[OK] Comportement PC + Navigation Internet bizarre : virus ?

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Comportement PC + Navigation Internet bizarre : virus ?

Messagede tophe37 » 22 Nov 2008, 12:19

Bonjour,

Depuis 2 ou3 jours, j'ai un comportement bizarre de mon PC :

-ZoneAlarm m'informe que SVCHOST.EXE essaye de se connecter aux adresses IP 74.125.43.100 ou autres
- la navigation internet est très très lente
- Suite à une recherche sur Google, quand je clique sur un résultat, je me retrouve sur une page qui n'a rien à voir (par exemple, je recherche wikipedia, je clique sur le lien donné et je me retouve sur la page http://www.bediddle.com/web.php?q=online+encyclopedia&cd=22597&cpe=cz1BQkMmY3A9aXRjZy0xMzg2NiZjPTAuMDE= après redirection par le lien http://go.google.com/?id=6b951420ab918097cf60241702f859b7&aid=61&said=v3001


Ci-dessous ma log hijackThis (version 1.99.01 car impossible d'afficher la page http://www.trendsecure.com/portal/en-US ... s/download)

Code: Tout sélectionner
Logfile of HijackThis v1.99.1
Scan saved at 11:51:57, on 22/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Utilitaires\HijackThis\vazyjack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322)" -"http://www.divertissez-vous.com/jeux-gratuits-flash/enfants-filles-garcons/1681/super-nanny.php"
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://spicespirit.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D97B8B4F-3EE5-4B6D-B33F-A358F40811AD}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Ces éléments sont-ils suffisants pour trouver ce qui se passe ?

Je remercie par avance celui ou celle qui donnera un peu de son temps pour se pencher sur mon problème.

Christophe
tophe37
 
Messages: 35
Inscription: 28 Mai 2007, 10:49

Messagede jessminder » 22 Nov 2008, 13:43

salut

L'adresse IP 74.125.43.100 appartient à Google english : http://whois.domaintools.com/74.125.43.100

ça me paraît normal mais bizarre si ton système et ton navigateur sont en français.

Pour le reste, je laisse nickW en juger...
Avatar de l’utilisateur
jessminder
 
Messages: 4735
Inscription: 08 Déc 2005, 18:52
Localisation: F- Palaiseau

Messagede tophe37 » 22 Nov 2008, 14:51

Maintenant, svchost.exe essaye de se connecter à l'adresse IP 72.52.198.112 ...

Whois me dit que cette adresse appartient à Liquid Web ???
tophe37
 
Messages: 35
Inscription: 28 Mai 2007, 10:49

Messagede tophe37 » 22 Nov 2008, 18:09

En fouillant un peu, je viens de m'apercevoir que dans le répertoire C:\WINDOWS\system32\drivers, je trouve svchost.exe et aussi les fichiers fidbox.idx et fidbox.dat créés à la même date ...

Je pense qu'il y a bien là quelque chose de pas très catholique.
tophe37
 
Messages: 35
Inscription: 28 Mai 2007, 10:49

Messagede nickW » 23 Nov 2008, 01:46

Bonsoir,

Peux-tu faire ceci:

Au vu de la longueur de la procédure, je te conseille de l'imprimer, d'enregistrer la page dans un fichier HTML (c'est la meilleure solution), ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet et des redémarrages sont possibles).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser en mode sans échec.



Étape 1: Affichage tous fichiers
Vérifier que ton PC affiche bien tous les fichiers
http://assiste.com.free.fr/p/comment/co ... aches.html


Étape 2: OTListIt (de OldTimer), téléchargement
Télécharger OTListIt.exe depuis http://oldtimer.geekstogo.com/OTListIt.exe
Enregistrer ce fichier sur le Bureau.


Étape 3: SDFix (de Andy Manchesta)
Télécharger SDFix.exe depuis l'un des trois liens ci-dessous:
http://downloads.andymanchesta.com/Remo ... /SDFix.exe
http://download.bleepingcomputer.com/an ... /SDFix.exe
http://sdfix.net/SDFix.exe
Enregistrer ce fichier sur le Bureau.
Faire un double clic sur SDFix.exe pour lancer l'extraction de l'outil dans un dossier SDFix placé à la racine de la partition système (par défaut "C:\").
A la fin de l'installation, une fenêtre du Bloc-notes s'ouvre pour afficher le contenu du fichier "Installed.txt". Fermer cette fenêtre du Bloc-notes.


