C:\windows\system32\khfge.dll
C:\windows\system32\khfge.dll Has been deleted!

Attempting to delete C:\windows\system32\ojpizsyx.dllbox
C:\windows\system32\ojpizsyx.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:53, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Philippe
O2 - BHO: {07d68ebe-7b63-02e9-0a04-f653d4a00e10} - {01e00a4d-356f-40a0-9e20-36b7ebe86d70} - C:\WINDOWS\system32\wblwxcdf.dll
O2 - BHO: (no name) - {05536B88-C474-4AD4-8F8D-AA8D5F8D1B0D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C693A5F-A4DB-4987-BD1E-E9EC42515867} - (no file)
O2 - BHO: (no name) - {361135C4-A534-4352-9615-135153287929} - (no file)
O2 - BHO: (no name) - {38FF3918-6D9B-48EC-88D4-660C8BA9C883} - (no file)
O2 - BHO: (no name) - {41CDEAE2-A989-4664-963B-F7053EB737C7} - (no file)
O2 - BHO: (no name) - {447f5e11-2ae5-4485-886a-6d037fcc41a0} - (no file)
O2 - BHO: (no name) - {4819FD67-4CF1-4107-B786-99F29BAAE185} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6903BE4C-088F-41EE-B99B-BCA03C9585E3} - C:\WINDOWS\system32\khfge.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8C12E6B6-AF35-4214-9D20-B4A5DDA5EA56} - (no file)
O2 - BHO: (no name) - {9AE75DE8-2480-4D0E-8BA1-0779ADD26D60} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BB0C6E78-4247-4422-B3B7-439C87629090} - (no file)
O2 - BHO: (no name) - {BF16201C-1014-4C2A-BE23-10224974ECA5} - (no file)
O2 - BHO: (no name) - {C0770C36-B27F-4941-AD55-2F5C9EC355F8} - (no file)
O2 - BHO: (no name) - {CF32E88A-7FD0-4FC5-ABD0-F70396617ECA} - (no file)
O2 - BHO: (no name) - {E5ADACF2-0401-491B-B319-B6E342D28848} - (no file)
O2 - BHO: (no name) - {ED009073-7075-416E-B66D-2E37CA9DE699} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: MailWasherPro.lnk = D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4875328533
O20 - Winlogon Notify: byxyvwu - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13811 bytes
Ange
 
Messages: 15
Inscription: 12 Nov 2007, 13:45
Localisation: Saint Brieuc

Messagede Ange » 17 Nov 2007, 13:45

tu auras également besoin du rapport dss pour le log text de avenger, le voici :
Deckard's System Scanner v20071014.68
Run by Philippe on 2007-11-17 13:25:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Philippe.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:46, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Documents and Settings\Philippe\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Philippe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Philippe
O2 - BHO: {07d68ebe-7b63-02e9-0a04-f653d4a00e10} - {01e00a4d-356f-40a0-9e20-36b7ebe86d70} - C:\WINDOWS\system32\wblwxcdf.dll
O2 - BHO: (no name) - {05536B88-C474-4AD4-8F8D-AA8D5F8D1B0D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C693A5F-A4DB-4987-BD1E-E9EC42515867} - (no file)
O2 - BHO: (no name) - {361135C4-A534-4352-9615-135153287929} - (no file)
O2 - BHO: (no name) - {38FF3918-6D9B-48EC-88D4-660C8BA9C883} - (no file)
O2 - BHO: (no name) - {41CDEAE2-A989-4664-963B-F7053EB737C7} - (no file)
O2 - BHO: (no name) - {447f5e11-2ae5-4485-886a-6d037fcc41a0} - (no file)
O2 - BHO: (no name) - {4819FD67-4CF1-4107-B786-99F29BAAE185} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6903BE4C-088F-41EE-B99B-BCA03C9585E3} - C:\WINDOWS\system32\khfge.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8C12E6B6-AF35-4214-9D20-B4A5DDA5EA56} - (no file)
O2 - BHO: (no name) - {9AE75DE8-2480-4D0E-8BA1-0779ADD26D60} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BB0C6E78-4247-4422-B3B7-439C87629090} - (no file)
O2 - BHO: (no name) - {BF16201C-1014-4C2A-BE23-10224974ECA5} - (no file)
O2 - BHO: (no name) - {C0770C36-B27F-4941-AD55-2F5C9EC355F8} - (no file)
O2 - BHO: (no name) - {CF32E88A-7FD0-4FC5-ABD0-F70396617ECA} - (no file)
O2 - BHO: (no name) - {E5ADACF2-0401-491B-B319-B6E342D28848} - (no file)
O2 - BHO: (no name) - {ED009073-7075-416E-B66D-2E37CA9DE699} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: MailWasherPro.lnk = D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4875328533
O20 - Winlogon Notify: byxyvwu - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13777 bytes

