Bonjour

Suivant les recommandations trouvées sur ce site, j'ai désinstallé AVAST, pour le remplacer par Antivir.
Tout s'est passé sans problème, mais maintenant, j'ai plusieurs fois par jour un avertissement d'Antivir,
concernant la présence des choses suivantes:

worm/bagle.gen
w95/Blumblebee.1738
cc/00233
DR/HideWindows.879167

Ceci après avoir supprimé un maximum de services Windows, d'avoir passé SpyBot et AD-Aware et CCleaner et EasyCleaner.

J'ai cherché sur le NET, et il semble que ce n'est pas trop grave.
Toutefois, afin d'éviter le désagrément de ces avertissements, j'aimerais bien les éradiquer une bonne fois pour toutes.

J'ai remarqué que la plupart se trouvaient dans un répertoire system appelé "System Volume Information",
qui est l'endroit ou Windows garde au chaud tout ce qui est nécessaire pour les points de restoration.
Donc, il ne veut pas qu'on y touche...

Alors, avant de supprimer temporairement tous les "restore points" et de passer par derriere pour eliminer le contenu de ces "System Volume Information",
Je vous demande conseil ! Que feriez-vous à ma place ?
Je vous joint un HijackThis....

Au fait.. tous ces Logitech\Desktop Messanger, c'est un peu ridicule, est-ce normal ?

Merci d'avance !

Code: Tout sélectionner

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:01, on 18.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SNP Software\StartupMonitor\StartupMonitor.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Maxtor\MSS Backup\maxbackservice.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Maxtor\ManagerApp\msssort.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UBS e-banking\UBS Shell\UBSShell.exe
C:\Program Files\AllChars\AllChars.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/PatrickLa/My%20Documents/My%20Webs/StartPage/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O3 - Toolbar: PrivBar - {300BC64A-BF32-4cc8-8917-91148CEFE700} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StartupMonitor] "C:\Program Files\SNP Software\StartupMonitor\StartupMonitor.exe"
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "C:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKLM\..\Run: [MaxBackSchedule] "C:\Program Files\Maxtor\MSS Backup\maxbackservice.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [mssSort] "C:\Program Files\Maxtor\ManagerApp\msssort.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UBSShell] C:\Program Files\UBS e-banking\UBS Shell\UBSShell.exe Hidden
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-21-1454471165-776561741-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1454471165-776561741-839522115-1003\..\Run: [UBSShell] C:\Program Files\UBS e-banking\UBS Shell\UBSShell.exe Hidden (User '?')
O4 - HKUS\S-1-5-21-1454471165-776561741-839522115-1003\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1454471165-776561741-839522115-1003 Startup: AllChars.lnk = C:\Program Files\AllChars\AllChars.exe (User '?')
O4 - Startup: AllChars.lnk = C:\Program Files\AllChars\AllChars.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bw+0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {93713DD1-CF22-4026-8718-8207423F67D8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - C:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe

--
End of file - 19545 bytes


Bonjour,

il y en a partout là dedans.

Infection rootkit Bagle (aïe, il shoote les antivirus normalement) :

Télécharge ELIBAGLA en bas de cette page > http://www.zonavirus.com/datos/descarga ... ibagla.asp

* Clique sur le bouton Descargar Elibagla , place le sur le bureau.
* Double-clique dessus pour l'ouvrir.
* Assure-toi que dans le menu déroulant Unidad, tu aies bien C:\
* Vérifie aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.
* Clique sur le bouton Explorar pour lancer l'analyse.

Poste le rapport ELIBAGLA stp.Si tu ne le vois pas, il se trouve ici > C:\InfoSat.txt

On commence par ça, il reste beaucoup à faire, mais on y va petit à petit.

Hello

Merci pour ton support

J'ai fait comme tu as dit, et apres
"Clique sur le bouton Explorar pour lancer l'analyse. "

Il bricole quelques secondes puis:

---------------------------
EliBaglA
---------------------------
Acceso denegado a la carpeta:
C:\\Config.Msi (8208)
---------------------------
OK
---------------------------

Je dis OK, pas d'autre choix ...

Apres ~15 secondes de boulot:

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys (8212)
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys (8212)
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader (8208)
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader (8208)
etc...

puis apres ~ 1 minute

Acceso denegado a la carpeta:
C:\Documents and Settings\LocalService (8214)
C:\Documents and Settings\NetworkService (8214)

apres 2-3 minutes ..
Acceso denegado a la carpeta:
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Backup (8208)
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data (8208)
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Install (8208)
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG (8208)
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\repldata (8208)
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Template Data (8208)

apres 2 minutes

C:\Program Files\WindowsUpdate (8210)
C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ (2066)
C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ (2066)
C:\WINDOWS\$NtUninstallbasecsp$ (2066)
C:\WINDOWS\$NtUninstallKB891122$ (2066)
C:\WINDOWS\$NtUninstallKB896344$ (2066)
etc... des dizaines de fois Ok ...

apres ~2 minutes, il semble avoir fini ,
mais pas de fichier C:\InfoSat.txt ...

dans le dialogue, il dit:
Nb total de directorios 20761
Nb total de Ficheros 257133
Analizados 11906
Infectados 0
Eliminados 0
Tiempo (seg) 1022

Comme j'ai aussi un disque F: et que c'etait la que se trouvaient les problemes, je lance sur F:

Aussi des
Acceso denegado a la carpeta:
F:\RECYCLER\S-1-5-21-4245988811-2638217224-2924880335-1005 (8214)
je dis OK pour tous

Ca va plus vite et j'ai
Nb total de directorios 2500
Nb total de Ficheros 65246
Analizados 1979
Infectados 0
Eliminados 0
Tiempo (seg) 116

Toujours pas de fichier C:\InfoSat.txt ...

On dirait qu'il n'a rien trouvé !

Huh, nicht gut, il n'accès pas à tous les dossiers (il dit que l'acès lui est interdit). Bon... a moins que l'antivirus ait fait son boulot correctement.

On va faire autre chose pour voir.

Télécharge et lance DiagHelp sur ton bureau et décompresse-le comme indiqué ici :
http://www.malekal.com/DiagHelp/DiagHelp.php

Ne lance que l'option 1 et poste le rapport dans ta prochaine réponse.
Ca prend un moment, normal.

J'ai oublié de dire qu'il y a quelques mois, j'ai cliqué stupidement sur le dialogue d'un installer pour pocket PC, et qu'apres, mon PC semblait "hanté" ...
Alors j'ai enlevé la prise Ethernet, et lancé un restore point d'une semaine avant.

Plus de probleme ensuite...
Mais peut-être que cela pourrait expliquer les detections d'Antivir dans le repertoire "System Volume Information" ... quelques fichiers pourris étant prets à être restaurés ..
Ce qui me pousserait volontiers à stoper le systeme de restoration, puis à detruire en safe boot, les repertoires concernés, avant de réénabler le "system restore" ...


Bref, j'ai procédé comme demandé avec DiagHelp, et après une dizaine de minutes, on m'a demandé d'envoyer le fichier "Upload_moixxxx.tar.gz? via une page web (http://upload.malekal.com/), ce que j'ai fait, mais ca prends du temps... il faut dire que le fichier fait 15 megas..

après un bon moment, je recois le message suivant sur la page web (http://upload.malekal.com/upload.php)

Le fichier choisi est invalide !
Retour

Que faire ?

Ho, il va rigoler Malekal.
L'upload a son importance, pour aider les développeurs à réagir face aux nouvelles infections, et améliorer vite les outils. Envoie moi par mail le fichier, je vais regarder ce qui le rend si gros. Je te communique un mail par MP.
Je verrai directement avec Malekal pour lui transmettre le fichier sans passer par le site, car il doit y avoir une limite de taille.

Que faire, donc ça, et sinon, il me faut le contenu du rapport généré dans ton prochain post. (c:\resultat.txt si il a bien été fait)

Dans le fichier
upload_moi_P4_2005.tar.gz\WINDOWS\System32 - TAR+GZIP archive, unpacked size 33'432'696 bytes
, il y a un fichier

DropMyRights.exe,

ainsi que plusieurs dll et un exe venant de Windows/System32
xpsp3res.dll
wininet.dll
webcheck.dll
unrar.dll
shel32.dll
qt-dx331.dll
MRT.exe
inetcomm.dll
dpl100.dll
divx.dll
BitCometRes.dll

Envoie moi par mail ton fichier upload_moi_P4_2005.tar.gz à l'adresse que je t'ai fait parvenir par MP stp.

