Problème de virus Pire Que Pire (WINANTIVIRUS) etc.

Bonsoir

1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

AVG Anti-Spyware
http://www.ewido.net/en/download/
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente

2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

3 Lance le nettoyage avec CCleaner.

4 Lance Lance AVG Anti-Spyware.
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

5 Redémarre normalement et poste le rapport d'AVG Anti-Spyware avec un log HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 18:29:24 2006-10-07

+ Résultat de l'analyse:



C:\System Volume Information\_restore{5E5CD827-C7BD-465D-9B90-F1493D46BA3B}\RP1\A0000134.exe -> Adware.Gator : Aucune action entreprise.
C:\System Volume Information\_restore{5E5CD827-C7BD-465D-9B90-F1493D46BA3B}\RP1\A0000230.exe -> Adware.Gator : Aucune action entreprise.
C:\System Volume Information\_restore{5E5CD827-C7BD-465D-9B90-F1493D46BA3B}\RP1\A0000233.exe -> Adware.Gator : Aucune action entreprise.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Aucune action entreprise.
C:\System Volume Information\_restore{5E5CD827-C7BD-465D-9B90-F1493D46BA3B}\RP14\A0012071.exe -> Dropper.Small : Aucune action entreprise.
C:\WINDOWS\system32\nmypljro.dll -> Trojan.BHO.g : Aucune action entreprise.


Fin du rapport



voici le second rapport merci de m'aider

Bonjour

HijackThis n'est pas complet.

1. Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/combofix.exe

2. Double clique combofix.exe et suis les invites.

3. Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.

Re

On continue.

Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.

1 Télécharge Killbox
http://www.downloads.subratam.org/KillBox.zip
Place le programme dans le répertoire qui te plaît.

2 Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown" ); clique OK

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

3 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.

3 Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gpmhkjh.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\gpmhkjh.dll,ebodcwc
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

4 Lance Pocket Killbox
--- choisis l'option Delete on Reboot
--- copie le chemin complet du fichier dans la boîte "Full Path of File to Delete" :

C:\WINDOWS\System32\gpmhkjh.dll

--- coche "Unregister .dll Before Deleting".
--- clique sur la croix blanche sur fond rouge (Delete File) :

- "File will be Removed on Reboot, Do you want to reboot now?", réponds OUI si tu es prêt à procéder

Si Pocket KillBox ne fait pas redémarrer le PC, redémarre le toi même.

5 Redémarre normalement et poste un nouveau log HijackThis avec le rapport situé dans C:\vundofix.txt .

si sa peux t'aider une fenetre m'apparait en plus des virus disant winantivirus et des trucs comme cela.

j'ai esseyer mais au redémarrage ca ouvre blocnote mais ca dit que le fichier est introuvable
j'ai reesseyer et ca dit la meme chose . que faire?

Logfile of HijackThis v1.99.1
Scan saved at 17:52:40, on 2006-10-08
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\N\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB15E98A-D1D5-4477-A99D-0138DC65B753}: NameServer = 206.123.6.11 206.123.6.10
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


tien merci encore

oui, il m'apparait encore des virus et des pages du genre winantivirus et tout.