-- Files created between 2007-10-17 and 2007-11-17 -----------------------------

2007-11-17 12:16:45 82496 --a------ C:\WINDOWS\system32\wblwxcdf.dll
2007-11-17 11:12:07 0 dr-h----- C:\Documents and Settings\Philippe\Recent
2007-11-17 10:50:06 82496 --a------ C:\WINDOWS\system32\wdilcwuo.dll
2007-11-17 09:49:48 82496 --a------ C:\WINDOWS\system32\hlijfcxt.dll
2007-11-16 13:00:43 85056 --a------ C:\WINDOWS\system32\ppyggsyt.dll
2007-11-16 12:57:42 81984 --a------ C:\WINDOWS\system32\hpgtwjml.dll
2007-11-16 10:34:48 81984 --a------ C:\WINDOWS\system32\lfiglety.dll
2007-11-16 09:16:15 81984 --a------ C:\WINDOWS\system32\pvfvvmbd.dll
2007-11-15 23:39:25 79936 --a------ C:\WINDOWS\system32\ewadwhua.dll
2007-11-15 23:18:15 79936 --a------ C:\WINDOWS\system32\gpkyynlb.dll
2007-11-15 14:13:17 85056 --a------ C:\WINDOWS\system32\seigypsy.dll
2007-11-15 14:10:22 79936 --a------ C:\WINDOWS\system32\rjqnbyqi.dll
2007-11-15 13:46:20 79936 --a------ C:\WINDOWS\system32\khmreyqg.dll
2007-11-15 13:07:24 85056 --a------ C:\WINDOWS\system32\moykyyyb.dll
2007-11-15 13:01:23 79936 --a------ C:\WINDOWS\system32\adkwofsu.dll
2007-11-15 09:14:56 79936 --a------ C:\WINDOWS\system32\hhrgfbes.dll
2007-11-15 09:11:56 85056 --a------ C:\WINDOWS\system32\ayvbflss.dll
2007-11-14 19:14:28 85056 --a------ C:\WINDOWS\system32\kijvghqu.dll
2007-11-14 19:08:28 79424 --a------ C:\WINDOWS\system32\uoprusva.dll
2007-11-14 18:38:22 79424 --a------ C:\WINDOWS\system32\ayuihcuo.dll
2007-11-14 16:38:20 79424 --a------ C:\WINDOWS\system32\wbqcgrta.dll
2007-11-14 15:31:05 79424 --a------ C:\WINDOWS\system32\ciuuktws.dll
2007-11-14 14:39:43 81472 --a------ C:\WINDOWS\system32\sabanhxg.dll
2007-11-14 14:16:34 85056 --a------ C:\WINDOWS\system32\tabudrku.dll
2007-11-14 13:47:49 81472 --a------ C:\WINDOWS\system32\selrohac.dll
2007-11-14 09:35:53 2015 -r-h----- C:\WINDOWS\system32\drivers\hosts
2007-11-14 09:13:52 85056 --a------ C:\WINDOWS\system32\gpvoikpp.dll
2007-11-14 09:13:49 81472 --a------ C:\WINDOWS\system32\nflawsnd.dll
2007-11-13 15:41:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-13 09:21:35 88128 --a------ C:\WINDOWS\system32\ffbywpxr.dll
2007-11-13 09:15:36 80448 --a------ C:\WINDOWS\system32\oettlgcx.dll
2007-11-12 17:47:24 0 d-------- C:\Documents and Settings\Philippe\Application Data\Ufasoft
2007-11-12 16:00:22 0 d-------- C:\Documents and Settings\Philippe\Application Data\RegistrySmart
2007-11-12 15:37:45 0 d-------- C:\Program Files\MSXML 6.0
2007-11-12 15:34:26 0 d-------- C:\Program Files\MSBuild
2007-11-12 15:30:25 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-11-12 15:29:08 0 d-------- C:\Program Files\Reference Assemblies
2007-11-12 15:04:53 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-12 14:30:40 0 d-------- C:\WINDOWS\system32\fr-fr
2007-11-12 14:26:32 0 d-------- C:\WINDOWS\network diagnostic
2007-11-12 14:06:41 0 d--hs---- C:\Documents and Settings\Philippe\UserData
2007-11-12 13:13:42 4980 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-12 12:17:07 0 d-------- C:\VundoFix Backups
2007-11-12 12:07:47 0 d-------- C:\Program Files\Navilog1
2007-11-11 18:31:11 0 d-------- C:\Program Files\Avira
2007-11-11 18:31:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-11 18:28:36 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2007-11-11 18:28:08 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2007-11-11 17:41:09 0 d-------- C:\Program Files\Trend Micro
2007-11-11 16:49:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 13:54:39 0 d-------- C:\Program Files\Enigma Software Group
2007-11-11 10:42:53 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Corporation
2007-11-11 10:42:53 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2007-11-11 10:42:53 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-11 10:42:52 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2007-11-11 10:42:52 0 dr-h----- C:\Documents and Settings\Administrateur\Recent
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-11-11 10:42:52 0 dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-11 10:42:52 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2007-11-11 10:42:52 0 dr------- C:\Documents and Settings\Administrateur\Favoris
2007-11-11 10:42:52 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
2007-11-11 10:42:52 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-11 10:42:52 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2007-11-11 10:42:52 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-11-11 10:42:52 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Sun
2007-11-11 10:42:51 1048576 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2007-11-11 10:28:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-11 10:10:01 240897 -----n--- C:\WINDOWS\system32\aceeg.bak2
2007-11-10 13:42:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-11-10 13:01:21 0 d-------- C:\Program Files\Fichiers communs\Nero
2007-11-10 11:42:35 6465 -----n--- C:\WINDOWS\system32\aceeg.bak1
2007-11-06 10:01:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\Help
2007-11-02 09:13:45 0 d-------- C:\Documents and Settings\Philippe\Application Data\Nero
2007-11-02 09:08:51 0 d-------- C:\Program Files\Nero
2007-11-02 09:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-01 11:11:46 0 d-------- C:\Documents and Settings\Philippe\Application Data\Sonic
2007-11-01 11:08:26 0 d-------- C:\Documents and Settings\Philippe\Application Data\Leadertech
2007-11-01 10:22:12 0 d-------- C:\Documents and Settings\Philippe\dwhelper
2007-10-30 19:53:32 97280 --a------ C:\WINDOWS\b147.exe
2007-10-30 12:58:42 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not>
2007-10-30 12:58:42 0 d-------- C:\Program Files\OpenAL
2007-10-30 12:58:41 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not>
2007-10-30 09:48:41 0 d-------- C:\Documents and Settings\Philippe\Application Data\FileZilla
2007-10-28 14:57:33 0 d-------- C:\Program Files\DivXCodec
2007-10-28 14:55:40 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-28 14:55:40 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-28 14:25:17 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-28 14:23:05 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-28 10:59:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-10-27 12:32:18 0 d-------- C:\Documents and Settings\Philippe\Application Data\MailWasherPro
2007-10-26 13:38:47 0 d-------- C:\WINDOWS\system32\WinXP
2007-10-26 13:38:47 0 d-------- C:\WINDOWS\system32\Win2K
2007-10-26 13:38:44 192512 -----n--- C:\WINDOWS\system32\DetectHardware.exe <Not>
2007-10-26 13:38:44 143360 -----n--- C:\WINDOWS\system32\bcmwlu00.exe <Not>
2007-10-26 13:38:44 462848 -----n--- C:\WINDOWS\system32\bcmwltry.exe <Not>
2007-10-26 12:49:40 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-26 12:30:59 0 d-------- C:\Documents and Settings\Philippe\Application Data\Help
2007-10-26 08:21:39 0 d-------- C:\Documents and Settings\Philippe\Application Data\IsolatedStorage
2007-10-26 08:20:07 0 d-------- C:\WINDOWS\system32\URTTemp
2007-10-25 13:02:02 210032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2007-10-25 12:53:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-10-25 12:53:11 0 d-------- C:\Program Files\Macromedia
2007-10-25 12:53:11 0 d-------- C:\Program Files\Fichiers communs\Macromedia
2007-10-25 12:48:03 0 d-------- C:\Program Files\Symantec
2007-10-25 12:31:13 0 d-------- C:\WINDOWS\Downloaded Installations
2007-10-25 12:17:23 0 d-------- C:\Program Files\Radmin
2007-10-24 21:48:03 42392 --a------ C:\Documents and Settings\Philippe\Application Data\GDIPFONTCACHEV1.DAT
2007-10-24 14:33:06 81920 -----n--- C:\WINDOWS\system32\vdrmux.dll <Not>
2007-10-24 14:33:06 155721 -----n--- C:\WINDOWS\system32\RALMain.dll <Not>
2007-10-24 14:33:06 294912 -----n--- C:\WINDOWS\system32\pvmjpg21.dll <Not>
2007-10-24 14:33:06 44544 -----n--- C:\WINDOWS\system32\msxml4a.dll <Not>
2007-10-24 14:33:06 73728 -----n--- C:\WINDOWS\system32\MMAviAx.dll <Not>
2007-10-24 14:33:06 32768 -----n--- C:\WINDOWS\system32\MLPagAx.dll <Not>
2007-10-24 14:33:06 40960 -----n--- C:\WINDOWS\system32\langserv.dll <Not>
2007-10-24 14:33:06 204881 -----n--- C:\WINDOWS\system32\DiskIO.dll <Not>
2007-10-24 14:33:06 32838 -----n--- C:\WINDOWS\system32\Cachex.dll <Not>
2007-10-24 14:33:06 114759 -----n--- C:\WINDOWS\system32\Aviprax.dll <Not>
2007-10-24 14:32:24 0 d-------- C:\WINDOWS\system32\Quicktime
2007-10-24 14:32:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-10-24 14:32:21 0 d-------- C:\Program Files\SmartSound Software
2007-10-24 14:30:21 11264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys <Not>
2007-10-24 14:30:14 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-10-24 14:30:14 19456 --a------ C:\WINDOWS\system32\asapi.dll <Not>
2007-10-24 14:30:12 90112 --a------ C:\WINDOWS\unvise32.exe <Not>
2007-10-24 14:27:54 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not>
2007-10-24 14:25:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-24 14:24:59 0 d-------- C:\Program Files\Pinnacle
2007-10-24 14:24:35 14165 -----n--- C:\WINDOWS\system32\drivers\Pclepci.sys <Not>
2007-10-24 13:03:30 0 d-------- C:\WINDOWS\system32\LogFiles
2007-10-24 12:12:34 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-10-24 12:09:05 0 d-------- C:\Program Files\Corel
2007-10-24 12:05:41 0 d-------- C:\Program Files\Fichiers communs\Corel
2007-10-24 11:35:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2007-10-24 11:30:10 3714 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-24 11:30:10 88 -r-hs---- C:\WINDOWS\system32\8C01962A35.sys
2007-10-24 11:25:06 0 d-------- C:\Documents and Settings\Philippe\Application Data\Corel
2007-10-24 11:18:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-24 11:18:04 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-10-24 09:27:31 0 d-------- C:\WINDOWS\ShellNew
2007-10-24 09:21:46 0 d-------- C:\Program Files\MSXML 4.0
2007-10-23 12:55:40 0 d-------- C:\Documents and Settings\Philippe\Application Data\Azureus
2007-10-23 12:40:47 0 d-------- C:\Documents and Settings\Philippe\Application Data\WinRAR
2007-10-23 12:03:58 1467 --a------ C:\WINDOWS\mozver.dat
2007-10-23 12:01:44 0 d-------- C:\Documents and Settings\Philippe\Application Data\Talkback
2007-10-23 12:01:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-23 12:01:28 0 d-------- C:\Documents and Settings\Philippe\Application Data\Mozilla
2007-10-22 19:24:08 0 d-------- C:\WINDOWS\Sun
2007-10-22 16:26:05 61440 --a------ C:\WINDOWS\scrub2k.exe
2007-10-22 16:26:03 0 d-------- C:\Program Files\Hewlett-Packard
2007-10-22 15:51:03 61440 --a------ C:\WINDOWS\system32\SonyAIwo.dll <Not>
2007-10-22 15:51:03 35328 --a------ C:\WINDOWS\system32\SonyAIwd.dll <Not>
2007-10-22 15:51:03 52736 --a------ C:\WINDOWS\system32\SonyAIds.dll <Not>
2007-10-22 15:24:12 0 d-------- C:\Documents and Settings\Philippe\Application Data\AdobeUM
2007-10-22 15:17:56 0 d-------- C:\Documents and Settings\Philippe\Application Data\Macromedia
2007-10-22 15:11:54 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not>
2007-10-22 15:11:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-10-22 15:11:00 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-10-22 14:23:37 0 d-a------ C:\Documentation
2007-10-22 13:19:31 0 d-------- C:\Documents and Settings\Philippe\Application Data\Google
2007-10-22 13:18:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-10-22 13:18:08 0 d-------- C:\Update
2007-10-22 13:17:43 0 d-------- C:\WINDOWS\system32\PreInstall
2007-10-22 13:17:40 0 d--h----- C:\WINDOWS\$hf_mig$
2007-10-22 13:12:50 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-10-22 13:00:46 0 d-------- C:\Program Files\Microsoft Works
2007-10-22 12:59:43 0 d-------- C:\Program Files\Sonic
2007-10-22 12:58:52 0 d-------- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2007-10-22 12:54:27 2981888 --a------ C:\WINDOWS\system32\iplw7.dll <Not>
2007-10-22 12:54:26 2502656 --a------ C:\WINDOWS\system32\iplpx.dll <Not>
2007-10-22 12:54:26 2531328 --a------ C:\WINDOWS\system32\iplp6.dll <Not>
2007-10-22 12:54:26 2785280 --a------ C:\WINDOWS\system32\iplm6.dll <Not>
2007-10-22 12:54:26 2686976 --a------ C:\WINDOWS\system32\iplm5.dll <Not>
2007-10-22 12:54:25 2973696 --a------ C:\WINDOWS\system32\ipla6.dll <Not>
2007-10-22 12:54:25 53248 --a------ C:\WINDOWS\system32\ipl.dll <Not>
2007-10-22 12:54:25 19968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2007-10-22 12:52:33 0 d-------- C:\Program Files\MoodLogic
2007-10-22 12:52:26 757760 --a------ C:\WINDOWS\system32\CDDBUI.dll <Not>
2007-10-22 12:52:26 110592 --a------ C:\WINDOWS\system32\CddbLangFR.dll <Not>
2007-10-22 12:52:26 630784 --a------ C:\WINDOWS\system32\CDDBControl.dll <Not>
2007-10-22 12:43:16 0 d-------- C:\Documents and Settings\Philippe\Application Data\Adobe
2007-10-22 12:42:35 0 d-------- C:\Program Files\Fichiers communs\Adobe
2007-10-22 12:39:47 0 d-------- C:\Program Files\Utimaco
2007-10-22 12:39:00 0 d-------- C:\Program Files\TvTvHTML
2007-10-22 12:38:59 0 d-------- C:\Program Files\TVTV EPG Installer
2007-10-22 12:33:06 0 d-------- C:\Documents and Settings\Philippe\Application Data\Identities
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Voisinage réseau
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Voisinage d'impression
2007-10-22 12:33:05 0 dr-h----- C:\Documents and Settings\Philippe\SendTo
2007-10-22 12:33:05 5242880 --ah----- C:\Documents and Settings\Philippe\NTUSER.DAT
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Modèles
2007-10-22 12:33:05 0 dr------- C:\Documents and Settings\Philippe\Mes documents
2007-10-22 12:33:05 0 dr------- C:\Documents and Settings\Philippe\Menu Démarrer
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Local Settings
2007-10-22 12:33:05 0 dr------- C:\Documents and Settings\Philippe\Favoris
2007-10-22 12:33:05 0 d--hs---- C:\Documents and Settings\Philippe\Cookies
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Bureau
2007-10-22 12:33:05 0 dr-h----- C:\Documents and Settings\Philippe\Application Data
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Application Data\Symantec
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Application Data\Sun
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Application Data\Sony Corporation
2007-10-22 12:32:43 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-10-22 12:32:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-10-22 12:32:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2007-10-22 12:32:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Sony Corporation