Et... heu (re) il me faut ton rapport diaghelp.
(c:\resultat.txt si il a bien été fait)

Ok j'envoie le fichier par email, ainsi que le fichier "resultat.txt"
ca devrait passer sans problème, j'utilise WebMail chez Infomaniak.

Encore merci !

Ok, je mange et je regarde ça.

N'oublie pas de poster... le rapport diaghelp, sur le forum.
Nous le voulons, mon précieeeeeuuuuux, rapport diaghelp, précccccccieux.

Ha ok, reçu par mail (l'antispam l'a jeté à la poubelle), je le mets là moi-même alors.


DiagHelp version v1.4 - http://www.malekal.com
excute le 18.11.2007 à 17:39:48.51


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->18.11.2007 17:39:44
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->18.11.2007 17:35:05
C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->18.11.2007 17:34:33
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->18.11.2007 17:34:21
C:\WINDOWS\prefetch\WINZIP32.EXE-2F3C90C9.pf -->18.11.2007 17:32:41
C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf -->18.11.2007 17:31:55
C:\WINDOWS\prefetch\RUNDLL32.EXE-6E8D4657.pf -->18.11.2007 16:41:34
C:\WINDOWS\prefetch\ELIBAGLA.EXE-31D1DB4D.pf -->18.11.2007 16:23:14
C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf -->18.11.2007 16:19:53
C:\WINDOWS\prefetch\DROPMYRIGHTS.EXE-32A949B5.pf -->18.11.2007 16:19:53

C:\WINDOWS\System32\drivers\avipbb.sys -->12.11.2007 17:21:47
C:\WINDOWS\System32\drivers\avgntdd.sys -->09.08.2007 13:04:11
C:\WINDOWS\System32\drivers\avgntmgr.sys -->18.07.2007 14:22:19
C:\WINDOWS\System32\drivers\update.sys -->23.04.2007 11:32:54
C:\WINDOWS\System32\drivers\sdbus.sys -->16.04.2007 11:34:04
C:\WINDOWS\System32\drivers\sffp_sd.sys -->16.04.2007 11:14:00
C:\WINDOWS\System32\drivers\sffp_mmc.sys -->16.04.2007 11:14:00

C:\WINDOWS\System32\wpa.dbl -->17.11.2007 20:06:09
C:\WINDOWS\System32\nvapps.xml -->17.11.2007 20:05:59
C:\WINDOWS\System32\PerfStringBackup.INI -->14.11.2007 19:12:37
C:\WINDOWS\System32\perfh009.dat -->14.11.2007 19:12:37
C:\WINDOWS\System32\perfc009.dat -->14.11.2007 19:12:37
C:\WINDOWS\System32\CONFIG.NT -->12.11.2007 12:54:58
C:\WINDOWS\System32\MRT.exe -->02.11.2007 08:12:57
C:\WINDOWS\System32\Uninstall.ico -->31.10.2007 19:20:25
C:\WINDOWS\System32\Help.ico -->31.10.2007 19:20:25
C:\WINDOWS\System32\xpsp3res.dll -->29.10.2007 11:04:03
C:\WINDOWS\System32\shell32.dll -->26.10.2007 04:34:01
C:\WINDOWS\System32\BitCometRes.dll -->03.10.2007 18:16:37
C:\WINDOWS\System32\lame_acm.xml -->03.10.2007 17:03:30
C:\WINDOWS\System32\qt-dx331.dll -->28.09.2007 18:07:52
C:\WINDOWS\System32\dpl100.dll -->28.09.2007 18:05:50
C:\WINDOWS\System32\divx.dll -->28.09.2007 18:05:40
C:\WINDOWS\System32\ac3acm.acm -->21.09.2007 02:52:46
C:\WINDOWS\System32\unrar.dll -->04.09.2007 18:56:10
C:\WINDOWS\System32\TZLog.log -->29.08.2007 06:50:46
C:\WINDOWS\System32\nscompat.tlb -->26.08.2007 11:26:33
C:\WINDOWS\System32\amcompat.tlb -->26.08.2007 11:26:33
C:\WINDOWS\System32\dxva_sig.txt -->26.08.2007 10:53:38
C:\WINDOWS\System32\inetcomm.dll -->21.08.2007 07:15:44
C:\WINDOWS\System32\wininet.dll -->20.08.2007 11:04:43
C:\WINDOWS\System32\webcheck.dll -->20.08.2007 11:04:42

C:\WINDOWS\WindowsUpdate.log -->18.11.2007 17:39:36
C:\WINDOWS\0.log -->17.11.2007 20:05:50
C:\WINDOWS\wiadebug.log -->17.11.2007 20:05:37
C:\WINDOWS\wiaservc.log -->17.11.2007 20:05:32
C:\WINDOWS\bootstat.dat -->17.11.2007 20:05:04
C:\WINDOWS\SchedLgU.Txt -->17.11.2007 20:03:55
C:\WINDOWS\NeroDigital.ini -->17.11.2007 14:13:21
C:\WINDOWS\OEWABLog.txt -->17.11.2007 10:56:39
C:\WINDOWS\wmsetup.log -->17.11.2007 10:56:38
C:\WINDOWS\setupapi.log -->16.11.2007 06:35:50
C:\WINDOWS\pxisys.ini -->14.11.2007 18:11:39
C:\WINDOWS\pxiesys.ini -->14.11.2007 18:11:39
C:\WINDOWS\tsoc.log -->14.11.2007 08:02:40
C:\WINDOWS\tabletoc.log -->14.11.2007 08:02:40
C:\WINDOWS\ocmsn.log -->14.11.2007 08:02:40

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1888
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x42c10000 0xcf000 7.00.6000.16544 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x42990000 0x45000 7.00.6000.16544 C:\WINDOWS\system32\iertutil.dll
0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x10000000 0x13000 1.00.0002.0001 C:\WINDOWS\system32\MssShellExt.dll
0x5f800000 0xf2000 6.02.8071.0000 C:\WINDOWS\system32\MFC42u.DLL
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x01e30000 0x16000 1.01.1593.0000 C:\PROGRA~1\WINDOW~4\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x42cf0000 0x124000 7.00.6000.16544 C:\WINDOWS\system32\urlmon.dll
0x42ef0000 0x5cb000 7.00.6000.16544 C:\WINDOWS\system32\ieframe.dll
0x42e40000 0x3c000 7.00.6000.16544 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x024d0000 0xd000 1.01.0000.0582 C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x7d1e0000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x01f00000 0x11000 3.06.0002.0074 C:\Program Files\AllChars\ALLCHR32.DLL
0x01f20000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x01f40000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xe000 7.10.3077.0000 C:\WINDOWS\system32\MFC71ENU.DLL
0x00fe0000 0xf000 0.01.0000.0000 C:\Program Files\Notepad++\nppshellext.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x01fa0000 0x1b000 1.09.0005.0022 C:\Program Files\GiPo@Utilities\GiPo@MoveOnBoot\mboot.dll
------------------------------------------------------------------------------
explorer.exe pid: 2980
Command line: "C:\WINDOWS\explorer.exe" /n,/e,C:\

Base Size Version Path
0x42c10000 0xcf000 7.00.6000.16544 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x42990000 0x45000 7.00.6000.16544 C:\WINDOWS\system32\iertutil.dll
0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x42ef0000 0x5cb000 7.00.6000.16544 C:\WINDOWS\system32\ieframe.dll
0x42cf0000 0x124000 7.00.6000.16544 C:\WINDOWS\system32\urlmon.dll
0x10000000 0x13000 1.00.0002.0001 C:\WINDOWS\system32\MssShellExt.dll
0x5f800000 0xf2000 6.02.8071.0000 C:\WINDOWS\system32\MFC42u.DLL
0x01920000 0xd5000 1.04.0000.0000 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x021a0000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01dc0000 0x11000 3.06.0002.0074 C:\Program Files\AllChars\ALLCHR32.DLL
0x01e90000 0xd000 1.01.0000.0582 C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL
0x01d20000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x02660000 0x16000 1.01.1593.0000 C:\PROGRA~1\WINDOW~4\MpShHook.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll
0x00c60000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x5d360000 0xe000 7.10.3077.0000 C:\WINDOWS\system32\MFC71ENU.DLL
0x00c90000 0xf000 0.01.0000.0000 C:\Program Files\Notepad++\nppshellext.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 1380
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01dd0000 0x3b000 1.07.0017.0000 C:\WINDOWS\system32\WgaLogon.dll
0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll


Volume in drive C is System
Volume Serial Number is 80FD-EBC5

Directory of C:\WINDOWS\system

17.07.2002 16:22 3'535 Wowpost.exe
1 File(s) 3'535 bytes
0 Dir(s) 36'167'233'536 bytes free
Volume in drive C is System
Volume Serial Number is 80FD-EBC5