Étape 4: Mode sans échec
Faire redémarrer le PC en mode sans échec en utilisant la méthode F8 (F5 sur certains PCs). Impératif: ne pas utiliser la méthode "msconfig"!
Voir http://assiste.com.free.fr/p/comment/co ... echec.html
Fermer le plus possible de fenêtres.
Pas de connexion Internet ouverte, pas d'Internet Explorer ouvert.


Étape 5: SDFix
Ouvrir le dossier SDFix qui a été créé à la racine de la partition système, et faire un double clic sur RunThis.bat pour lancer l'outil.

Image

Appuyer sur la touche Y puis faire Entrée, pour lancer l'exécution.
Selon l'infection détectée, un redémarrage immédiat est parfois nécessaire. Accepter, et faire redémarrer le PC en mode sans échec.
L'outil va supprimer les services de certains trojans, effectuer aussi quelques réparations du Registre. Ensuite, il demandera d'appuyer sur une touche pour faire redémarrer le PC.
Appuyer sur n'importe quelle touche pour faire redémarrer le PC (en mode normal).
Le système va mettre plus de temps que d'habitude pour redémarrer car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil va terminer le nettoyage puis afficher Finished.

Image

Appuyer sur n'importe quelle touche pour fermer l'outil et charger les icônes du Bureau.
Une fenêtre du Bloc-notes va s'ouvrir, affichant le rapport de SDFix.
Fermer cette fenêtre.


Étape 6: OTListIt (de OldTimer)
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTListIt.exe pour lancer l'outil.

Cocher la case située devant Scan All Users.
Cliquer sur le bouton Run Scan et laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant l'un des deux rapports.
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTListIt.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de SDFix (contenu du fichier Report.txt situé dans le dossier SDFix)

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTListIt (contenu des fichiers OTListIt.txt et Extras.txt situés sur le Bureau).

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede tophe37 » 24 Nov 2008, 09:32

Ci-dessous les résultats des différentes manipulations ...

NB : Ne pouvant pas de mon PC télécharger ni OTListIt, ni SDFIX.exe, j'ai dû les récupérer chez un ami ...

SDFIX : Lors de son utilisation, après le premier reboot, affichage d'un message faisant mention d'un rootkit et demande de reboot.

Rapport SDFIX


SDFix: Version 1.240
Run by HP_Administrateur on 24/11/2008 at 08:41

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\svchost.exe - Deleted
C:\WINDOWS\system32\TDSShrsr.dll - Deleted
C:\WINDOWS\system32\TDSSrtqp.dll - Deleted
C:\WINDOWS\system32\TDSSxfum.dll - Deleted
C:\WINDOWS\system32\TDSSlxwp.dll - Deleted
C:\WINDOWS\system32\TDSSorvd.dat - Deleted
C:\WINDOWS\system32\TDSSkkbi.log - Deleted


Could Not Remove C:\WINDOWS\system32\TDSSoiqn.dll



Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 09:21:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\HP_Administrateur\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

C:\WINDOWS\system32\TDSSoiqn.dll Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Apr 2008 211 A.SHR --- "C:\BOOT.BAK"
Mon 28 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 24 Nov 2008 5,940 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE9.tmp"
Mon 24 Nov 2008 5,686 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBEA.tmp"

Finished!