-- Find3M Report ---------------------------------------------------------------

2007-11-17 13:09:44 505148 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-11-17 13:09:44 83484 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-11 17:27:41 0 d-------- C:\Program Files\Fichiers communs
2007-10-28 16:13:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-28 10:44:29 0 d-------- C:\Program Files\Google
2007-10-26 12:51:54 2508 --a------ C:\Documents and Settings\Philippe\Application Data\$_hpcst$.hpc
2007-10-25 12:49:34 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-10-23 12:06:31 0 d-------- C:\Program Files\Java
2007-10-22 22:04:20 0 d-------- C:\Program Files\Messenger
2007-10-22 15:10:54 0 d-------- C:\Program Files\Intel
2007-10-22 15:01:29 0 d-------- C:\Program Files\InterVideo
2007-10-22 14:47:02 0 d-------- C:\Program Files\sony
2007-10-22 14:45:06 0 d-------- C:\Program Files\Fichiers communs\Sony Shared
2007-10-22 14:44:28 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2007-10-10 14:53:54 184320 --a------ C:\WINDOWS\b111.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01e00a4d-356f-40a0-9e20-36b7ebe86d70}]
17/11/2007 12:16 82496 --a------ C:\WINDOWS\system32\wblwxcdf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05536B88-C474-4AD4-8F8D-AA8D5F8D1B0D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C693A5F-A4DB-4987-BD1E-E9EC42515867}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{361135C4-A534-4352-9615-135153287929}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38FF3918-6D9B-48EC-88D4-660C8BA9C883}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41CDEAE2-A989-4664-963B-F7053EB737C7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{447f5e11-2ae5-4485-886a-6d037fcc41a0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4819FD67-4CF1-4107-B786-99F29BAAE185}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6903BE4C-088F-41EE-B99B-BCA03C9585E3}]
C:\WINDOWS\system32\khfge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C12E6B6-AF35-4214-9D20-B4A5DDA5EA56}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AE75DE8-2480-4D0E-8BA1-0779ADD26D60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB0C6E78-4247-4422-B3B7-439C87629090}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF16201C-1014-4C2A-BE23-10224974ECA5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0770C36-B27F-4941-AD55-2F5C9EC355F8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF32E88A-7FD0-4FC5-ABD0-F70396617ECA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5ADACF2-0401-491B-B319-B6E342D28848}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED009073-7075-416E-B66D-2E37CA9DE699}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [07/11/2003 18:21]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [26/08/2004 20:00]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [29/06/2004 13:49]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [19/01/2004 09:49]
"SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [29/06/2004 20:45]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [19/09/2003 18:42]
"Mouse Suite 98 Daemon"="ICO.EXE" [14/03/2002 15:46 C:\WINDOWS\system32\ico.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [19/08/2004 15:10 C:\WINDOWS\system32\bthprops.cpl]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [20/02/2004 13:12]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [20/08/2002 11:29]
"HPWS myPrintMileage Agent"="C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe" [01/12/2004 13:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"Norton Ghost 9.0"="D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [10/11/2004 10:03]
"bcmwltry"="bcmwltry.exe" [25/07/2003 07:28 C:\WINDOWS\system32\bcmwltry.exe]
"RemoveCpl"="RemoveCpl.exe" [14/01/2003 22:50 C:\WINDOWS\system32\RemoveCpl.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [11/11/2007 18:39]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [13/11/2007 15:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [26/06/2006 20:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 15:09]

C:\Documents and Settings\Philippe\Menu D‚marrer\Programmes\D‚marrage\
MailWasherPro.lnk - D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [30/10/2007 12:16:26]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [22/10/2007 12:50:13]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 08:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvwu]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfge.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{654bd3b2-8091-11dc-b318-806d6172696f}]
AutoRun\command- F:\autorun.exe




-- End of Deckard's System Scanner: finished at 2007-11-17 13:26:30 ------------
Ange
 
Messages: 15
Inscription: 12 Nov 2007, 13:45
Localisation: Saint Brieuc

Messagede ArKa » 17 Nov 2007, 16:01

Bonjour Ange,

Ange a écrit:après réflexion j'ai décidé de m'accrocher, pas pour moi, mais pour tous ceux qui pourraient avoir ce genre de pb.


Penser à la communauté, voilà qui mérite d'être souligné, merci Ange :wink:
«Lorsque l'on se cogne la tête contre un pot et que cela sonne creux, ça n'est pas forcément le pot qui est vide.»
[ Confucius ]
Assiste vous a aidé, aidez Assiste !

Si le problème est résolu :-)
Quel comportement devez-vous adopter en tout temps?
kits de sécurité
Mises à jour des logiciels
Ma config
Avatar de l’utilisateur
ArKa
 
Messages: 162
Inscription: 10 Oct 2007, 17:31
Localisation: 50°25'5.00"N 4°31'35.00"E

Messagede nickW » 19 Nov 2007, 00:09

Bonsoir,

Comment va le PC?

Nouvelles manips de nettoyage:

Étape 1: Création du fichier aven2.txt
Faire un copier/coller des lignes ci-dessous (dans la zone "Code") dans le Bloc-notes (alias Notepad).
Dans le Bloc-notes, vérifier (dans le menu Format) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sur le Bureau sous le nom de aven2.txt

Code: Tout sélectionner
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01e00a4d-356f-40a0-9e20-36b7ebe86d70}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05536B88-C474-4AD4-8F8D-AA8D5F8D1B0D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C693A5F-A4DB-4987-BD1E-E9EC42515867}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{361135C4-A534-4352-9615-135153287929}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38FF3918-6D9B-48EC-88D4-660C8BA9C883}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41CDEAE2-A989-4664-963B-F7053EB737C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{447f5e11-2ae5-4485-886a-6d037fcc41a0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4819FD67-4CF1-4107-B786-99F29BAAE185}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6903BE4C-088F-41EE-B99B-BCA03C9585E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C12E6B6-AF35-4214-9D20-B4A5DDA5EA56}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9AE75DE8-2480-4D0E-8BA1-0779ADD26D60}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB0C6E78-4247-4422-B3B7-439C87629090}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF16201C-1014-4C2A-BE23-10224974ECA5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0770C36-B27F-4941-AD55-2F5C9EC355F8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF32E88A-7FD0-4FC5-ABD0-F70396617ECA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5ADACF2-0401-491B-B319-B6E342D28848}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED009073-7075-416E-B66D-2E37CA9DE699}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvwu

Files to delete:
C:\WINDOWS\system32\wblwxcdf.dll
C:\WINDOWS\system32\wdilcwuo.dll
C:\WINDOWS\system32\hlijfcxt.dll
C:\WINDOWS\system32\ppyggsyt.dll
C:\WINDOWS\system32\hpgtwjml.dll
C:\WINDOWS\system32\lfiglety.dll
C:\WINDOWS\system32\pvfvvmbd.dll
C:\WINDOWS\system32\ewadwhua.dll
C:\WINDOWS\system32\gpkyynlb.dll
C:\WINDOWS\system32\seigypsy.dll
C:\WINDOWS\system32\rjqnbyqi.dll
C:\WINDOWS\system32\khmreyqg.dll
C:\WINDOWS\system32\moykyyyb.dll
C:\WINDOWS\system32\adkwofsu.dll
C:\WINDOWS\system32\hhrgfbes.dll
C:\WINDOWS\system32\ayvbflss.dll
C:\WINDOWS\system32\kijvghqu.dll
C:\WINDOWS\system32\uoprusva.dll
C:\WINDOWS\system32\ayuihcuo.dll
C:\WINDOWS\system32\wbqcgrta.dll
C:\WINDOWS\system32\ciuuktws.dll
C:\WINDOWS\system32\sabanhxg.dll
C:\WINDOWS\system32\tabudrku.dll
C:\WINDOWS\system32\selrohac.dll
C:\WINDOWS\system32\gpvoikpp.dll
C:\WINDOWS\system32\nflawsnd.dll
C:\WINDOWS\system32\ffbywpxr.dll
C:\WINDOWS\system32\oettlgcx.dll
C:\WINDOWS\system32\aceeg.bak2
C:\WINDOWS\system32\aceeg.bak1


Note: Le code ci-dessus a été créé exclusivement pour CET utilisateur.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: The Avenger (de Swandog46), exécution
Fermer toutes les fenêtres de programme (il va y avoir redémarrage du PC).
Lancer The Avenger en cliquant sur son icône située sur le Bureau.
Cliquer sur OK sur le message d'avertissement.
Sous "Script file to execute" choisir "Load script from file:".
Puis cliquer sur le bouton représentant un dossier jaune, ce qui va ouvrir une nouvelle fenêtre "Open script file"
Dans cette fenêtre, naviguer jusqu'au Bureau et sélectionner (double clic) le fichier aven2.txt
Ensuite cliquer sur le bouton représentant un feu vert pour lancer l'exécution du script.
Répondre "Oui/Yes" deux fois quand demandé.
Il va y avoir un ou deux redémarrages (avec une brève apparition d'une fenêtre de commande à fond noir).
En fin d'exécution, le rapport s'affichera dans le Bloc-notes.
Fermer le Bloc-notes.


Étape 3: Deckard's System Scanner (DSS) (de Deckard)
Fermer toutes les fenêtres de programme ouvertes, pas de connexion Internet active.
Faire un double clic sur dss.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Cliquer sur OK lorsque cela est demandé (3 fois).
Lorsque l'outil a terminé le balayage, deux fichiers texte vont s'ouvrir dans le Bloc-notes:
main.txt <- ouvert dans une fenêtre normale
extra.txt <- ouvert dans une fenêtre réduite
Fermer ces deux fenêtres du Bloc-notes.


Étape 4: Résultats
Envoyer en réponse:
*- le rapport de The Avenger (contenu du fichier C:\avenger.txt)
*- un seul des deux rapports de Deckard's System Scanner (contenu du fichier main.txt situé dans le dossier C:\Deckard\System Scanner).

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Ange » 19 Nov 2007, 10:23

bjr,

Manip exécutée mais pas de rapport avenger (introuvable)... l'ordinateur à redémarré, puis un message indiquait un pb de reboot avec le disk windows... dossier avenger texte introuvable... voulez-vous en créer un nouveau : NON... fin de la procédure

Par contre le rapport dss me laisse présager un bon coup de torchon...

pour ce qui est du PC plus aucune alerte depuis mon précédent post

LA FIN DES TEMPS EST PROCHE

Deckard's System Scanner v20071014.68
Run by Philippe on 2007-11-19 10:19:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Philippe.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:31, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Philippe\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Philippe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Philippe
O2 - BHO: {07d68ebe-7b63-02e9-0a04-f653d4a00e10} - {01e00a4d-356f-40a0-9e20-36b7ebe86d70} - C:\WINDOWS\system32\wblwxcdf.dll
O2 - BHO: (no name) - {05536B88-C474-4AD4-8F8D-AA8D5F8D1B0D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C693A5F-A4DB-4987-BD1E-E9EC42515867} - (no file)
O2 - BHO: (no name) - {361135C4-A534-4352-9615-135153287929} - (no file)
O2 - BHO: (no name) - {38FF3918-6D9B-48EC-88D4-660C8BA9C883} - (no file)
O2 - BHO: (no name) - {41CDEAE2-A989-4664-963B-F7053EB737C7} - (no file)
O2 - BHO: (no name) - {447f5e11-2ae5-4485-886a-6d037fcc41a0} - (no file)
O2 - BHO: (no name) - {4819FD67-4CF1-4107-B786-99F29BAAE185} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6903BE4C-088F-41EE-B99B-BCA03C9585E3} - C:\WINDOWS\system32\khfge.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8C12E6B6-AF35-4214-9D20-B4A5DDA5EA56} - (no file)
O2 - BHO: (no name) - {9AE75DE8-2480-4D0E-8BA1-0779ADD26D60} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BB0C6E78-4247-4422-B3B7-439C87629090} - (no file)
O2 - BHO: (no name) - {BF16201C-1014-4C2A-BE23-10224974ECA5} - (no file)
O2 - BHO: (no name) - {C0770C36-B27F-4941-AD55-2F5C9EC355F8} - (no file)
O2 - BHO: (no name) - {CF32E88A-7FD0-4FC5-ABD0-F70396617ECA} - (no file)
O2 - BHO: (no name) - {E5ADACF2-0401-491B-B319-B6E342D28848} - (no file)
O2 - BHO: (no name) - {ED009073-7075-416E-B66D-2E37CA9DE699} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: MailWasherPro.lnk = D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Audio Filter.lnk = C:\Program Files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4875328533
O20 - Winlogon Notify: byxyvwu - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14197 bytes