Directory of C:\WINDOWS\system32

04.08.2004 13:00 6'144 csrss.exe
1 File(s) 6'144 bytes
0 Dir(s) 36'167'233'536 bytes free

Contenu de Downloaded Program Files
Volume in drive C is System
Volume Serial Number is 80FD-EBC5

Directory of C:\WINDOWS\Downloaded Program Files

16.11.2007 19:03 <DIR> .
16.11.2007 19:03 <DIR> ..
21.11.2005 17:21 65 desktop.ini
23.03.2007 11:17 1'292 erma.inf
03.11.2005 20:24 495 LegitCheckControl.inf
20.01.2000 15:25 1'162 Microsoft XML Parser for Java.osd
17.01.2007 23:27 345'512 MSDcode.dll
30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf
14.08.2005 00:26 113'664 MsnMessengerSetupDownloader.ocx
17.05.2006 15:49 419'128 wlscBase.dll
17.05.2006 15:52 322 wlscBase.inf
9 File(s) 881'867 bytes

Total Files Listed:
9 File(s) 881'867 bytes
2 Dir(s) 36'167'233'536 bytes free

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:LocalSubNet:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Cobian Backup 8\\cbInterface.exe"="C:\\Program Files\\Cobian Backup 8\\cbInterface.exe:*:Enabled:Cobian Backup Black Moon Interface"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\eMule\\emule.exe"="C:\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:LocalSubNet:Enabled:Microsoft DirectPlay8 Server"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:LocalSubNet:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:LocalSubNet:Enabled:Run a DLL as an App"
"C:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"="C:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe:*:Disabled:gwflash"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Zattoo\\zattood.exe"="C:\\Program Files\\Zattoo\\zattood.exe:*:Enabled:zattood"
"C:\\Program Files\\Maxtor\\ManagerApp\\MaxUtilities.exe"="C:\\Program Files\\Maxtor\\ManagerApp\\MaxUtilities.exe:*:Enabled:Maxtor EasyManage™"
"C:\\Program Files\\Zattoo\\Zattoo2.exe"="C:\\Program Files\\Zattoo\\Zattoo2.exe:*:Disabled: "
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Remote Display Control\\cerhost.exe"="C:\\Program Files\\Remote Display Control\\cerhost.exe:*:Disabled:cerhost"
"C:\\Program Files\\EA SPORTS\\Tiger Woods PGA TOUR 07\\bin\\TW2007.exe"="C:\\Program Files\\EA SPORTS\\Tiger Woods PGA TOUR 07\\bin\\TW2007.exe:LocalSubNet:Disabled:Tiger Woods PGA TOUR® 07"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 17:40:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f8,64,e1,16,ea,9e,30,97,db,69,21,d7,66,67,80,5e,e8,87,56,74,4c,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,01,d8,d0,38,ee,60,fd,4f,a1,ed,04,81,5f,60,22,ce,47,..
"khjeh"=hex:0d,40,a1,4b,68,ef,9c,bd,df,9c,48,2d,fe,8c,e7,8a,a7,f0,88,80,a7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:ff,b9,bf,37,87,b5,70,90,21,d3,a3,53,16,07,75,2f,f5,46,0d,e8,37,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:e43ed5c0
"s2"=dword:7454f073
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f8,64,e1,16,ea,9e,30,97,db,69,21,d7,66,67,80,5e,e8,87,56,74,4c,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,01,d8,d0,38,ee,60,fd,4f,a1,ed,04,81,5f,60,22,ce,47,..
"khjeh"=hex:0d,40,a1,4b,68,ef,9c,bd,df,9c,48,2d,fe,8c,e7,8a,a7,f0,88,80,a7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d9,01,a7,e6,99,14,8c,4d,8a,ce,01,22,0e,b0,1f,91,e7,8d,06,31,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:f8,64,e1,16,ea,9e,30,97,db,69,21,d7,66,67,80,5e,e8,87,56,74,4c,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,01,d8,d0,38,ee,60,fd,4f,a1,ed,04,81,5f,60,22,ce,47,..
"khjeh"=hex:0d,40,a1,4b,68,ef,9c,bd,df,9c,48,2d,fe,8c,e7,8a,a7,f0,88,80,a7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:d9,01,a7,e6,99,14,8c,4d,8a,ce,01,22,0e,b0,1f,91,e7,8d,06,31,8a,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG2 (http://www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
312 - MsMpEng.exe
400 - svchost.exe
496 - svchost.exe
776 - sqlservr.exe
808 - svchost.exe
960 - avguard.exe
1236 - csrss.exe
1316 - svchost.exe
1380 - winlogon.exe
1544 - services.exe
1548 - msssort.exe
1580 - lsass.exe
1768 - avgnt.exe
1788 - sched.exe
1872 - nvsvc32.exe
1888 - explorer.exe
1904 - cbService.exe
1924 - svchost.exe
2016 - CALMAIN.exe
2028 - svchost.exe
2208 - cbInterface.exe
2284 - MaxBackService.
2364 - MaxMenuMgr.exe
2472 - svchost.exe
2572 - ctfmon.exe
2724 - RTHDCPL.exe
2980 - explorer.exe
2996 - alg.exe
3388 - MSASCui.exe
3876 - StartupMonitor.
14700 - emule.exe
14884 - winamp.exe
18704 - firefox.exe
20704 - wuauclt.exe
21472 - cmd.exe