Je transmets les rappoty OTListIt dans les messages suivants ...
tophe37
 
Messages: 35
Inscription: 28 Mai 2007, 10:49

Messagede tophe37 » 24 Nov 2008, 09:33

OTListIt.txt


OTListIt logfile created on: 24/11/2008 09:22:46 - Run
OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\HP_Administrateur\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1022,48 Mb Total Physical Memory | 611,77 Mb Available Physical Memory | 59,83% Memory free
2,40 Gb Paging File | 2,00 Gb Available in Paging File | 83,16% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225,87 Gb Total Space | 150,66 Gb Free Space | 66,70% Space Free | Partition Type: NTFS
Drive D: | 6,99 Gb Total Space | 1,74 Gb Free Space | 24,84% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC_LEBERT
Current User Name: HP_Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/10/02 06:53:08 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/04/02 20:07:54 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2008/11/12 17:48:00 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2008/11/12 17:54:47 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2005/08/03 02:15:48 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
[2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 22:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2005/08/05 20:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2005/10/02 06:53:08 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/11/12 17:54:34 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2008/11/12 17:52:22 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2005/08/05 20:34:32 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2005/08/05 20:34:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2005/08/03 02:15:48 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
[1998/05/07 17:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe
[2005/10/02 08:13:42 | 00,057,344 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2004/09/07 21:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
[2005/02/03 00:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[2005/05/12 06:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/11/12 17:54:51 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/04/02 20:07:54 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2007/01/29 20:12:14 | 00,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[2007/03/12 13:51:26 | 00,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
[2008/04/14 03:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2007/03/02 15:48:00 | 00,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
[2005/10/02 08:13:42 | 00,057,344 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/08/07 10:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
[2008/08/05 13:10:56 | 00,126,976 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
[2008/08/05 13:11:04 | 00,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
[2008/08/05 13:10:58 | 00,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
[2008/11/24 07:47:44 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTListIt.exe

========== (O23) Win32 Services ==========

[2005/08/03 02:15:48 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/11/12 17:48:00 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2005/10/02 06:53:08 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/11/12 17:54:47 | 00,155,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2008/11/12 17:54:34 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2008/11/12 17:52:22 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 22:38:38 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2004/10/22 10:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2005/08/05 20:16:40 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/09/29 19:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Boot | Stopped])
[2008/08/07 10:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/04/02 20:07:54 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
[2006/11/03 08:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/10/03 21:57:20 | 02,799,488 | ---- | M] (ASUSTek) -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid [On_Demand | Running])
[2004/04/30 09:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus [Boot | Running])
[2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi [Boot | Running])
[2008/11/12 17:51:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
[2005/08/29 23:11:00 | 03,644,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2008/11/12 17:53:27 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
[2008/11/12 17:54:19 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
[2008/11/12 17:52:28 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
[2008/11/12 17:53:38 | 00,110,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
[2008/11/12 17:52:37 | 00,050,656 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] () -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi [Boot | Running])
[2005/10/02 07:00:24 | 01,334,784 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2003/11/05 14:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run [Boot | Running])
[2004/10/15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
File not found -- -- (catchme [On_Demand | Running])
[2005/06/30 00:03:18 | 00,175,104 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2 [Boot | Running])
[2005/06/17 13:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2008/04/14 03:05:15 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/04/13 19:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped])
[2004/11/22 16:36:40 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])
[2005/06/06 02:44:05 | 00,091,841 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID [On_Demand | Running])
[2007/09/17 14:53:26 | 00,021,632 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd [On_Demand | Stopped])
[2005/07/04 08:30:34 | 00,026,624 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Stopped])
[2004/08/10 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/04/25 09:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2005/03/04 19:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2004/08/04 06:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/04/03 12:59:30 | 00,083,208 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus [On_Demand | Stopped])
[2007/04/03 12:59:36 | 00,015,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl [On_Demand | Stopped])
[2007/04/03 12:59:38 | 00,108,680 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm [On_Demand | Stopped])
[2007/04/03 12:59:40 | 00,100,360 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt [On_Demand | Stopped])
[2007/04/03 12:59:42 | 00,099,080 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic [On_Demand | Stopped])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2008/04/02 20:08:00 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