-- Files created between 2007-10-19 and 2007-11-19 -----------------------------

2007-11-17 16:21:59 0 d--hs---- C:\Diskeeper
2007-11-17 12:16:45 82496 --a------ C:\WINDOWS\system32\wblwxcdf.dll
2007-11-17 11:12:07 0 dr-h----- C:\Documents and Settings\Philippe\Recent
2007-11-17 10:50:06 82496 --a------ C:\WINDOWS\system32\wdilcwuo.dll
2007-11-17 09:49:48 82496 --a------ C:\WINDOWS\system32\hlijfcxt.dll
2007-11-16 13:00:43 85056 --a------ C:\WINDOWS\system32\ppyggsyt.dll
2007-11-16 12:57:42 81984 --a------ C:\WINDOWS\system32\hpgtwjml.dll
2007-11-16 10:34:48 81984 --a------ C:\WINDOWS\system32\lfiglety.dll
2007-11-16 09:16:15 81984 --a------ C:\WINDOWS\system32\pvfvvmbd.dll
2007-11-15 23:39:25 79936 --a------ C:\WINDOWS\system32\ewadwhua.dll
2007-11-15 23:18:15 79936 --a------ C:\WINDOWS\system32\gpkyynlb.dll
2007-11-15 14:13:17 85056 --a------ C:\WINDOWS\system32\seigypsy.dll
2007-11-15 14:10:22 79936 --a------ C:\WINDOWS\system32\rjqnbyqi.dll
2007-11-15 13:46:20 79936 --a------ C:\WINDOWS\system32\khmreyqg.dll
2007-11-15 13:07:24 85056 --a------ C:\WINDOWS\system32\moykyyyb.dll
2007-11-15 13:01:23 79936 --a------ C:\WINDOWS\system32\adkwofsu.dll
2007-11-15 09:14:56 79936 --a------ C:\WINDOWS\system32\hhrgfbes.dll
2007-11-15 09:11:56 85056 --a------ C:\WINDOWS\system32\ayvbflss.dll
2007-11-14 19:14:28 85056 --a------ C:\WINDOWS\system32\kijvghqu.dll
2007-11-14 19:08:28 79424 --a------ C:\WINDOWS\system32\uoprusva.dll
2007-11-14 18:38:22 79424 --a------ C:\WINDOWS\system32\ayuihcuo.dll
2007-11-14 16:38:20 79424 --a------ C:\WINDOWS\system32\wbqcgrta.dll
2007-11-14 15:31:05 79424 --a------ C:\WINDOWS\system32\ciuuktws.dll
2007-11-14 14:39:43 81472 --a------ C:\WINDOWS\system32\sabanhxg.dll
2007-11-14 14:16:34 85056 --a------ C:\WINDOWS\system32\tabudrku.dll
2007-11-14 13:47:49 81472 --a------ C:\WINDOWS\system32\selrohac.dll
2007-11-14 09:35:53 2015 -r-h----- C:\WINDOWS\system32\drivers\hosts
2007-11-14 09:13:52 85056 --a------ C:\WINDOWS\system32\gpvoikpp.dll
2007-11-14 09:13:49 81472 --a------ C:\WINDOWS\system32\nflawsnd.dll
2007-11-13 15:41:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-13 09:21:35 88128 --a------ C:\WINDOWS\system32\ffbywpxr.dll
2007-11-13 09:15:36 80448 --a------ C:\WINDOWS\system32\oettlgcx.dll
2007-11-12 17:47:24 0 d-------- C:\Documents and Settings\Philippe\Application Data\Ufasoft
2007-11-12 16:00:22 0 d-------- C:\Documents and Settings\Philippe\Application Data\RegistrySmart
2007-11-12 15:37:45 0 d-------- C:\Program Files\MSXML 6.0
2007-11-12 15:34:26 0 d-------- C:\Program Files\MSBuild
2007-11-12 15:30:25 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-11-12 15:29:08 0 d-------- C:\Program Files\Reference Assemblies
2007-11-12 15:04:53 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-12 14:30:40 0 d-------- C:\WINDOWS\system32\fr-fr
2007-11-12 14:26:32 0 d-------- C:\WINDOWS\network diagnostic
2007-11-12 14:06:41 0 d--hs---- C:\Documents and Settings\Philippe\UserData
2007-11-12 13:13:42 4980 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-12 12:17:07 0 d-------- C:\VundoFix Backups
2007-11-12 12:07:47 0 d-------- C:\Program Files\Navilog1
2007-11-11 18:31:11 0 d-------- C:\Program Files\Avira
2007-11-11 18:31:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-11 18:28:36 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2007-11-11 18:28:08 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2007-11-11 17:41:09 0 d-------- C:\Program Files\Trend Micro
2007-11-11 16:49:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 13:54:39 0 d-------- C:\Program Files\Enigma Software Group
2007-11-11 10:42:53 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Corporation
2007-11-11 10:42:53 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2007-11-11 10:42:53 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-11 10:42:52 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2007-11-11 10:42:52 0 dr-h----- C:\Documents and Settings\Administrateur\Recent
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-11-11 10:42:52 0 dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-11 10:42:52 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2007-11-11 10:42:52 0 dr------- C:\Documents and Settings\Administrateur\Favoris
2007-11-11 10:42:52 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
2007-11-11 10:42:52 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-11 10:42:52 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2007-11-11 10:42:52 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-11-11 10:42:52 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Sun
2007-11-11 10:42:51 1048576 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2007-11-11 10:28:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-11 10:10:01 240897 -----n--- C:\WINDOWS\system32\aceeg.bak2
2007-11-10 13:42:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-11-10 13:01:21 0 d-------- C:\Program Files\Fichiers communs\Nero
2007-11-10 11:42:35 6465 -----n--- C:\WINDOWS\system32\aceeg.bak1
2007-11-06 10:01:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\Help
2007-11-02 09:13:45 0 d-------- C:\Documents and Settings\Philippe\Application Data\Nero
2007-11-02 09:08:51 0 d-------- C:\Program Files\Nero
2007-11-02 09:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-01 11:11:46 0 d-------- C:\Documents and Settings\Philippe\Application Data\Sonic
2007-11-01 11:08:26 0 d-------- C:\Documents and Settings\Philippe\Application Data\Leadertech
2007-11-01 10:22:12 0 d-------- C:\Documents and Settings\Philippe\dwhelper
2007-10-30 19:53:32 97280 --a------ C:\WINDOWS\b147.exe
2007-10-30 12:58:42 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not>
2007-10-30 12:58:42 0 d-------- C:\Program Files\OpenAL
2007-10-30 12:58:41 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not>
2007-10-30 09:48:41 0 d-------- C:\Documents and Settings\Philippe\Application Data\FileZilla
2007-10-28 14:57:33 0 d-------- C:\Program Files\DivXCodec
2007-10-28 14:55:40 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-28 14:55:40 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-28 14:25:17 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-28 14:23:05 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-28 10:59:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-10-27 12:32:18 0 d-------- C:\Documents and Settings\Philippe\Application Data\MailWasherPro
2007-10-26 13:38:47 0 d-------- C:\WINDOWS\system32\WinXP
2007-10-26 13:38:47 0 d-------- C:\WINDOWS\system32\Win2K
2007-10-26 13:38:44 192512 -----n--- C:\WINDOWS\system32\DetectHardware.exe <Not>
2007-10-26 13:38:44 143360 -----n--- C:\WINDOWS\system32\bcmwlu00.exe <Not>
2007-10-26 13:38:44 462848 -----n--- C:\WINDOWS\system32\bcmwltry.exe <Not>
2007-10-26 12:49:40 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-26 12:30:59 0 d-------- C:\Documents and Settings\Philippe\Application Data\Help
2007-10-26 08:21:39 0 d-------- C:\Documents and Settings\Philippe\Application Data\IsolatedStorage
2007-10-26 08:20:07 0 d-------- C:\WINDOWS\system32\URTTemp
2007-10-25 13:02:02 210032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2007-10-25 12:53:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-10-25 12:53:11 0 d-------- C:\Program Files\Macromedia
2007-10-25 12:53:11 0 d-------- C:\Program Files\Fichiers communs\Macromedia
2007-10-25 12:48:03 0 d-------- C:\Program Files\Symantec
2007-10-25 12:31:13 0 d-------- C:\WINDOWS\Downloaded Installations
2007-10-25 12:17:23 0 d-------- C:\Program Files\Radmin
2007-10-24 21:48:03 42392 --a------ C:\Documents and Settings\Philippe\Application Data\GDIPFONTCACHEV1.DAT
2007-10-24 14:33:06 81920 -----n--- C:\WINDOWS\system32\vdrmux.dll <Not>
2007-10-24 14:33:06 155721 -----n--- C:\WINDOWS\system32\RALMain.dll <Not>
2007-10-24 14:33:06 294912 -----n--- C:\WINDOWS\system32\pvmjpg21.dll <Not>
2007-10-24 14:33:06 44544 -----n--- C:\WINDOWS\system32\msxml4a.dll <Not>
2007-10-24 14:33:06 73728 -----n--- C:\WINDOWS\system32\MMAviAx.dll <Not>
2007-10-24 14:33:06 32768 -----n--- C:\WINDOWS\system32\MLPagAx.dll <Not>
2007-10-24 14:33:06 40960 -----n--- C:\WINDOWS\system32\langserv.dll <Not>
2007-10-24 14:33:06 204881 -----n--- C:\WINDOWS\system32\DiskIO.dll <Not>
2007-10-24 14:33:06 32838 -----n--- C:\WINDOWS\system32\Cachex.dll <Not>
2007-10-24 14:33:06 114759 -----n--- C:\WINDOWS\system32\Aviprax.dll <Not>
2007-10-24 14:32:24 0 d-------- C:\WINDOWS\system32\Quicktime
2007-10-24 14:32:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-10-24 14:32:21 0 d-------- C:\Program Files\SmartSound Software
2007-10-24 14:30:21 11264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys <Not>
2007-10-24 14:30:14 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-10-24 14:30:14 19456 --a------ C:\WINDOWS\system32\asapi.dll <Not>
2007-10-24 14:30:12 90112 --a------ C:\WINDOWS\unvise32.exe <Not>
2007-10-24 14:27:54 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not>
2007-10-24 14:25:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-24 14:24:59 0 d-------- C:\Program Files\Pinnacle
2007-10-24 14:24:35 14165 -----n--- C:\WINDOWS\system32\drivers\Pclepci.sys <Not>
2007-10-24 13:03:30 0 d-------- C:\WINDOWS\system32\LogFiles
2007-10-24 12:12:34 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-10-24 12:09:05 0 d-------- C:\Program Files\Corel
2007-10-24 12:05:41 0 d-------- C:\Program Files\Fichiers communs\Corel
2007-10-24 11:35:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2007-10-24 11:30:10 3714 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-24 11:30:10 88 -r-hs---- C:\WINDOWS\system32\8C01962A35.sys
2007-10-24 11:25:06 0 d-------- C:\Documents and Settings\Philippe\Application Data\Corel
2007-10-24 11:18:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-24 11:18:04 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-10-24 09:27:31 0 d-------- C:\WINDOWS\ShellNew
2007-10-24 09:21:46 0 d-------- C:\Program Files\MSXML 4.0
2007-10-23 12:55:40 0 d-------- C:\Documents and Settings\Philippe\Application Data\Azureus
2007-10-23 12:40:47 0 d-------- C:\Documents and Settings\Philippe\Application Data\WinRAR
2007-10-23 12:03:58 1467 --a------ C:\WINDOWS\mozver.dat
2007-10-23 12:01:44 0 d-------- C:\Documents and Settings\Philippe\Application Data\Talkback
2007-10-23 12:01:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-23 12:01:28 0 d-------- C:\Documents and Settings\Philippe\Application Data\Mozilla
2007-10-22 19:24:08 0 d-------- C:\WINDOWS\Sun
2007-10-22 16:26:05 61440 --a------ C:\WINDOWS\scrub2k.exe
2007-10-22 16:26:03 0 d-------- C:\Program Files\Hewlett-Packard
2007-10-22 15:51:03 61440 --a------ C:\WINDOWS\system32\SonyAIwo.dll <Not>
2007-10-22 15:51:03 35328 --a------ C:\WINDOWS\system32\SonyAIwd.dll <Not>
2007-10-22 15:51:03 52736 --a------ C:\WINDOWS\system32\SonyAIds.dll <Not>
2007-10-22 15:24:12 0 d-------- C:\Documents and Settings\Philippe\Application Data\AdobeUM
2007-10-22 15:17:56 0 d-------- C:\Documents and Settings\Philippe\Application Data\Macromedia
2007-10-22 15:11:54 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not>
2007-10-22 15:11:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-10-22 15:11:00 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-10-22 14:23:37 0 d-a------ C:\Documentation
2007-10-22 13:19:31 0 d-------- C:\Documents and Settings\Philippe\Application Data\Google
2007-10-22 13:18:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-10-22 13:18:08 0 d-------- C:\Update
2007-10-22 13:17:43 0 d-------- C:\WINDOWS\system32\PreInstall
2007-10-22 13:17:40 0 d--h----- C:\WINDOWS\$hf_mig$
2007-10-22 13:12:50 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-10-22 13:00:46 0 d-------- C:\Program Files\Microsoft Works
2007-10-22 12:59:43 0 d-------- C:\Program Files\Sonic
2007-10-22 12:58:52 0 d-------- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2007-10-22 12:54:27 2981888 --a------ C:\WINDOWS\system32\iplw7.dll <Not>
2007-10-22 12:54:26 2502656 --a------ C:\WINDOWS\system32\iplpx.dll <Not>
2007-10-22 12:54:26 2531328 --a------ C:\WINDOWS\system32\iplp6.dll <Not>
2007-10-22 12:54:26 2785280 --a------ C:\WINDOWS\system32\iplm6.dll <Not>
2007-10-22 12:54:26 2686976 --a------ C:\WINDOWS\system32\iplm5.dll <Not>
2007-10-22 12:54:25 2973696 --a------ C:\WINDOWS\system32\ipla6.dll <Not>
2007-10-22 12:54:25 53248 --a------ C:\WINDOWS\system32\ipl.dll <Not>
2007-10-22 12:54:25 19968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2007-10-22 12:52:33 0 d-------- C:\Program Files\MoodLogic
2007-10-22 12:52:26 757760 --a------ C:\WINDOWS\system32\CDDBUI.dll <Not>
2007-10-22 12:52:26 110592 --a------ C:\WINDOWS\system32\CddbLangFR.dll <Not>
2007-10-22 12:52:26 630784 --a------ C:\WINDOWS\system32\CDDBControl.dll <Not>
2007-10-22 12:43:16 0 d-------- C:\Documents and Settings\Philippe\Application Data\Adobe
2007-10-22 12:42:35 0 d-------- C:\Program Files\Fichiers communs\Adobe
2007-10-22 12:39:47 0 d-------- C:\Program Files\Utimaco
2007-10-22 12:39:00 0 d-------- C:\Program Files\TvTvHTML
2007-10-22 12:38:59 0 d-------- C:\Program Files\TVTV EPG Installer
2007-10-22 12:33:06 0 d-------- C:\Documents and Settings\Philippe\Application Data\Identities
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Voisinage réseau
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Voisinage d'impression
2007-10-22 12:33:05 0 dr-h----- C:\Documents and Settings\Philippe\SendTo
2007-10-22 12:33:05 5242880 --ah----- C:\Documents and Settings\Philippe\NTUSER.DAT
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Modèles
2007-10-22 12:33:05 0 dr------- C:\Documents and Settings\Philippe\Mes documents
2007-10-22 12:33:05 0 dr------- C:\Documents and Settings\Philippe\Menu Démarrer
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Local Settings
2007-10-22 12:33:05 0 dr------- C:\Documents and Settings\Philippe\Favoris
2007-10-22 12:33:05 0 d--hs---- C:\Documents and Settings\Philippe\Cookies
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Bureau
2007-10-22 12:33:05 0 dr-h----- C:\Documents and Settings\Philippe\Application Data
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Application Data\Symantec
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Application Data\Sun
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Application Data\Sony Corporation
2007-10-22 12:32:43 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-10-22 12:32:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-10-22 12:32:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2007-10-22 12:32:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Sony Corporation