chercher v1.0.1 par Malekal_morte
http://www.malekal.com


C:\WINDOWS\System32\aybeg.ini -->2006-10-08 18:14:40
C:\WINDOWS\System32\vsconfig.xml -->2006-10-08 15:43:20
C:\WINDOWS\System32\nvapps.xml -->2006-10-08 15:43:14
C:\WINDOWS\System32\mbjvsqbu.txt -->2006-10-08 15:41:48
C:\WINDOWS\System32\pqyrltfo.txt -->2006-10-08 15:37:22
C:\WINDOWS\System32\babeeb5_g.dll -->2006-10-08 15:27:24
C:\WINDOWS\System32\cbaaeba8_g.ocx -->2006-10-08 15:27:24
C:\WINDOWS\System32\TrueSoft.dat -->2006-10-08 15:00:42
C:\WINDOWS\System32\aybeg.bak1 -->2006-10-08 13:07:06
C:\WINDOWS\System32\gebya.dll -->2006-10-08 13:07:02
C:\WINDOWS\System32\ikhcore.log -->2006-10-08 12:52:50
C:\WINDOWS\System32\FNTCACHE.DAT -->2006-10-08 11:59:12
C:\WINDOWS\System32\hernoen.dll -->2006-10-07 18:32:54
C:\WINDOWS\System32\pmnljjg.dll -->2006-10-07 18:32:48
C:\WINDOWS\System32\mcrh.tmp -->2006-10-06 22:07:34
C:\WINDOWS\System32\opnkhii.dll -->2006-10-06 21:57:24
C:\WINDOWS\System32\wintmh32.dll -->2006-10-06 21:57:24
C:\WINDOWS\System32\itunesff.exe -->2006-10-06 18:21:26
C:\WINDOWS\System32\jupdate-1.5.0_08-b03.log -->2006-10-03 19:34:52
C:\WINDOWS\System32\msvcp71.dll -->2006-10-03 19:07:26
C:\WINDOWS\System32\msvcr71.dll -->2006-10-03 19:07:26
C:\WINDOWS\System32\zllictbl.dat -->2006-10-03 18:59:12
C:\WINDOWS\System32\amcompat.tlb -->2006-10-03 18:36:14
C:\WINDOWS\System32\nscompat.tlb -->2006-10-03 18:36:14
C:\WINDOWS\System32\PerfStringBackup.INI -->2006-10-03 16:32:34

C:\WINDOWS\win.ini -->2006-10-08 17:06:30
C:\WINDOWS\system.ini -->2006-10-08 17:06:30
C:\WINDOWS\Windows Update.log -->2006-10-08 15:43:50
C:\WINDOWS\setupapi.log -->2006-10-08 15:43:36
C:\WINDOWS\0.log -->2006-10-08 15:43:18
C:\WINDOWS\bootstat.dat -->2006-10-08 15:42:52
C:\WINDOWS\SchedLgU.Txt -->2006-10-08 15:41:58
C:\WINDOWS\ModemLog_HSP56 MR.txt -->2006-10-08 15:00:48
C:\WINDOWS\switchagreement.txt -->2006-10-08 14:57:14
C:\WINDOWS\KB842252.log -->2006-10-08 14:57:12
C:\WINDOWS\ntbtlog.txt -->2006-10-08 13:00:22
C:\WINDOWS\Sti_Trace.log -->2006-10-07 18:31:00
C:\WINDOWS\tsc.ini -->2006-10-07 09:41:10
C:\WINDOWS\vsapi32.dll -->2006-10-07 09:14:28
C:\WINDOWS\BPMNT.dll -->2006-10-07 09:14:28