HKU\S-1-5-21-3867791660-513652545-1080938973-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-3867791660-513652545-1080938973-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-3867791660-513652545-1080938973-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
HKU\S-1-5-21-3867791660-513652545-1080938973-1007\S-1-5-21-3867791660-513652545-1080938973-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKU\S-1-5-21-3867791660-513652545-1080938973-1007\S-1-5-21-3867791660-513652545-1080938973-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key does not exist or could not be opened. File not found
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-3867791660-513652545-1080938973-1007\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-3867791660-513652545-1080938973-1007\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode (Promise Technology, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513 (Creative Technology Ltd.)
O4 - HKLM..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)
O4 - HKCU..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - HKU\S-1-5-21-3867791660-513652545-1080938973-1007..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (Nokia)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322)" -"http://www.divertissez-vous.com/jeux-gratuits-flash/enfants-filles-garcons/1681/super-nanny.php" (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-3867791660-513652545-1080938973-1007..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322)" -"http://www.divertissez-vous.com/jeux-gratuits-flash/enfants-filles-garcons/1681/super-nanny.php" (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage\GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe (ShalSoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3867791660-513652545-1080938973-1007\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3867791660-513652545-1080938973-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3867791660-513652545-1080938973-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://spicespirit.spaces.live.com/Phot ... nPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game08.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - livecall - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msnim - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - skype4com - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625 | ]
[2005/01/02 17:10:29 | 00,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ]
[2004/04/30 15:01:14 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6cfe53b-af24-11dd-9840-0013d3d9d2fa}\Shell\AutoRun\command]
"" = K:\tmf3w3g0.com -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6cfe53b-af24-11dd-9840-0013d3d9d2fa}\Shell\explore\Command]
"" = K:\tmf3w3g0.com -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6cfe53b-af24-11dd-9840-0013d3d9d2fa}\Shell\open\Command]
"" = K:\tmf3w3g0.com -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2008/11/24 09:00:36 | 10,722,22208 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/24 08:39:06 | 00,579,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/24 08:31:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/11/24 08:15:44 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTListIt.exe
[2008/11/24 08:11:51 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/11/23 19:05:44 | 00,000,412 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\spider.sav
[2008/11/23 16:40:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/11/18 23:18:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/11/18 23:14:03 | 00,001,957 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Bureau\Luxor 4 Quest For The Afterlife.lnk
[2008/11/18 23:13:28 | 00,000,000 | ---D | C] -- C:\Program Files\Games
[2008/11/16 22:26:34 | 00,026,352 | ---- | C] () -- C:\Documents and Settings\HP_Administrateur\Application Data\NMM-MetaData.db
[2008/11/15 16:24:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2008/11/15 16:23:40 | 00,001,591 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\World of Goo.lnk
[2008/11/15 16:23:17 | 00,000,000 | ---D | C] -- C:\Program Files\WorldOfGoo
[2008/11/15 16:09:18 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2008/11/15 16:09:18 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2008/11/15 16:09:15 | 00,001,790 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Alcohol 120%.lnk
[2008/11/15 16:09:10 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2008/11/15 14:08:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/11/12 14:06:35 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/12 14:06:17 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/10/30 23:04:01 | 00,000,000 | ---D | C] -- C:\Program Files\EA SPORTS
[2008/10/25 17:53:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Application Data\Thinstall
[2008/10/25 17:03:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrateur\Application Data\iWin
[2008/10/25 17:02:10 | 00,000,000 | ---D | C] -- C:\Program Files\Jewel Quest III
[2008/10/25 17:01:56 | 00,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade


========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2008/11/24 09:12:10 | 00,358,382 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/11/24 09:10:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/24 09:10:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/24 09:10:36 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/24 08:43:50 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/11/24 08:39:06 | 00,579,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2008/11/24 07:47:44 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrateur\Bureau\OTListIt.exe
[2008/11/24 07:24:35 | 00,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2008/11/23 20:11:23 | 00,000,585 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\Mes dossiers de partage.lnk
[2008/11/23 19:05:44 | 00,000,412 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Mes documents\spider.sav
[2008/11/23 15:42:03 | 00,015,360 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/23 15:42:03 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/22 13:15:18 | 02,205,456 | -H-- | M] () -- C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\IconCache.db
[2008/11/21 10:53:12 | 12,950,9408 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/11/21 09:26:46 | 01,517,636 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/11/18 23:14:03 | 00,001,957 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Bureau\Luxor 4 Quest For The Afterlife.lnk
[2008/11/17 22:29:30 | 00,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/16 22:50:38 | 00,026,352 | ---- | M] () -- C:\Documents and Settings\HP_Administrateur\Application Data\NMM-MetaData.db
[2008/11/15 16:23:40 | 00,001,591 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\World of Goo.lnk
[2008/11/15 16:09:15 | 00,001,790 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Alcohol 120%.lnk
[2008/11/12 17:57:30 | 01,235,696 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2008/11/12 17:54:27 | 00,093,296 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2008/11/12 17:54:19 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2008/11/12 17:53:38 | 00,110,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2008/11/12 17:53:27 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2008/11/12 17:52:37 | 00,050,656 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2008/11/12 17:52:28 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2008/11/12 17:51:35 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2008/11/12 17:51:11 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2008/11/04 01:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/30 23:25:06 | 01,038,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/30 23:25:06 | 00,475,866 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2008/10/30 23:25:06 | 00,407,670 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/30 23:25:06 | 00,077,908 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2008/10/30 23:25:06 | 00,064,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