-- Find3M Report ---------------------------------------------------------------

2007-11-19 10:06:47 505148 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-11-19 10:06:47 83484 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-11 17:27:41 0 d-------- C:\Program Files\Fichiers communs
2007-10-28 16:13:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-28 10:44:29 0 d-------- C:\Program Files\Google
2007-10-26 12:51:54 2508 --a------ C:\Documents and Settings\Philippe\Application Data\$_hpcst$.hpc
2007-10-25 12:49:34 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-10-23 12:06:31 0 d-------- C:\Program Files\Java
2007-10-22 22:04:20 0 d-------- C:\Program Files\Messenger
2007-10-22 15:10:54 0 d-------- C:\Program Files\Intel
2007-10-22 15:01:29 0 d-------- C:\Program Files\InterVideo
2007-10-22 14:47:02 0 d-------- C:\Program Files\sony
2007-10-22 14:45:06 0 d-------- C:\Program Files\Fichiers communs\Sony Shared
2007-10-22 14:44:28 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2007-10-10 14:53:54 184320 --a------ C:\WINDOWS\b111.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01e00a4d-356f-40a0-9e20-36b7ebe86d70}]
17/11/2007 12:16 82496 --a------ C:\WINDOWS\system32\wblwxcdf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05536B88-C474-4AD4-8F8D-AA8D5F8D1B0D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C693A5F-A4DB-4987-BD1E-E9EC42515867}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{361135C4-A534-4352-9615-135153287929}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38FF3918-6D9B-48EC-88D4-660C8BA9C883}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41CDEAE2-A989-4664-963B-F7053EB737C7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{447f5e11-2ae5-4485-886a-6d037fcc41a0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4819FD67-4CF1-4107-B786-99F29BAAE185}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6903BE4C-088F-41EE-B99B-BCA03C9585E3}]
C:\WINDOWS\system32\khfge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8C12E6B6-AF35-4214-9D20-B4A5DDA5EA56}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AE75DE8-2480-4D0E-8BA1-0779ADD26D60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB0C6E78-4247-4422-B3B7-439C87629090}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF16201C-1014-4C2A-BE23-10224974ECA5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C0770C36-B27F-4941-AD55-2F5C9EC355F8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF32E88A-7FD0-4FC5-ABD0-F70396617ECA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5ADACF2-0401-491B-B319-B6E342D28848}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED009073-7075-416E-B66D-2E37CA9DE699}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [07/11/2003 18:21]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [26/08/2004 20:00]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [29/06/2004 13:49]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [19/01/2004 09:49]
"SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [29/06/2004 20:45]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [19/09/2003 18:42]
"Mouse Suite 98 Daemon"="ICO.EXE" [14/03/2002 15:46 C:\WINDOWS\system32\ico.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [19/08/2004 15:10 C:\WINDOWS\system32\bthprops.cpl]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [20/02/2004 13:12]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [20/08/2002 11:29]
"HPWS myPrintMileage Agent"="C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe" [01/12/2004 13:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"Norton Ghost 9.0"="D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [10/11/2004 10:03]
"bcmwltry"="bcmwltry.exe" [25/07/2003 07:28 C:\WINDOWS\system32\bcmwltry.exe]
"RemoveCpl"="RemoveCpl.exe" [14/01/2003 22:50 C:\WINDOWS\system32\RemoveCpl.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [11/11/2007 18:39]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [13/11/2007 15:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [26/06/2006 20:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 15:09]

C:\Documents and Settings\Philippe\Menu D‚marrer\Programmes\D‚marrage\
MailWasherPro.lnk - D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [30/10/2007 12:16:26]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [22/10/2007 12:50:13]
Audio Filter.lnk - C:\Program Files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe [22/10/2007 15:51:05]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 08:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvwu]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfge.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2007-11-19 10:20:16 ------------
Ange
 
Messages: 15
Inscription: 12 Nov 2007, 13:45
Localisation: Saint Brieuc

Messagede Ange » 19 Nov 2007, 10:58

RE

ANNULE ET REMPLACE LE PRECEDENT POST

En regardant de plus près le rapport dss je me suis aperçu que j'avais laissé ouvert ma boite de réception (en bas de rapport) j'ai donc recommencé la manip.

j'ai lancé avenger, puis redémarrage du PC, mais là encore une alerte système :

titre de la fenêtre : Windows-pas de disque
contenu du message : exceptio processing message C0000013 parameters 75afb9c 4 75afb9c 75afb9c
action : continuer

puis apparition du log text avenger (apparemment OK)

Le nouveau rapport dss me laisse présager du TOUT BON

T'ES UN CHEF, UN VRAI (c'est pas du Audiard, mais ça pourrait)