C:\WINDOWS\internt.exe |08/10/2006 14:57:11
C:\WINDOWS\SIS_LIB.DLL |29/04/2004 12:14:47
C:\WINDOWS\AuHCcup1.dll |23/07/1999 10:53:20
C:\WINDOWS\hcextoutput.dll |19/10/2005 14:28:14
C:\WINDOWS\patchw32.dll |14/12/2001 13:34:46
C:\WINDOWS\system32\append.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\debug.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\dosx.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34
C:\WINDOWS\system32\itunesff.exe |08/10/2006 14:57:13
C:\WINDOWS\system32\edlin.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\exe2bin.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\fastopen.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\mem.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\mscdexnt.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\nlsfunc.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\nw16.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\redir.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\setver.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\share.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\vwipxspx.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\pctspk.exe |09/07/2002 22:49:18
C:\WINDOWS\system32\keystone.exe |11/08/2006 21:43:00
C:\WINDOWS\system32\nvappbar.exe |11/08/2006 21:43:00
C:\WINDOWS\system32\nvdspsch.exe |11/08/2006 21:43:00
C:\WINDOWS\system32\nwiz.exe |11/08/2006 21:43:00
C:\WINDOWS\system32\compatUI.dll |28/08/2001 12:00:00
C:\WINDOWS\system32\gebya.dll |08/10/2006 13:06:55
C:\WINDOWS\system32\pmnljjg.dll |07/10/2006 18:32:47
C:\WINDOWS\system32\ir32_32.dll |28/08/2001 12:00:00
C:\WINDOWS\system32\hernoen.dll |07/10/2006 18:32:52
C:\WINDOWS\system32\msencode.dll |28/08/2001 12:00:00
C:\WINDOWS\system32\babeeb5_g.dll |08/10/2006 15:27:22
C:\WINDOWS\system32\scriptpw.dll |28/08/2001 12:00:00
C:\WINDOWS\system32\tsd32.dll |28/08/2001 12:00:00
C:\WINDOWS\system32\win87em.dll |28/08/2001 12:00:00
C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16
C:\WINDOWS\system32\IDEproperty.dll |29/04/2004 12:18:15
C:\WINDOWS\system32\RNBOVDD.DLL |02/05/2004 09:12:33
C:\WINDOWS\system32\SNTI386.DLL |02/05/2004 09:12:33
C:\WINDOWS\system32\acdbres.dll |12/05/2004 07:07:58
C:\WINDOWS\system32\nvhwvid.dll |11/08/2006 21:45:20
C:\WINDOWS\system32\nvapi.dll |11/08/2006 21:43:10
C:\WINDOWS\system32\nview.dll |11/08/2006 21:43:00
C:\WINDOWS\system32\nvshell.dll |11/08/2006 21:43:00
C:\WINDOWS\system32\nvnt4cpl.dll |11/08/2006 21:43:00
C:\WINDOWS\system32\nvwdmcpl.dll |11/08/2006 21:43:00
C:\WINDOWS\system32\nvwimg.dll |11/08/2006 21:43:00
C:\WINDOWS\system32\libeay32_0.9.6l.dll |03/10/2006 18:57:51
C:\WINDOWS\system32\amstream.dll |06/10/2006 19:02:02
C:\WINDOWS\system32\mciqtz32.dll |06/10/2006 19:02:02
C:\WINDOWS\system32\msdmo.dll |06/10/2006 19:02:02
C:\WINDOWS\system32\qedwipes.dll |06/10/2006 19:02:02
C:\WINDOWS\system32\psisdecd.dll |06/10/2006 19:02:03
C:\WINDOWS\system32\wintmh32.dll |06/10/2006 21:57:22
C:\WINDOWS\system32\opnkhii.dll |06/10/2006 21:57:23
C:\WINDOWS\SIS_LIB.DLL |29/04/2004 12:14:47
C:\WINDOWS\AuHCcup1.dll |23/07/1999 10:53:20
C:\WINDOWS\hcextoutput.dll |19/10/2005 14:28:14
C:\WINDOWS\patchw32.dll |14/12/2001 13:34:46
C:\WINDOWS\system32\append.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\debug.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\dosx.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\edlin.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\exe2bin.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\fastopen.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\mem.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\mscdexnt.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\nlsfunc.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\nw16.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\redir.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\setver.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\share.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\vwipxspx.exe |28/08/2001 12:00:00
C:\WINDOWS\system32\keystone.exe |11/08/2006 21:43:00
C:\WINDOWS\system32\nvappbar.exe |11/08/2006 21:43:00
C:\WINDOWS\system32\nvdspsch.exe |11/08/2006 21:43:00
C:\WINDOWS\system32\nwiz.exe |11/08/2006 21:43:00
C:\WINDOWS\system32\gebya.dll |08/10/2006 13:06:55
C:\WINDOWS\system32\pmnljjg.dll |07/10/2006 18:32:47
C:\WINDOWS\system32\ir32_32.dll |28/08/2001 12:00:00
C:\WINDOWS\system32\hernoen.dll |07/10/2006 18:32:52
C:\WINDOWS\system32\msencode.dll |28/08/2001 12:00:00
C:\WINDOWS\system32\babeeb5_g.dll |08/10/2006 15:27:22
C:\WINDOWS\system32\tsd32.dll |28/08/2001 12:00:00
C:\WINDOWS\system32\win87em.dll |28/08/2001 12:00:00
C:\WINDOWS\system32\RNBOVDD.DLL |02/05/2004 09:12:33
C:\WINDOWS\system32\SNTI386.DLL |02/05/2004 09:12:33
C:\WINDOWS\system32\acdbres.dll |12/05/2004 07:07:58
C:\WINDOWS\system32\nvhwvid.dll |11/08/2006 21:45:20
C:\WINDOWS\system32\nvapi.dll |11/08/2006 21:43:10
C:\WINDOWS\system32\nview.dll |11/08/2006 21:43:00
C:\WINDOWS\system32\nvshell.dll |11/08/2006 21:43:00
C:\WINDOWS\system32\nvnt4cpl.dll |11/08/2006 21:43:00
C:\WINDOWS\system32\nvwdmcpl.dll |11/08/2006 21:43:00
C:\WINDOWS\system32\nvwimg.dll |11/08/2006 21:43:00
C:\WINDOWS\system32\libeay32_0.9.6l.dll |03/10/2006 18:57:51
C:\WINDOWS\system32\amstream.dll |06/10/2006 19:02:02
C:\WINDOWS\system32\mciqtz32.dll |06/10/2006 19:02:02
C:\WINDOWS\system32\msdmo.dll |06/10/2006 19:02:02
C:\WINDOWS\system32\qedwipes.dll |06/10/2006 19:02:02
C:\WINDOWS\system32\psisdecd.dll |06/10/2006 19:02:03
C:\WINDOWS\system32\wintmh32.dll |06/10/2006 21:57:22
C:\WINDOWS\system32\opnkhii.dll |06/10/2006 21:57:23