Total number of processes = 36
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG2 (http://www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA6D0000 - sptd.sys
BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
BA6B8000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
BA6A7000 - pci.sys
BA8A8000 - isapnp.sys
BA679000 - ACPI.sys
BAE70000 - pciide.sys
BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
BA8B8000 - MountMgr.sys
BA65A000 - ftdisk.sys
BADAC000 - dmload.sys
BA634000 - dmio.sys
BAB30000 - PartMgr.sys
BA8C8000 - VolSnap.sys
BA61C000 - atapi.sys
BAB38000 - iteraid.sys
BA8D8000 - iteatapi.sys
BA8E8000 - disk.sys
BA8F8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
BA5FC000 - fltMgr.sys
BA5EA000 - sr.sys
BA908000 - PxHelp20.sys
BA5D3000 - KSecDD.sys
BA53D000 - nipalk.sys
BA510000 - \WINDOWS\System32\drivers\NDIS.SYS
BAB40000 - \WINDOWS\System32\drivers\TDI.SYS
BA483000 - Ntfs.sys
BA46B000 - snapman.sys
BA450000 - Mup.sys
BA998000 - \SystemRoot\system32\DRIVERS\intelppm.sys
B9FA6000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B9F92000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
B9F6D000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
B9F4C000 - \SystemRoot\system32\DRIVERS\b57xp32.sys
BAB78000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
B9F29000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
BAB80000 - \SystemRoot\system32\DRIVERS\usbehci.sys
B9E62000 - \SystemRoot\system32\DRIVERS\hcwPVRP2.sys
BA9A8000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
B9E3F000 - \SystemRoot\system32\DRIVERS\ks.sys
BAB98000 - \SystemRoot\system32\DRIVERS\fdc.sys
BA9B8000 - \SystemRoot\system32\DRIVERS\serial.sys
BA404000 - \SystemRoot\system32\DRIVERS\serenum.sys
B9E2B000 - \SystemRoot\system32\DRIVERS\parport.sys
BA9C8000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
BABA8000 - \SystemRoot\system32\DRIVERS\mouclass.sys
BABB0000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
BA9D8000 - \SystemRoot\system32\DRIVERS\imapi.sys
BABC0000 - \SystemRoot\System32\DRIVERS\dvd43llh.sys
BA9E8000 - \SystemRoot\system32\DRIVERS\cdrom.sys
BA9F8000 - \SystemRoot\system32\DRIVERS\redbook.sys
B9D41000 - \SystemRoot\System32\Drivers\aacldfzw.SYS
BAA08000 - \SystemRoot\system32\DRIVERS\VMNetSrv.sys
BAEAF000 - \SystemRoot\system32\DRIVERS\audstub.sys
BAA18000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
BA3C8000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
B9D02000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
BAA28000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
BAA38000 - \SystemRoot\system32\DRIVERS\raspptp.sys
B9CF1000 - \SystemRoot\system32\DRIVERS\psched.sys
BAA48000 - \SystemRoot\system32\DRIVERS\msgpc.sys
BAC38000 - \SystemRoot\system32\DRIVERS\ptilink.sys
BAC48000 - \SystemRoot\system32\DRIVERS\raspti.sys
B9CC0000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
BAA58000 - \SystemRoot\system32\DRIVERS\termdd.sys
BADB8000 - \SystemRoot\system32\DRIVERS\swenum.sys
B9C67000 - \SystemRoot\system32\DRIVERS\update.sys
BA3AC000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
BAA68000 - \SystemRoot\System32\Drivers\NDProxy.SYS
B7740000 - \SystemRoot\system32\drivers\RtkHDAud.sys
B771E000 - \SystemRoot\system32\drivers\portcls.sys
BAA78000 - \SystemRoot\system32\drivers\drmk.sys
BAA98000 - \SystemRoot\system32\DRIVERS\usbhub.sys
BADC4000 - \SystemRoot\system32\DRIVERS\USBD.SYS
BAC80000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
BADC8000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BAF1A000 - \SystemRoot\System32\Drivers\Null.SYS
BADCC000 - \SystemRoot\System32\Drivers\Beep.SYS
BACA0000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
BACA8000 - \SystemRoot\System32\drivers\vga.sys
BADD2000 - \SystemRoot\System32\Drivers\mnmdd.SYS
BADD6000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
BAB50000 - \SystemRoot\System32\Drivers\Msfs.SYS
BAB90000 - \SystemRoot\System32\Drivers\Npfs.SYS
BA3D4000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B3623000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B35CB000 - \SystemRoot\system32\DRIVERS\tcpip.sys
B35A3000 - \SystemRoot\system32\DRIVERS\netbt.sys
B3582000 - \SystemRoot\system32\DRIVERS\ipnat.sys
B3560000 - \SystemRoot\System32\drivers\afd.sys
BAAB8000 - \SystemRoot\system32\DRIVERS\netbios.sys
B353A000 - \??\C:\WINDOWS\system32\drivers\vmm.sys
BABC8000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
B3513000 - \SystemRoot\System32\Drivers\omcamvid.sys
BABD8000 - \SystemRoot\System32\Drivers\OVTCAMD.SYS
BABE8000 - \SystemRoot\system32\drivers\habu.sys
BABF8000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
B9D25000 - \SystemRoot\system32\DRIVERS\hidusb.sys
BAAC8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
BAC08000 - \SystemRoot\System32\Drivers\SCDEmu.SYS
B34C0000 - \SystemRoot\system32\DRIVERS\rdbss.sys
B3451000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
BAAD8000 - \SystemRoot\System32\Drivers\Fips.SYS
BAAE8000 - \SystemRoot\system32\DRIVERS\avipbb.sys
BADDA000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
B9C4F000 - \SystemRoot\System32\Drivers\ASPI32.SYS
BAAF8000 - \SystemRoot\system32\DRIVERS\wanarp.sys
B3666000 - \SystemRoot\system32\DRIVERS\mouhid.sys
B3662000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
BAB18000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B3411000 - \SystemRoot\System32\Drivers\dump_atapi.sys
BADE2000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
BA3E4000 - \SystemRoot\System32\drivers\Dxapi.sys
BAC70000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAF96000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
B1A74000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
B1A1F000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
BAF35000 - \SystemRoot\System32\Drivers\cvintdrv.SYS
BADB4000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B1A5C000 - \??\C:\WINDOWS\system32\drivers\EIO.sys
B1966000 - \SystemRoot\System32\Drivers\HTTP.sys
BAC28000 - \SystemRoot\system32\drivers\lvalarmk.dll
B1929000 - \SystemRoot\system32\drivers\wdmaud.sys
B1B10000 - \SystemRoot\system32\drivers\sysaudio.sys
B1631000 - \SystemRoot\system32\DRIVERS\srv.sys
B2568000 - \SystemRoot\system32\drivers\nimxpk.dll
B18F6000 - \SystemRoot\system32\drivers\niorbk.dll
B18B6000 - \SystemRoot\system32\drivers\usb6xxxk.dll
B14F5000 - \SystemRoot\system32\drivers\nidimk.dll
B149E000 - \SystemRoot\system32\drivers\nimdbgk.dll
B148D000 - \SystemRoot\system32\drivers\nimstsk.dll
B1453000 - \SystemRoot\system32\drivers\nimxdfk.dll
B141C000 - \SystemRoot\system32\drivers\nipxirmk.dll
B1397000 - \SystemRoot\system32\drivers\nidmxfk.dll
B137E000 - \SystemRoot\system32\drivers\nifslk.dll
B133D000 - \SystemRoot\system32\drivers\nimru2k.dll
B12F7000 - \SystemRoot\system32\drivers\nimsdrk.dll
B12C9000 - \SystemRoot\system32\drivers\nicdrk.dll
B126A000 - \SystemRoot\system32\drivers\niemrk.dll
B11E9000 - \SystemRoot\system32\drivers\niscdk.dll
B1182000 - \SystemRoot\system32\drivers\nisdigk.dll
B1066000 - \SystemRoot\system32\drivers\niswdk.dll
B0FA1000 - \SystemRoot\system32\drivers\nitiork.dll
B0DF0000 - \SystemRoot\system32\drivers\nixsrk.dll
AFE64000 - \SystemRoot\system32\drivers\kmixer.sys
BAEFA000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 154