Voici les rapports

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jnkrjrpm

*******************

Script file located at: \??\C:\WINDOWS\system32\inkdohvu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\wblwxcdf.dll deleted successfully.
File C:\WINDOWS\system32\wdilcwuo.dll deleted successfully.
File C:\WINDOWS\system32\hlijfcxt.dll deleted successfully.
File C:\WINDOWS\system32\ppyggsyt.dll deleted successfully.
File C:\WINDOWS\system32\hpgtwjml.dll deleted successfully.
File C:\WINDOWS\system32\lfiglety.dll deleted successfully.
File C:\WINDOWS\system32\pvfvvmbd.dll deleted successfully.
File C:\WINDOWS\system32\ewadwhua.dll deleted successfully.
File C:\WINDOWS\system32\gpkyynlb.dll deleted successfully.
File C:\WINDOWS\system32\seigypsy.dll deleted successfully.
File C:\WINDOWS\system32\rjqnbyqi.dll deleted successfully.
File C:\WINDOWS\system32\khmreyqg.dll deleted successfully.
File C:\WINDOWS\system32\moykyyyb.dll deleted successfully.
File C:\WINDOWS\system32\adkwofsu.dll deleted successfully.
File C:\WINDOWS\system32\hhrgfbes.dll deleted successfully.
File C:\WINDOWS\system32\ayvbflss.dll deleted successfully.
File C:\WINDOWS\system32\kijvghqu.dll deleted successfully.
File C:\WINDOWS\system32\uoprusva.dll deleted successfully.
File C:\WINDOWS\system32\ayuihcuo.dll deleted successfully.
File C:\WINDOWS\system32\wbqcgrta.dll deleted successfully.
File C:\WINDOWS\system32\ciuuktws.dll deleted successfully.
File C:\WINDOWS\system32\sabanhxg.dll deleted successfully.
File C:\WINDOWS\system32\tabudrku.dll deleted successfully.
File C:\WINDOWS\system32\selrohac.dll deleted successfully.
File C:\WINDOWS\system32\gpvoikpp.dll deleted successfully.
File C:\WINDOWS\system32\nflawsnd.dll deleted successfully.
File C:\WINDOWS\system32\ffbywpxr.dll deleted successfully.
File C:\WINDOWS\system32\oettlgcx.dll deleted successfully.
File C:\WINDOWS\system32\aceeg.bak2 deleted successfully.
File C:\WINDOWS\system32\aceeg.bak1 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01e00a4d-356f-40a0-9e20-36b7ebe86d70} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05536B88-C474-4AD4-8F8D-AA8D5F8D1B0D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C693A5F-A4DB-4987-BD1E-E9EC42515867} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{361135C4-A534-4352-9615-135153287929} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38FF3918-6D9B-48EC-88D4-660C8BA9C883} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41CDEAE2-A989-4664-963B-F7053EB737C7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{447f5e11-2ae5-4485-886a-6d037fcc41a0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4819FD67-4CF1-4107-B786-99F29BAAE185} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6903BE4C-088F-41EE-B99B-BCA03C9585E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C12E6B6-AF35-4214-9D20-B4A5DDA5EA56} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9AE75DE8-2480-4D0E-8BA1-0779ADD26D60} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB0C6E78-4247-4422-B3B7-439C87629090} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF16201C-1014-4C2A-BE23-10224974ECA5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0770C36-B27F-4941-AD55-2F5C9EC355F8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF32E88A-7FD0-4FC5-ABD0-F70396617ECA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5ADACF2-0401-491B-B319-B6E342D28848} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED009073-7075-416E-B66D-2E37CA9DE699} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvwu deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Deckard's System Scanner v20071014.68
Run by Philippe on 2007-11-19 10:54:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Philippe.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:09, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Documents and Settings\Philippe\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Philippe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Philippe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: MailWasherPro.lnk = D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Audio Filter.lnk = C:\Program Files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4875328533
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - D:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 12723 bytes

-- Files created between 2007-10-19 and 2007-11-19 -----------------------------

2007-11-19 10:45:19 0 --------- C:\WINDOWS\system32\drivers\
2007-11-17 16:21:59 0 d--hs---- C:\Diskeeper
2007-11-17 11:12:07 0 dr-h----- C:\Documents and Settings\Philippe\Recent
2007-11-14 09:35:53 2015 -r-h----- C:\WINDOWS\system32\drivers\hosts
2007-11-13 15:41:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-12 17:47:24 0 d-------- C:\Documents and Settings\Philippe\Application Data\Ufasoft
2007-11-12 16:00:22 0 d-------- C:\Documents and Settings\Philippe\Application Data\RegistrySmart
2007-11-12 15:37:45 0 d-------- C:\Program Files\MSXML 6.0
2007-11-12 15:34:26 0 d-------- C:\Program Files\MSBuild
2007-11-12 15:30:25 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-11-12 15:29:08 0 d-------- C:\Program Files\Reference Assemblies
2007-11-12 15:04:53 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-12 14:30:40 0 d-------- C:\WINDOWS\system32\fr-fr
2007-11-12 14:26:32 0 d-------- C:\WINDOWS\network diagnostic
2007-11-12 14:06:41 0 d--hs---- C:\Documents and Settings\Philippe\UserData
2007-11-12 13:13:42 4980 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-12 12:17:07 0 d-------- C:\VundoFix Backups
2007-11-12 12:07:47 0 d-------- C:\Program Files\Navilog1
2007-11-11 18:31:11 0 d-------- C:\Program Files\Avira
2007-11-11 18:31:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-11 18:28:36 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2007-11-11 18:28:08 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2007-11-11 17:41:09 0 d-------- C:\Program Files\Trend Micro
2007-11-11 16:49:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-11 13:54:39 0 d-------- C:\Program Files\Enigma Software Group
2007-11-11 10:42:53 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Corporation
2007-11-11 10:42:53 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2007-11-11 10:42:53 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-11 10:42:52 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2007-11-11 10:42:52 0 dr-h----- C:\Documents and Settings\Administrateur\Recent
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-11-11 10:42:52 0 dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-11 10:42:52 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-11-11 10:42:52 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2007-11-11 10:42:52 0 dr------- C:\Documents and Settings\Administrateur\Favoris
2007-11-11 10:42:52 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
2007-11-11 10:42:52 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-11 10:42:52 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2007-11-11 10:42:52 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-11-11 10:42:52 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Sun
2007-11-11 10:42:51 1048576 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2007-11-11 10:28:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 13:42:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-11-10 13:01:21 0 d-------- C:\Program Files\Fichiers communs\Nero
2007-11-06 10:01:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\Help
2007-11-02 09:13:45 0 d-------- C:\Documents and Settings\Philippe\Application Data\Nero
2007-11-02 09:08:51 0 d-------- C:\Program Files\Nero
2007-11-02 09:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-01 11:11:46 0 d-------- C:\Documents and Settings\Philippe\Application Data\Sonic
2007-11-01 11:08:26 0 d-------- C:\Documents and Settings\Philippe\Application Data\Leadertech
2007-11-01 10:22:12 0 d-------- C:\Documents and Settings\Philippe\dwhelper
2007-10-30 19:53:32 97280 --a------ C:\WINDOWS\b147.exe
2007-10-30 12:58:42 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not>
2007-10-30 12:58:42 0 d-------- C:\Program Files\OpenAL
2007-10-30 12:58:41 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not>
2007-10-30 09:48:41 0 d-------- C:\Documents and Settings\Philippe\Application Data\FileZilla
2007-10-28 14:57:33 0 d-------- C:\Program Files\DivXCodec
2007-10-28 14:55:40 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-28 14:55:40 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-28 14:25:17 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-28 14:23:05 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-28 10:59:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-10-27 12:32:18 0 d-------- C:\Documents and Settings\Philippe\Application Data\MailWasherPro
2007-10-26 13:38:47 0 d-------- C:\WINDOWS\system32\WinXP
2007-10-26 13:38:47 0 d-------- C:\WINDOWS\system32\Win2K
2007-10-26 13:38:44 192512 -----n--- C:\WINDOWS\system32\DetectHardware.exe <Not>
2007-10-26 13:38:44 143360 -----n--- C:\WINDOWS\system32\bcmwlu00.exe <Not>
2007-10-26 13:38:44 462848 -----n--- C:\WINDOWS\system32\bcmwltry.exe <Not>
2007-10-26 12:49:40 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-26 12:30:59 0 d-------- C:\Documents and Settings\Philippe\Application Data\Help
2007-10-26 08:21:39 0 d-------- C:\Documents and Settings\Philippe\Application Data\IsolatedStorage
2007-10-26 08:20:07 0 d-------- C:\WINDOWS\system32\URTTemp
2007-10-25 13:02:02 210032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2007-10-25 12:53:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-10-25 12:53:11 0 d-------- C:\Program Files\Macromedia
2007-10-25 12:53:11 0 d-------- C:\Program Files\Fichiers communs\Macromedia
2007-10-25 12:48:03 0 d-------- C:\Program Files\Symantec
2007-10-25 12:31:13 0 d-------- C:\WINDOWS\Downloaded Installations
2007-10-25 12:17:23 0 d-------- C:\Program Files\Radmin
2007-10-24 21:48:03 42392 --a------ C:\Documents and Settings\Philippe\Application Data\GDIPFONTCACHEV1.DAT
2007-10-24 14:33:06 81920 -----n--- C:\WINDOWS\system32\vdrmux.dll <Not>
2007-10-24 14:33:06 155721 -----n--- C:\WINDOWS\system32\RALMain.dll <Not>
2007-10-24 14:33:06 294912 -----n--- C:\WINDOWS\system32\pvmjpg21.dll <Not>
2007-10-24 14:33:06 44544 -----n--- C:\WINDOWS\system32\msxml4a.dll <Not>
2007-10-24 14:33:06 73728 -----n--- C:\WINDOWS\system32\MMAviAx.dll <Not>
2007-10-24 14:33:06 32768 -----n--- C:\WINDOWS\system32\MLPagAx.dll <Not>
2007-10-24 14:33:06 40960 -----n--- C:\WINDOWS\system32\langserv.dll <Not>
2007-10-24 14:33:06 204881 -----n--- C:\WINDOWS\system32\DiskIO.dll <Not>
2007-10-24 14:33:06 32838 -----n--- C:\WINDOWS\system32\Cachex.dll <Not>
2007-10-24 14:33:06 114759 -----n--- C:\WINDOWS\system32\Aviprax.dll <Not>
2007-10-24 14:32:24 0 d-------- C:\WINDOWS\system32\Quicktime
2007-10-24 14:32:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-10-24 14:32:21 0 d-------- C:\Program Files\SmartSound Software
2007-10-24 14:30:21 11264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys <Not>
2007-10-24 14:30:14 406016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-10-24 14:30:14 19456 --a------ C:\WINDOWS\system32\asapi.dll <Not>
2007-10-24 14:30:12 90112 --a------ C:\WINDOWS\unvise32.exe <Not>
2007-10-24 14:27:54 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not>
2007-10-24 14:25:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-24 14:24:59 0 d-------- C:\Program Files\Pinnacle
2007-10-24 14:24:35 14165 -----n--- C:\WINDOWS\system32\drivers\Pclepci.sys <Not>
2007-10-24 13:03:30 0 d-------- C:\WINDOWS\system32\LogFiles
2007-10-24 12:12:34 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-10-24 12:09:05 0 d-------- C:\Program Files\Corel
2007-10-24 12:05:41 0 d-------- C:\Program Files\Fichiers communs\Corel
2007-10-24 11:35:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Corel
2007-10-24 11:30:10 3714 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-24 11:30:10 88 -r-hs---- C:\WINDOWS\system32\8C01962A35.sys
2007-10-24 11:25:06 0 d-------- C:\Documents and Settings\Philippe\Application Data\Corel
2007-10-24 11:18:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-24 11:18:04 0 d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-10-24 09:27:31 0 d-------- C:\WINDOWS\ShellNew
2007-10-24 09:21:46 0 d-------- C:\Program Files\MSXML 4.0
2007-10-23 12:55:40 0 d-------- C:\Documents and Settings\Philippe\Application Data\Azureus
2007-10-23 12:40:47 0 d-------- C:\Documents and Settings\Philippe\Application Data\WinRAR
2007-10-23 12:03:58 1467 --a------ C:\WINDOWS\mozver.dat
2007-10-23 12:01:44 0 d-------- C:\Documents and Settings\Philippe\Application Data\Talkback
2007-10-23 12:01:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-23 12:01:28 0 d-------- C:\Documents and Settings\Philippe\Application Data\Mozilla
2007-10-22 19:24:08 0 d-------- C:\WINDOWS\Sun
2007-10-22 16:26:05 61440 --a------ C:\WINDOWS\scrub2k.exe
2007-10-22 16:26:03 0 d-------- C:\Program Files\Hewlett-Packard
2007-10-22 15:51:03 61440 --a------ C:\WINDOWS\system32\SonyAIwo.dll <Not>
2007-10-22 15:51:03 35328 --a------ C:\WINDOWS\system32\SonyAIwd.dll <Not>
2007-10-22 15:51:03 52736 --a------ C:\WINDOWS\system32\SonyAIds.dll <Not>
2007-10-22 15:24:12 0 d-------- C:\Documents and Settings\Philippe\Application Data\AdobeUM
2007-10-22 15:17:56 0 d-------- C:\Documents and Settings\Philippe\Application Data\Macromedia
2007-10-22 15:11:54 21419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not>
2007-10-22 15:11:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-10-22 15:11:00 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-10-22 14:23:37 0 d-a------ C:\Documentation
2007-10-22 13:19:31 0 d-------- C:\Documents and Settings\Philippe\Application Data\Google
2007-10-22 13:18:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-10-22 13:18:08 0 d-------- C:\Update
2007-10-22 13:17:43 0 d-------- C:\WINDOWS\system32\PreInstall
2007-10-22 13:17:40 0 d--h----- C:\WINDOWS\$hf_mig$
2007-10-22 13:12:50 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-10-22 13:00:46 0 d-------- C:\Program Files\Microsoft Works
2007-10-22 12:59:43 0 d-------- C:\Program Files\Sonic
2007-10-22 12:58:52 0 d-------- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2007-10-22 12:54:27 2981888 --a------ C:\WINDOWS\system32\iplw7.dll <Not>
2007-10-22 12:54:26 2502656 --a------ C:\WINDOWS\system32\iplpx.dll <Not>
2007-10-22 12:54:26 2531328 --a------ C:\WINDOWS\system32\iplp6.dll <Not>
2007-10-22 12:54:26 2785280 --a------ C:\WINDOWS\system32\iplm6.dll <Not>
2007-10-22 12:54:26 2686976 --a------ C:\WINDOWS\system32\iplm5.dll <Not>
2007-10-22 12:54:25 2973696 --a------ C:\WINDOWS\system32\ipla6.dll <Not>
2007-10-22 12:54:25 53248 --a------ C:\WINDOWS\system32\ipl.dll <Not>
2007-10-22 12:54:25 19968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2007-10-22 12:52:33 0 d-------- C:\Program Files\MoodLogic
2007-10-22 12:52:26 757760 --a------ C:\WINDOWS\system32\CDDBUI.dll <Not>
2007-10-22 12:52:26 110592 --a------ C:\WINDOWS\system32\CddbLangFR.dll <Not>
2007-10-22 12:52:26 630784 --a------ C:\WINDOWS\system32\CDDBControl.dll <Not>
2007-10-22 12:43:16 0 d-------- C:\Documents and Settings\Philippe\Application Data\Adobe
2007-10-22 12:42:35 0 d-------- C:\Program Files\Fichiers communs\Adobe
2007-10-22 12:39:47 0 d-------- C:\Program Files\Utimaco
2007-10-22 12:39:00 0 d-------- C:\Program Files\TvTvHTML
2007-10-22 12:38:59 0 d-------- C:\Program Files\TVTV EPG Installer
2007-10-22 12:33:06 0 d-------- C:\Documents and Settings\Philippe\Application Data\Identities
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Voisinage réseau
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Voisinage d'impression
2007-10-22 12:33:05 0 dr-h----- C:\Documents and Settings\Philippe\SendTo
2007-10-22 12:33:05 5242880 --ah----- C:\Documents and Settings\Philippe\NTUSER.DAT
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Modèles
2007-10-22 12:33:05 0 dr------- C:\Documents and Settings\Philippe\Mes documents
2007-10-22 12:33:05 0 dr------- C:\Documents and Settings\Philippe\Menu Démarrer
2007-10-22 12:33:05 0 d--h----- C:\Documents and Settings\Philippe\Local Settings
2007-10-22 12:33:05 0 dr------- C:\Documents and Settings\Philippe\Favoris
2007-10-22 12:33:05 0 d--hs---- C:\Documents and Settings\Philippe\Cookies
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Bureau
2007-10-22 12:33:05 0 dr-h----- C:\Documents and Settings\Philippe\Application Data
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Application Data\Symantec
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Application Data\Sun
2007-10-22 12:33:05 0 d-------- C:\Documents and Settings\Philippe\Application Data\Sony Corporation
2007-10-22 12:32:43 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-10-22 12:32:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-10-22 12:32:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2007-10-22 12:32:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Sony Corporation