<End>
tophe37
 
Messages: 35
Inscription: 28 Mai 2007, 10:49

Messagede tophe37 » 24 Nov 2008, 09:34

Extras.txt

Code: Tout sélectionner
OTListIt Extras logfile created on: 24/11/2008 09:22:46 - Run
OTListIt by OldTimer - Version 1.0.12.0     Folder = C:\Documents and Settings\HP_Administrateur\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1022,48 Mb Total Physical Memory | 611,77 Mb Available Physical Memory | 59,83% Memory free
2,40 Gb Paging File | 2,00 Gb Available in Paging File | 83,16% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225,87 Gb Total Space | 150,66 Gb Free Space | 66,70% Space Free | Partition Type: NTFS
Drive D: | 6,99 Gb Total Space | 1,74 Gb Free Space | 24,84% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC_LEBERT
Current User Name: HP_Administrateur
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
 
[color=orange]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[color=orange]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
 
[color=orange]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/05/12 07:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
File not found -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
File not found -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
File not found -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
File not found -- C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed
[2008/04/23 16:45:34 | 22,058,792 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2007/10/18 10:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
 
[color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Amélioration de nos services
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{4F5D0805-E3B2-4E43-A363-B3D42C025BBD}" = Digimax A50/Cyber500
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Services Internet
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A70FA218-6598-4AC9-813D-63597C5DD068}" = Galerie de photos Windows Live
"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Assistant de connexion Windows Live
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger
"{BE9C325E-7ED4-4C99-9909-4CF35837966E}" = ATI Catalyst Control Center
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =             
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FFF012D6-AC26-4B2E-0095-1A81A91D0E71}" = LFP Manager 06
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Package de pilotes Windows - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.57
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Package de pilotes Windows - Nokia Modem  (05/22/2008 7.00.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Video FX Utility" = Utilitaire Effets vidéos avancés
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"AwayMode160" = Microsoft Away Mode
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Package de pilotes Windows - Nokia Modem  (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Package de pilotes Windows - Nokia Modem  (03/05/2008 3.7)
"CCleaner" = CCleaner (remove only)
"ConfigurateurModem" = Configurateur Modem
"Creative PD0630" = Creative WebCam Live! Driver (1.02.03.0606)
"Creative Photo Manager" = Creative Photo Manager
"Creative WebCam Center" = Creative WebCam Center
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Package de pilotes Windows - Nokia Modem  (03/13/2008 6.86.0.1)
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Amélioration de nos services
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Services Internet
"InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder
"Luxor 4 Quest For The Afterlife 1.00" = Luxor 4 Quest For The Afterlife 1.00
"Manuel d'utilisation de Creative WebCam Live! French" = Manuel d'utilisation de Creative WebCam Live! (Français)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"ShalSoft.GigaTribe_is1" = GigaTribe 2.45
"TomTom HOME" = TomTom HOME
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"ZoneAlarm" = ZoneAlarm
 
[color=orange]========== Last 10 Event Log Errors ==========[/color]
 
[ Antivirus Events ]
Error - 09/06/2008 12:44:20 | Computer Name = PC_LEBERT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 E:\Mes images\floraison espagnole 2006\P1010076.JPG failed, 0000A420. 
 
Error - 10/07/2008 19:02:05 | Computer Name = PC_LEBERT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://www.pixule.com/sondage.swf?key=38270542870 failed, 0000A413. 
 
Error - 10/07/2008 19:13:26 | Computer Name = PC_LEBERT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 http://www.pixule.com/sondage.swf?key=48092363486 failed, 0000A413. 
 
Error - 23/11/2008 11:39:48 | Computer Name = PC_LEBERT | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
 function A0000111. 
 
[ Application Events ]
Error - 22/11/2008 08:18:38 | Computer Name = PC_LEBERT | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
 du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
 0.
 
Error - 22/11/2008 08:19:01 | Computer Name = PC_LEBERT | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
 du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
 0.
 