Liste des programmes installes

@BIOS B06.1124.01
3DMark03
Acronis Disk Director Suite
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Photoshop 6.0
Adobe SVG Viewer
AllChars for Windows 3.6
Ant Movie Catalog
Application Suite
Araxis Merge 2001 Professional
ASF-AVI-RM-WMV Repair 1.82
ASUS nVidia Driver
Audacity 1.2.4
Avira AntiVir PersonalEdition Classic
BitComet 0.70
BlupiMania-2
CamStudio
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon CanoScan Toolbox 4.9
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CartaGoGo v2.0.8
Catalog Wizard 2.0
CCleaner (remove only)
CDVista 1.46a
Chessmaster 10ème Edition
Chessmaster 10ème Edition
Cobian Backup 8
CodeStuff Starter
DriverMax 1.2
DropMyRights
DVD Data Rescue 2.1
DVD Identifier
DVD Region-Free 3.10
DVD Shrink 3.1.4
DVD43 v3.7.0
DynDNS Updater 3.0
EA SPORTS online 2007
EasyCleaner
EasyPHP 1.8
eMule
Enigma
EULAlyzer v1.2
EVEREST Home Edition v2.20
FaceGen Modeller 3.1
FileZilla (remove only)
Foxit Reader
GermaniX Transcoder LX v4.0
GeTax2005
GeTax2006
GiPo@MoveOnBoot 1.9.5
Google Earth
Google Video Player
GrapiNet 0.1.0.4
Hauppauge French Help Files and Resources
Hauppauge WinTV-PVR 150 Drivers
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV2000
HexEdit
High Definition Audio Driver Package - KB835221
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HM NIS Edit 2.0.3
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB934428)
Hotfix for Windows XP (KB935448)
Hugin 0.6.1
IconArt
ImageCollection
InterVideo FilterSDK for Hauppauge
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.5.3 Full
KeePass Password Safe 1.07
Kyodai
Larousse Chambers Advanced Dictionary
Larry's Any Text File Indexer
Logitech Desktop Messenger
Logitech Harmony Remote Client
Logitech Harmony Remote Client
Macromedia Dreamweaver 8
Macromedia Extension Manager
Magic Button
Maxtor Quick Start
Maxtor Quick Start
MediaCoder 0.5.0
Microsoft .NET Compact Framework 1.0 SP3
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Virtual PC 2004
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
Mozilla Firefox (2.0.0.9)
MSDN Library for Visual Studio 2005
MSDN Library for Visual Studio 2005
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Myst V End Of Ages
nanoPEG-Editor 2.3 Hauppauge Edition
National Instruments : logiciels
Nero 6 Ultra Edition
NI-653x Support 1.3.0
NI-APAL Error Files 1.1.0f1
NI-DAQ C and VB6 API
NI-DAQ CVI API
NI-DAQ Document Set
NI-DAQ INF Files
NI-DAQmx - LabVIEW shared documentation
NI-DAQmx 8.3
NI-DAQmx Documentation
NI-DAQmx DSA Support 1.7.0
NI-DAQmx MAX Support 1.6.0
NI-DAQmx OPC Support
NI-DAQmx Switch Core 1.9.0
NI-DIM 1.5.0f0
NI-MDBG 1.5.0f0
NI-MRU 2.6.0f0
NI-MXDF 1.6.0f0
NI-ORB 1.5.0f0
NI-PAL 1.12.0f0
NI-RPC 3.3.0f0
NI-RPC 3.3.0f0 for Phar Lap ETS
NI Assistant Framework
NI Assistant Framework LabVIEW Code Generator 6.1
NI Assistant Framework LabVIEW Code Generator 7.0
NI Assistant Framework LabVIEW Code Generator 7.1
NI Assistant Framework LabVIEW Code Generator 8.0
NI Assistant Framework LabVIEW Code Generator 8.2
NI Calibration Provider for MAX
NI Common Digital 1.2.0
NI CVI Instrument Driver Wizard Templates 8.1
NI DAQ Assistant 1.5.2
NI DataSocket 4.4.0
NI EULA Depot
NI Example Finder 8.2
NI Fusion Standard Library
NI LabVIEW Broker
NI LabVIEW Real-Time Error Dialog
NI LabVIEW Run-Time Engine 7.1.1
NI LabVIEW Run-Time Engine 8.0.1
NI LabVIEW Run-Time Engine 8.2
NI LabWindows/CVI 8.1 FDS Package
NI LabWindows/CVI 8.1 Full Development System Files
NI LabWindows/CVI 8.1 Help Files
NI LabWindows/CVI 8.1 Program Files
NI LabWindows/CVI 8.1 Run-Time Engine
NI LabWindows/CVI Advanced Analysis Libraries 8.1
NI LabWindows/CVI Code Generator
NI LabWindows/CVI FDS Sample Files 8.1
NI LabWindows/CVI Sample Files 8.1
NI LabWindows/CVI VS2005 AddIn
NI Legacy DAQmxRF
NI License Manager
NI Logos 4.7
NI LVBrokerAux1071
NI LVBrokerAux71
NI LVBrokerAux8.0
NI Math Kernel Libraries
NI MAX CVI Support
NI MDF Support
NI Measurement & Automation Explorer 4.1
NI Measurement Studio Recipe Processor
NI Measurements eXtensions for PAL 1.3.0
NI MIO Device Drivers 1.10.0
NI MXS
NI OPC Support
NI Portable Configuration
NI PXI Platform Services for Windows 2.1.0
NI PXI Platform Services Provider for MAX 2.1.0
NI Registration Wizard
NI Remote Provider for MAX
NI Remote PXI Provider for MAX
NI SCXI 1.7.0
NI Service Locator
NI Software Provider for MAX
NI STC 1.2.0
NI TDMS
NI Timing 1.8.0
NI Uninstaller
NI USI 1.4.0
NI Variable Engine
NI Variable Manager
NI Web Pipeline
NoniGPSPlot
Notepad++
Nullsoft Install System
NVIDIA Drivers
Oak Systems Sudoku
Opera 9.0
Paint Shop Pro 7 ESD
PDFCreator
PhotoFilter 1.0
Picasa 2
PicSizer
PlexTools Professional V2.26
Pocket Informant Calendar Rev 2
Pocket WakeUp
PowerDVD
PowerISO
QuickTime Alternative 1.67
RapidLetters v3.0.2
Razer Habu Config
Real Alternative 1.48
Realtek High Definition Audio Driver
Recover Files 2.1
Remote Display Control
Resco Picture Viewer
Second Copy 97
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Simple Sudoku 4.2
SiteAdvisor for Internet Explorer
Skype 3.0
Skype Plugin Manager
Skype™ for Pocket PC 2.2
SmartClose 1.1
Solito
Spb Full Screen Keyboard
Spb Mobile Shell
Spybot - Search & Destroy 1.4
Sqirlz Morph
Standard SDK for Windows CE 5.0
StartupMonitor
SyncToy
SysExporter
TCPMP
Tiger Woods PGA TOUR 07
Tomb Raider: Legend 1.0
TomTom HOME
TubeMaster
TZ Connection Booster 2.6
UBSPay 5.0.004 (build 1, OFX)
UBSPay PayNet Extension 1.0.005 (b1)
UnderCoverXP 1.14
Uninstall Tool
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VTPlus32 pour WinTV (French)
WebFldrs XP
WebmailSync 1.02
Winamp (remove only)
WinAVI Video Converter
Windows Communication Foundation
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Safety Scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinFF v0.2
WinRAR archiver
WinUAE 1.2.0
WinUpdatesList
WinZip
X264 H.264/AVC Video Codec (Sharktooth's build) (remove only)
XML Paper Specification Shared Components Pack 1.0
Zattoo 2.2.8 beta
Zoom Player (remove only)
Zune Desktop Theme