-- Find3M Report ---------------------------------------------------------------

2007-11-19 10:52:52 505148 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-11-19 10:52:52 83484 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-11 17:27:41 0 d-------- C:\Program Files\Fichiers communs
2007-10-28 16:13:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-28 10:44:29 0 d-------- C:\Program Files\Google
2007-10-26 12:51:54 2508 --a------ C:\Documents and Settings\Philippe\Application Data\$_hpcst$.hpc
2007-10-25 12:49:34 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-10-23 12:06:31 0 d-------- C:\Program Files\Java
2007-10-22 22:04:20 0 d-------- C:\Program Files\Messenger
2007-10-22 15:10:54 0 d-------- C:\Program Files\Intel
2007-10-22 15:01:29 0 d-------- C:\Program Files\InterVideo
2007-10-22 14:47:02 0 d-------- C:\Program Files\sony
2007-10-22 14:45:06 0 d-------- C:\Program Files\Fichiers communs\Sony Shared
2007-10-22 14:44:28 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2007-10-10 14:53:54 184320 --a------ C:\WINDOWS\b111.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [07/11/2003 18:21]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [26/08/2004 20:00]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [29/06/2004 13:49]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [19/01/2004 09:49]
"SonyPowerCfg"="C:\Program Files\sony\vaio power management\SPMgr.exe" [29/06/2004 20:45]
"Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [19/09/2003 18:42]
"Mouse Suite 98 Daemon"="ICO.EXE" [14/03/2002 15:46 C:\WINDOWS\system32\ico.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [19/08/2004 15:10 C:\WINDOWS\system32\bthprops.cpl]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [20/02/2004 13:12]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [20/08/2002 11:29]
"HPWS myPrintMileage Agent"="C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe" [01/12/2004 13:08]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"Norton Ghost 9.0"="D:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [10/11/2004 10:03]
"bcmwltry"="bcmwltry.exe" [25/07/2003 07:28 C:\WINDOWS\system32\bcmwltry.exe]
"RemoveCpl"="RemoveCpl.exe" [14/01/2003 22:50 C:\WINDOWS\system32\RemoveCpl.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [11/11/2007 18:39]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [13/11/2007 15:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~3\wcescomm.exe" [26/06/2006 20:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 15:09]

C:\Documents and Settings\Philippe\Menu D‚marrer\Programmes\D‚marrage\
MailWasherPro.lnk - D:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe [30/10/2007 12:16:26]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [22/10/2007 12:50:13]
Audio Filter.lnk - C:\Program Files\sony\sonicstage mastering studio\audio filter\SSMSFilter.exe [22/10/2007 15:51:05]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 08:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfge.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2007-11-19 10:54:43 ------------
Ange
 
Messages: 15
Inscription: 12 Nov 2007, 13:45
Localisation: Saint Brieuc

Messagede nickW » 19 Nov 2007, 13:07

Bonjour,

Ange a écrit:T'ES UN CHEF, UN VRAI


Merci pour le compliment :D (....... même si une cheffe eût été plus adéquat).

J'étudie tes logs, réponse ce soir; il reste quelques modifs à effectuer dans le Registre.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 7 invités