Error - 22/11/2008 16:45:19 | Computer Name = PC_LEBERT | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16735, module
 défaillant flash10a.ocx, version 10.0.12.36, adresse de défaillance 0x000c0e90.
 
Error - 23/11/2008 11:39:09 | Computer Name = PC_LEBERT | Source = Application Hang | ID = 1002
Description = Application bloquée avast.setup, version 4.8.0.0, module bloqué hungapp,
 version 0.0.0.0, adresse de blocage 0x00000000.
 
Error - 23/11/2008 11:53:02 | Computer Name = PC_LEBERT | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
 du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
 0.
 
Error - 23/11/2008 11:53:26 | Computer Name = PC_LEBERT | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
 du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
 0.
 
Error - 23/11/2008 13:07:49 | Computer Name = PC_LEBERT | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
 du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
 0.
 
Error - 23/11/2008 13:08:12 | Computer Name = PC_LEBERT | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
 du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
 0.
 
Error - 24/11/2008 04:12:41 | Computer Name = PC_LEBERT | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
 du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
 0.
 
Error - 24/11/2008 04:13:11 | Computer Name = PC_LEBERT | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
 du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
 0.
 
[ System Events ]
Error - 24/11/2008 03:29:59 | Computer Name = PC_LEBERT | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
 avec les arguments ""  pour démarrer le serveur :  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 24/11/2008 03:30:13 | Computer Name = PC_LEBERT | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service StiSvc
 avec les arguments ""  pour démarrer le serveur :  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 24/11/2008 03:59:48 | Computer Name = PC_LEBERT | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom2 n'est pas encore prêt à être accédé.
 
Error - 24/11/2008 04:01:03 | Computer Name = PC_LEBERT | Source = sr | ID = 1
Description = Le filtre de restauration du système à rencontré l'erreur inattendue
 '0xC0000001' pendant le traitement du fichier '' sur le volume 'HarddiskVolume2'.
 Ceci a entraîné l'arrêt de la surveillance du volume.
 
Error - 24/11/2008 04:02:09 | Computer Name = PC_LEBERT | Source = Service Control Manager | ID = 7022
Description = Le service Acquisition d'image Windows (WIA) est en attente de démarrage.
 
Error - 24/11/2008 04:09:42 | Computer Name = PC_LEBERT | Source = Cdrom | ID = 262159
Description = Le périphérique \Device\CdRom2 n'est pas encore prêt à être accédé.
 
Error - 24/11/2008 04:12:09 | Computer Name = PC_LEBERT | Source = Service Control Manager | ID = 7022
Description = Le service Acquisition d'image Windows (WIA) est en attente de démarrage.
 
Error - 24/11/2008 04:12:33 | Computer Name = PC_LEBERT | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé.
 La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.

 
Error - 24/11/2008 04:12:34 | Computer Name = PC_LEBERT | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC.  Message
 d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.
 
Error - 24/11/2008 04:12:34 | Computer Name = PC_LEBERT | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Message
 d'erreur de référence : Opération réussie.  .
 
 
<End>

tophe37
 
Messages: 35
Inscription: 28 Mai 2007, 10:49

Messagede tophe37 » 24 Nov 2008, 11:56

Suite aux manipulations effectuées, Google fonctionnait correctement.

Par contre, après 1h d'utilisation, ca recommence et je suis redirigé vers le site www.bediddle.com.

J'ai aussi souvent un problème de connexion Internet : impossible d'afficher quelque page que ce soit.

Autres éléments :
- via IE, impossible d'accéder à mon routeur (par contre, quand je fais un ping dessus, il me répond).
- Il arrive que mon PC se bloque totalement ... Impossible d'utiliser le clavier ou la souris, impossible d'afficher le gestionnaire de taches
- Lorsque j'ai utiliser SDFix, il a d'abord fallut que je renomme SDFix.exe en toto.exe pour pouvoir faire l'installation
- Idem pour HojackThis

bizarre, bizarre

Et à l'instant, message de mon antivirus : blocked access to malicious site dns://scan.scannerantispyware.com [ C:\WINDOWS\system32\svchost.exe ]
tophe37
 
Messages: 35
Inscription: 28 Mai 2007, 10:49

Messagede nickW » 26 Nov 2008, 01:39

Bonsoir,

Je t'ai envoyé un MP (Message Privé).

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 15 invités