Volume in drive C is System
Volume Serial Number is 80FD-EBC5

Directory of C:\Program Files

17.11.2007 20:09 <DIR> .
17.11.2007 20:09 <DIR> ..
24.11.2005 18:07 <DIR> Acronis
20.05.2006 16:56 <DIR> Adobe
22.01.2006 09:32 <DIR> AdvancedBitrateCalculator
21.10.2006 17:24 <DIR> Ahead
22.02.2007 18:58 <DIR> AllChars
02.09.2006 18:21 <DIR> Alwil Software
06.08.2006 09:27 <DIR> Ant Movie Catalog
22.11.2005 19:17 <DIR> Araxis
28.12.2005 09:36 <DIR> ASF-AVI-RM-WMV Repair
15.09.2007 12:07 <DIR> Ashampoo
13.08.2006 10:44 <DIR> Audacity
12.11.2007 12:52 <DIR> Avira
04.08.2006 17:46 <DIR> AxiomX
03.10.2007 21:48 <DIR> BitComet
22.06.2006 08:55 <DIR> Bluewin
21.10.2006 18:26 <DIR> BlupiMania-2
12.10.2006 17:34 <DIR> BlupiMania2old
30.12.2006 12:09 <DIR> CamStudio
06.05.2007 10:13 <DIR> Canon
25.11.2005 19:19 <DIR> Cardfile
05.08.2006 09:13 <DIR> CartaGoGo
18.12.2005 00:15 <DIR> Catalog Wizard 2.0
12.11.2007 18:01 <DIR> CCleaner
20.02.2007 18:03 <DIR> CDex
08.04.2007 06:28 <DIR> CDex_150
08.11.2007 19:01 <DIR> CDVista 1.46a
23.11.2005 19:30 <DIR> CE Remote Tools
28.02.2007 06:28 <DIR> ClipTray
14.02.2007 23:27 <DIR> Cobian Backup 8
14.10.2006 15:27 <DIR> CodeStuff
06.05.2007 10:12 <DIR> Common Files
21.11.2005 17:19 <DIR> ComPlus Applications
11.11.2006 17:43 <DIR> ConWare
21.01.2006 20:04 <DIR> CyberLink
04.12.2006 18:12 <DIR> DAEMON Tools
28.02.2007 06:28 <DIR> DigiCat
28.02.2007 06:28 <DIR> Disclib
29.10.2006 11:10 <DIR> DVD Identifier
14.02.2007 23:27 <DIR> DVD Region-Free
10.03.2007 18:41 950'318 DVD Region-Free.zip
18.01.2006 20:10 <DIR> DVD Shrink
09.01.2006 18:34 <DIR> dvd43
28.12.2005 10:12 <DIR> dvddr
14.01.2006 18:27 <DIR> DynDNS Updater
14.01.2007 11:11 <DIR> EA SPORTS
04.12.2005 08:48 <DIR> Eac Mp3 ripper
12.11.2007 17:57 <DIR> EasyPHP1-8
18.01.2006 20:15 <DIR> Elaborate Bytes
21.02.2007 18:48 <DIR> Enigma
05.08.2006 18:33 <DIR> eRecall
10.02.2007 11:42 <DIR> EULAlyzer
13.03.2007 08:09 <DIR> FdW SoftWare
12.11.2007 17:57 <DIR> FileZilla
05.08.2006 17:52 <DIR> FilmUp
22.01.2006 09:59 <DIR> FlaskMpeg594
29.09.2007 09:12 <DIR> Foxit Software
21.04.2006 16:43 2'895'168 FoxitReader.exe
21.11.2005 19:24 <DIR> Futuremark
26.08.2007 11:29 <DIR> GermaniX Transcoder
05.06.2006 10:34 <DIR> GEtax
05.06.2006 10:34 <DIR> GEtax2002
05.06.2006 10:32 <DIR> GeTax2003
05.06.2006 10:32 <DIR> GeTax2004
05.06.2006 10:36 <DIR> GeTax2005
18.03.2007 11:25 <DIR> GeTax2006
06.01.2007 12:55 <DIR> GIGABYTE
22.06.2006 08:47 <DIR> GiPo@Utilities
01.09.2007 11:33 <DIR> Google
05.05.2006 09:25 <DIR> Gspot
23.03.2007 19:14 <DIR> HexEdit
14.11.2006 18:42 <DIR> HMSoft
23.11.2005 19:36 <DIR> HTML Help Workshop
13.11.2006 19:18 <DIR> hugin
04.11.2007 11:47 <DIR> ImageCollection
09.11.2006 18:43 <DIR> Innovative Solutions
21.11.2005 17:37 <DIR> Intel
10.10.2007 06:58 <DIR> Internet Explorer
30.11.2006 19:15 <DIR> ISO Creator
08.10.2007 21:53 <DIR> IVCsoft
23.11.2005 18:11 <DIR> Jasc Software Inc
26.07.2007 17:25 <DIR> Java
08.08.2007 17:30 <DIR> KeePass Password Safe
12.11.2007 18:54 <DIR> K-Lite Codec Pack
02.04.2006 16:48 <DIR> Kyodai
04.12.2005 09:20 <DIR> Lame
23.11.2005 18:22 <DIR> Larousse Multimédia
14.12.2005 17:50 <DIR> Larry's GDS Plugins
12.09.2006 17:20 <DIR> Lavalys
22.11.2005 19:48 <DIR> Lavasoft
28.01.2006 10:38 <DIR> Logitech
24.11.2005 07:39 <DIR> Macromedia
11.12.2006 18:40 <DIR> MarbleMadness
05.07.2007 17:02 <DIR> Maxtor
16.04.2006 09:56 <DIR> Media Player Classic
08.10.2007 17:49 <DIR> MediaCoder
17.11.2005 15:52 39'923 memtest86-3.2.iso.zip
05.08.2006 12:48 <DIR> Messenger
27.08.2006 07:45 <DIR> Microsoft
28.02.2007 18:45 <DIR> Microsoft .NET Compact Framework 1.0 SP3
15.11.2007 06:18 <DIR> Microsoft ActiveSync
26.07.2006 23:14 <DIR> Microsoft AntiSpyware
11.03.2006 12:45 <DIR> Microsoft Baseline Security Analyzer
23.11.2005 19:42 <DIR> Microsoft Device Emulator
26.11.2005 19:43 <DIR> microsoft frontpage
27.01.2007 09:51 <DIR> Microsoft Office
23.11.2005 19:45 <DIR> Microsoft SQL Server
23.11.2005 19:42 <DIR> Microsoft SQL Server 2005 Mobile Edition
14.10.2006 16:10 <DIR> Microsoft Virtual PC
07.03.2007 19:30 <DIR> Microsoft Visual Studio 8
23.11.2005 19:43 <DIR> Microsoft.NET
05.08.2006 08:59 <DIR> Mihov Link Checker
12.11.2007 18:46 <DIR> MKV
26.04.2003 09:35 130'048 moustique.exe
06.11.2006 19:11 <DIR> Movie Maker
18.11.2007 16:19 <DIR> Mozilla Firefox
02.07.2006 16:27 <DIR> Mp3DirectCut
04.12.2005 10:40 <DIR> MP3Gain
23.11.2005 19:37 <DIR> MSBuild
27.01.2007 10:05 <DIR> MSDN
21.11.2005 17:17 <DIR> MSN
21.11.2005 17:18 <DIR> MSN Gaming Zone
03.02.2007 10:33 <DIR> MSN Messenger
15.11.2006 08:09 <DIR> MSXML 4.0
15.08.2007 17:19 <DIR> MSXML 6.0
09.03.2007 18:29 <DIR> My Company Name
26.11.2005 14:50 <DIR> nanocosmos
30.04.2007 17:39 <DIR> National Instruments
21.11.2005 17:20 <DIR> NetMeeting
08.04.2007 16:57 <DIR> Notepad++
14.11.2006 19:03 <DIR> NSIS
21.12.2005 18:59 <DIR> Oak Systems
20.12.2005 18:24 <DIR> OGMuxer
21.11.2005 17:18 <DIR> Online Services
05.08.2006 10:24 <DIR> Opanda
01.01.2007 19:12 <DIR> Opera
13.06.2007 17:29 <DIR> Outlook Express
22.07.2006 12:15 <DIR> PackLoss
09.03.2007 19:18 <DIR> PDFCreator
04.11.2007 18:14 <DIR> Picasa2
21.09.2007 07:07 <DIR> PL folders
11.11.2007 19:14 <DIR> PLambert
16.01.2006 18:08 <DIR> Plextor
14.11.2006 18:51 <DIR> PLSoft
10.03.2007 11:23 <DIR> Pocket Informant Calendar
14.12.2006 23:24 <DIR> PowerISO
18.12.2005 11:23 <DIR> QuickTime Alternative
05.08.2006 09:12 <DIR> RapidLetters
28.12.2006 12:18 <DIR> Razer
05.08.2006 12:53 <DIR> Real Alternative
21.11.2005 18:26 <DIR> Realtek
03.11.2007 10:25 <DIR> Recover Files
04.03.2007 16:52 <DIR> Reference Assemblies
30.12.1997 15:11 837'632 RegClean.exe
14.10.2006 11:43 <DIR> RegSeeker
18.02.2007 12:04 <DIR> Remote Display Control
10.03.2007 11:45 <DIR> Resco
12.12.2006 18:36 <DIR> ResourceHacker
08.12.2006 18:40 <DIR> Restoration
03.12.2006 12:08 <DIR> RogueRemover
31.07.2006 18:12 <DIR> Screamer Radio
23.11.2005 18:16 <DIR> Second Copy 97
06.07.2006 17:45 <DIR> ShellExView
18.07.2006 17:21 <DIR> Simple Sudoku
31.12.2006 09:46 <DIR> Singular Inversions
14.02.2007 23:39 <DIR> SiteAdvisor
10.03.2007 11:57 <DIR> SKTools
18.12.2006 19:19 <DIR> Skype
19.12.2006 18:35 <DIR> SmartClose
24.02.2007 12:02 <DIR> SmartRipper
22.02.2007 18:53 <DIR> SNP Software
12.11.2007 18:21 <DIR> software4u
12.11.2007 18:15 <DIR> Spybot - Search & Destroy
11.08.2006 17:39 <DIR> Sqirlz Morph
17.11.2005 16:01 381'099 stabilitytest.exe
03.02.2006 18:12 <DIR> StabilityTests
05.08.2006 08:52 <DIR> Swf2Avi
21.10.2006 09:00 <DIR> SysExporter
15.12.2006 19:06 <DIR> Tomb Raider - Legend
03.03.2007 20:17 <DIR> TomTom HOME
12.11.2007 17:43 <DIR> ToniArts
21.10.2006 10:26 <DIR> Tools
12.11.2007 18:43 <DIR> Trend Micro
07.10.2007 12:09 <DIR> TubeMaster
19.08.2006 10:07 <DIR> Turbo Torrent
13.08.2006 17:02 <DIR> TZ Connection Booster
06.12.2006 18:29 <DIR> Ubisoft
25.11.2005 18:59 <DIR> UBS e-banking
16.06.2007 17:44 <DIR> UnderCoverXP
21.12.2005 18:59 56'892 Undo P4_2005 20051221 185902.Reg
03.02.2006 18:39 42'861 Undo P4_2005 20060203 183913.Reg
10.06.2006 08:55 46'744 Undo P4_2005 20060610 095525.Reg
22.06.2006 08:56 44'990 Undo P4_2005 20060622 095653.Reg
12.11.2006 13:12 49'831 Undo P4_2005 20061112 131247.Reg
28.02.2007 06:23 53'580 Undo P4_2005 20070228 062347.Reg
13.08.2006 11:37 <DIR> Uninstall Tool
09.06.2007 15:38 <DIR> VDownloader
25.11.2006 09:24 <DIR> Virtual CD v8
18.12.2005 18:50 <DIR> VirtualDub
12.05.2007 18:04 <DIR> VirtualDub 1.6.17
20.12.2005 18:13 <DIR> VirtualDubMod
26.11.2005 14:49 <DIR> vtplus
25.01.2006 18:06 <DIR> WebmailSync
02.02.2006 08:15 <DIR> WebWeaver
14.02.2007 23:41 <DIR> WhoLockMe
28.05.2007 09:39 <DIR> Winamp
08.10.2007 18:00 <DIR> WinAVI Video Converter
19.04.2006 17:12 <DIR> windirstat
18.02.2007 11:23 <DIR> Windows CE Tools
14.02.2007 23:41 <DIR> Windows Defender
05.08.2006 09:11 <DIR> Windows Live Safety Center
26.08.2007 11:01 <DIR> Windows Media Connect 2
26.08.2007 11:25 <DIR> Windows Media Player
21.11.2005 17:18 <DIR> Windows NT
01.10.2006 12:14 <DIR> WinFF
14.02.2007 23:41 <DIR> WinRAR
14.02.2007 23:41 <DIR> WinTV
19.03.2006 12:09 <DIR> WinUAE
21.10.2006 09:27 <DIR> WinUpdatesList
14.02.2007 23:41 <DIR> WinZip
19.04.2004 11:08 2'372'760 winzip90.exe
29.12.2005 17:03 <DIR> x264
21.11.2005 17:22 <DIR> xerox
07.05.2007 17:31 <DIR> Zattoo
28.02.2007 06:32 <DIR> Zeb-Utility
18.11.2007 12:10 <DIR> Zoom Player
13 File(s) 7'901'846 bytes
214 Dir(s) 36'150'689'792 bytes free
Volume in drive C is System
Volume Serial Number is 80FD-EBC5

Directory of C:\Program Files\common files

06.05.2007 10:12 <DIR> .
06.05.2007 10:12 <DIR> ..
24.11.2005 18:07 <DIR> Acronis
20.05.2006 17:05 <DIR> Adobe
21.10.2006 17:24 <DIR> Ahead
06.05.2007 10:12 <DIR> Canon
14.10.2006 15:46 <DIR> Cloanto
23.11.2005 19:30 <DIR> Designer
02.07.2006 16:32 <DIR> Gibinsoft Shared
22.11.2005 19:17 <DIR> InstallShield
26.11.2005 14:44 <DIR> IviSDK
05.11.2006 09:53 <DIR> Java
24.11.2005 07:40 <DIR> Macromedia
30.04.2007 17:27 <DIR> Merge Modules
07.03.2007 19:32 <DIR> Microsoft Shared
06.06.2006 12:32 <DIR> Motive
21.11.2005 17:20 <DIR> MSSoap
22.11.2005 01:03 <DIR> ODBC
21.11.2005 17:20 <DIR> Services
18.12.2006 19:19 <DIR> Skype
22.11.2005 01:03 <DIR> SpeechEngines
13.06.2007 17:31 <DIR> System
0 File(s) 0 bytes
22 Dir(s) 36'150'689'792 bytes free
Volume in drive C is System
Volume Serial Number is 80FD-EBC5

Directory of C:\

12.11.2004 09:41 57'344 DropMyRights.exe
1 File(s) 57'344 bytes
0 Dir(s) 36'150'689'792 bytes free




c:\Documents and Settings\All Users\Documents\SymNRT.exe
c:\Documents and Settings\All Users\Documents\Backup HTC\Program Files\Navigator\TomTom Navigator.exe
c:\Documents and Settings\All Users\Documents\Backup HTC\Program Files\PL_Test\PL_Test.exe
c:\Documents and Settings\All Users\Documents\Backup HTC\Program Files\Pocket Translator\Pocket Translator.Exe
c:\Documents and Settings\All Users\Documents\Backup HTC\Program Files\Spb Mobile Shell\MenuLauncher.exe
c:\Documents and Settings\All Users\Documents\Backup HTC\Program Files\Spb Mobile Shell\MobileShell.exe
c:\Documents and Settings\All Users\Documents\Backup HTC\Program Files\SuspendKillerDemo\SuspendKillerDemo.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\OziExplorer\OziCEgps.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\OziExplorer\OziExplorerCE.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\batty-arm.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\BoxMan\BoxMan_ARM.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\DEXplor\DEXPlor.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\FullScreenKeyboard\Full Screen Keyboard Options.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\FullScreenKeyboard\Full Screen Keyboard.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\FullScreenKeyboard\SpbServices.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\Jeux\Hitofri.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\Jeux\Chess\Chess.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\Jeux\Pocket Blocks\PocketBL.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\Jeux\Tetris\Tetris.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\KeePassPPC\KeePassPPC.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\Lemmings\isitar.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\Metro\MetroARM300WIN32_PLATFORM_PSPC.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\OmegaOne\1-Calc\1-Calc.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\PDASudoku\PDASudoku.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\PHM Tools\regedit.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\Resco\RCapture.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\Resco\RPicView.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\Skype\Skype.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\Spb Brain Evolution\SpbBrainEvolution.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\Spb Brain Evolution\SpbBrainEvolution-.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\Spb Pocket PC Tips And Tricks\SpbPocketPCTipsAndTricks.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\TCPMP\player.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\WebIS\PocketInformant\PITab.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\WebIS\PocketInformant\PIUpgrade.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\WebIS\PocketInformant\PocketInformant.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Program Files\WiFiFoFum\WiFiFoFum.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\sys\bin\TTMOBILE.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Temp\OziInstallers\img2ozf_setup.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Temp\OziInstallers\oziexplorer_PC\Img2ozf.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Temp\OziInstallers\oziexplorer_PC\oziexp_setup.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Temp\OziInstallers\oziexplorer_PC\oziexplorer 3d 1.6 setup.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Temp\OziInstallers\oziexplorer_PC\ozimrsid_dll_setup.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Temp\OziInstallers\oziexplore_PocketPC\Europe2001_setup.exe
c:\Documents and Settings\All Users\Documents\Backup HTC SD\Temp\OziInstallers\oziexplore_PocketPC\pocketpc_setup.exe
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\InstallTomTomHOME.exe
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\Start.exe
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\2577\AutoRun.exe
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\2577\autorun.exe-run
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\CRACK\TomTom Navigator.exe
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\Program Files\Lemmings\isitar.exe
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\Program Files\Lode Runner\lodearm.exe
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\Program Files\Metro\MetroARM300WIN32_PLATFORM_PSPC.exe
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\Program Files\PDASudoku\PDASudoku.exe
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\Program Files\Skype\Skype.exe
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\Program Files\WiFiFoFum\WiFiFoFum.exe
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\sys\bin\TTMOBILE.exe
c:\Documents and Settings\All Users\Documents\Backup SD 2 gigas apres install Tomtom\Windows\Menu Démarrer\Programmes\cerdisp.exe
c:\Documents and Settings\All Users\Documents\COPY_TO_SD_CARD\InstallTomTomHOME.exe
c:\Documents and Settings\All Users\Documents\COPY_TO_SD_CARD\Start.exe
c:\Documents and Settings\All Users\Documents\COPY_TO_SD_CARD\2577\AutoRun.exe
c:\Documents and Settings\All Users\Documents\COPY_TO_SD_CARD\2577\autorun.exe-install
c:\Documents and Settings\All Users\Documents\COPY_TO_SD_CARD\2577\autorun.exe-run
c:\Documents and Settings\All Users\Documents\COPY_TO_SD_CARD\CRACK\TomTom Navigator.exe
c:\Documents and Settings\All Users\Documents\COPY_TO_SD_CARD\sys\bin\TTMOBILE.exe
c:\Documents and Settings\All Users\Documents\Installers\winamp535_full_emusic-7plus.exe

Suite plus bas, trop long pour le forum.

Et la fin :

c:\Documents and Settings\All Users\Documents\MP3\CDex\CDEX.EXE
c:\Documents and Settings\All Users\Documents\TR1\glidos_v1_32.exe
c:\Documents and Settings\All Users\Documents\TR1\tomb.exe
c:\Documents and Settings\All Users\Documents\TR1\tr1setup.exe
c:\Documents and Settings\All Users\Documents\TR1\vdmsound.2.1.0.exe
c:\Documents and Settings\All Users\Documents\TR1\xp_tr1_audio.exe
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\Installer\{2E48A9E4-C531-4B71-ADF1-F80403413914}\ARPPRODUCTICON.exe
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\Installer\{7326545B-05C8-4308-9697-EAA3F9552018}\_2d104bf3.exe
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\Installer\{7326545B-05C8-4308-9697-EAA3F9552018}\_2d1375f0.exe
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\Installer\{7326545B-05C8-4308-9697-EAA3F9552018}\_752c5676.exe
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\Installer\{9F185C48-595B-401A-A1D6-AAB324890DC4}\IconCBE855212.exe
c:\Documents and Settings\Lambert XP\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\Lambert XP\Desktop\CleanMessenger_2.7.0178.exe
c:\Documents and Settings\Lambert XP\Desktop\DomDomMap.exe
c:\Documents and Settings\Lambert XP\Desktop\EliBaglA.exe
c:\Documents and Settings\Lambert XP\Local Settings\Application Data\GermaniXSoft\gxlx.net.exe_Url_koaszkcvld3wnvawsf2hujiw1s11xsrw
c:\Documents and Settings\Lambert XP\Local Settings\Application Data\ZattooPlayer\Zattoo.exe_Url_etf1nqicddddcw0blsmfs21ivky4gi2r
c:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\4VVZQSLT\winamp524_lite[1].exe
c:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\67Z0J2CM\eMule0.47b-Installer[1].exe
c:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\8JQXDUEY\picasaweb-setup-3732[1].exe
c:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\DO0JPP4X\setupeng[1].exe
c:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\EKEFJNJT\picasaweb-setup-3660[1].exe
c:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\FFFKIBJC\CAMV4FB8.exe%3Fuse_mirror%3Dswitch&cc=100&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=32&u_tz=120&u_his=1&u_java=true
c:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\J9RTEN4Q\picasaweb-setup-3729[1].exe
c:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\JND73TCS\CARYSVJ5.exe%3Fuse_mirror%3Dswitch&cc=100&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=32&u_tz=120&u_his=1&u_java=true
c:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\JND73TCS\nsis-2.21-setup[1].exe
c:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\JND73TCS\picasa2-setup-3597[1].exe
c:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\KS0JEUMW\picasaweb-setup-3727[1].exe
c:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\YTIOJO1P\picasaweb-setup-3736[1].exe
c:\Documents and Settings\Lambert XP\My Documents\WebmailSync.exe
c:\Documents and Settings\Lambert XP\My Documents\winamp51_lite.exe
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\MSEnvShared\Addins\CviVS2005AddIn.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{D961DB02-FFCE-402E-9E12-6318C42B80D2}\mpengine.dll
c:\Documents and Settings\Lambert XP\Application Data\Macromedia\Dreamweaver 8\Configuration\Flash Player\FlashPlayerW.dll
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\Lambert XP\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
c:\Documents and Settings\Lambert XP\Application Data\Mozilla\Firefox\Profiles\zhcctx8f.default\extensions\isadmin@vdtsoftware.ffext\components\isadmin.dll
c:\Documents and Settings\Lambert XP\Application Data\Mozilla\Firefox\Profiles\zhcctx8f.default\extensions\{1650a312-02bc-40ee-977e-83f158701739}\components\FFHook.dll
c:\Documents and Settings\Lambert XP\Application Data\Mozilla\Firefox\Profiles\zhcctx8f.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
c:\Documents and Settings\Lambert XP\Application Data\Mozilla\Firefox\Profiles\zhcctx8f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_P4_2005.tar.gz a l'adresse http://upload.malekal.com

Jene vois plus de traces de Bagle là dedans, et il shoote les antivirus, et dans ton log HJT, les processus sont bien là. Par contre je vois du p2p, des résidus de Daemon Tools et quelques cracks... tu as certainement attrapé tes saletés par là.

J'aimerais que tu m'envoies ce fichier, zippé. Aucune référence, et soit c'est du codec AAC (très probable), soit c'est une saleté.
C:\windows\System32\Drivers\aacldfzw.SYS

Je vois qu'Antivir est là, mets-le à jour et demande un scan complet du disque dur. Si il trouve des choses, fais mettre en quarantaine automatiquement.

Il fera un rapport, qu'il me faudra.

Je ne trouve pas ce fichier ...
C:\windows\System32\Drivers\aacldfzw.SYS

J'ai demandé à Antivir de se mettre à jour, il dit que c'est bon
alors je lance un "Scan system now" il va en avoir pour des heures ...
C: 279GB F: 232GB ....

C'est étrange .. vers 19h20, j'avais EMule qui tournait, ainsi que WinAmp, et maintenant, 23h10 les deux ne sont plus là ....

Antivir tourne, et lorsque j'ouvre "Quarantine", il y a 16 choses ..
13 datent du 12 , quand j'ai installé Antivir et lancé un full scan,
puis le 14 TR/Crypt.ULPM.Gen,
le 16 W95/Blumblebee.1738 et CC/00233

et juste maintenant, pendant le scan
il a stoppé, me demandant de mettre en quarantaine un truc j'ai dit ok, et je vois dans la liste "Detection"
"Contains detection pattern of the HTML script virus HTML/Inf"

Dans Scan/Action for concerned file, j'ai mis sur "Automatic"
+ Copy file to quarantine before action
Primary action repair
Secondary action delete

maintenant dodo, on verra la suite demain !

Ok, il faut dormir de temps en temps (moi aussi). On continue demain.

Et voila le travail !
Il en a trouvé, et les a mis en quarantaine.

Code: Tout sélectionner


AntiVir PersonalEdition Classic
Report file date: dimanche, 18. novembre 2007  23:02

Scanning for 933576 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         SYSTEM
Computer name:    P4_2005

Version information:
BUILD.DAT    : 270           15603 Bytes   9/19/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes   8/23/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes   8/16/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes   8/14/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes   8/21/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes   7/18/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0     1640448 Bytes   9/13/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198   1206272 Bytes  11/11/2007 16:21:44
ANTIVIR3.VDF : 7.0.0.227    112128 Bytes  11/18/2007 17:16:08
AVEWIN32.DLL : 7.6.0.34    3125760 Bytes  11/12/2007 16:21:46
AVWINLL.DLL  : 1.0.0.7       14376 Bytes   2/26/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes   7/18/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes   4/16/2007 13:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes    8/3/2007 08:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes   7/18/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes   8/28/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes   7/18/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes    3/8/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes    8/7/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes   8/21/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes   7/23/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 22
Smart extensions.................: on
Deviating archive types..........: +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche, 18. novembre 2007  23:02

Starting search for hidden objects.
'78239' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'AllChars.exe' - '1' Module(s) have been scanned
Scan process 'Ubsshell.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'msssort.exe' - '1' Module(s) have been scanned
Scan process 'MaxMenuMgr.exe' - '1' Module(s) have been scanned
Scan process 'MaxBackService.exe' - '1' Module(s) have been scanned
Scan process 'cbInterface.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'razerofa.exe' - '1' Module(s) have been scanned
Scan process 'razertra.exe' - '1' Module(s) have been scanned
Scan process 'StartupMonitor.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'razerhid.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'cbService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [NOTE]      No virus was found!
Master boot sector HD1
      [NOTE]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'F:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '29' files ).


Starting the file scan:

Begin scan in 'C:\' <System>
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\Lambert XP\Local Settings\Temporary Internet Files\Content.IE5\VLJCT05B\368327114[1].htm
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
      [INFO]      The file was moved to '4778baba.qua'!
C:\eMule\Incoming2\Pocket\Pocket Pc Best Software 2005 Ripclaws (Resco,Spb, Omega) Serials.rar
  [0] Archive type: RAR
  --> Ppc Sbsh Ilauncher v2.0.06 Sharefree\KeyGen.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
      [INFO]      The file was moved to '47a3bea9.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
      [WARNING]   The file could not be opened!
Begin scan in 'F:\' <250>
F:\System Volume Information\_restore{1CBF0868-5192-4684-AD1E-D74257D125C3}\RP841\A0118341.exe
      [DETECTION] Contains detection pattern of the dropper DR/HideWindows.879167
      [INFO]      The file was moved to '4772226d.qua'!
F:\System Volume Information\_restore{1CBF0868-5192-4684-AD1E-D74257D125C3}\RP841\A0118342.exe
      [DETECTION] Contains detection pattern of a probably damaged sample CC/00233
      [INFO]      The file was moved to '47722270.qua'!


End of the scan: lundi, 19. novembre 2007  06:45
Used time:  7:43:48 min

The scan has been done completely.

  24316 Scanning directories
 846046 Files were scanned
      3 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      4 files were moved to quarantine
      0 files were renamed
      3 Files cannot be scanned
 846043 Files not concerned
   4484 Archives were scanned
      3 Warnings
     39 Notes
  78239 Objects were scanned with rootkit scan
      0 Hidden objects were found



Ok, impec.

Ce qui a été trouvé : des cracks/serials infectés sans doute via une page web douteuse, et des restes. Stpd.sys (accès refusé) appartient sauf erreur à Deamon tools, ce n'est pas un virus.

Sauf symptômes anormaux (popups non sollicitées, changement de page d'accueil, du bureau, énormes ralentissements, pub, messages de sécurité etc...) ta machine est maintenant clean.

Voici en attendant un peu de lecture, sur les cracks et le p2p entre autres choses, avec des conseils :
http://www.libellules.ch/phpBB2/prevention-comment-eviter-bien-des-infections-t24540.html

Salut Falkra

J'ai supprimé le repertoire avec les serials, d'habitude, je suis prudent avec ces choses, et ne les executent que depuis un Virtual PC, sauf la derniere fois ..

Merci pour ton aide !

Ca, les cracks, c'est presque toujours garni de petits copains malwares qui en appellent d'autres...

As-tu encore des symptômes anormaux ? Des réactions d'antivirus ?

Plus rien d'anormal, pour l'instant, il faut dire que mon PC tourne beaucoup moins que le week-end . Si il se passe du nouveau, je reviendrai le dire ici !