Le volume dans le lecteur C s'appelle XP_PRO
Le numéro de série du volume est 2B61-42AC

Répertoire de C:\WINDOWS\system32

2001-08-28 12:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 28 688 515 072 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle XP_PRO
Le numéro de série du volume est 2B61-42AC

Répertoire de C:\WINDOWS\Downloaded Program Files

2004-04-29 12:00 <REP> .
2004-04-29 12:00 <REP> ..
2004-04-29 12:00 65 desktop.ini
2001-02-28 15:21 303 104 idrop.ocx
2006-06-22 11:41 5 032 swflash.inf
2005-11-02 18:07 435 712 xscan53.ocx
2005-11-02 18:01 1 777 xscan.inf
5 fichier(s) 745 690 octets

Total des fichiers listés :
5 fichier(s) 745 690 octets
2 Rép(s) 28 688 515 072 octets libres


Recherche de rootkit (merci S!Ri !)



Liste des programmes installes

Active Disk
Adobe Acrobat 5.0
Adobe Audition 2.0
Adobe Audition 2.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 2.0
AnswerWorks Runtime
AVG 7.5
AVG Anti-Spyware 7.5
BitLord 1.1
CCleaner (remove only)
Cool Edit Pro 2.1
Guitar Pro 5.1
HijackThis 1.99.1
HSP56 MR Drivers
InCD (Ahead Software)
IomegaWare 4.0.2
J2SE Runtime Environment 5.0 Update 8
jv16 PowerTools 1.3
Lecteur Windows Media 10
LimeWire 4.12.6
MagicDisc 2.5.74
Messenger Plus! 3
Microsoft Office Professional Edition 2003
MSN Messenger 7.5
Nero - Burning Rom
NVIDIA Drivers
Realtek AC'97 Audio
RegSupreme 1.4
Sentinel System Driver
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
Spybot - Search & Destroy 1.4
TuneUp Utilities 2006
WebFldrs XP
Winamp (remove only)
Windows Media Format Runtime
WinRAR archiver
ZoneAlarm




Liste des dossiers de C:\Program Files
Le volume dans le lecteur C s'appelle XP_PRO
Le numéro de série du volume est 2B61-42AC

Répertoire de C:\Program Files

2003-01-01 00:11 <REP> .
2003-01-01 00:11 <REP> ..
2003-01-01 00:11 <REP> Fichiers communs
2004-04-29 11:57 <REP> Windows NT
2004-04-29 11:57 <REP> MSN Gaming Zone
2004-04-29 11:57 <REP> MSN
2004-04-29 11:57 <REP> Messenger
2004-04-29 11:57 <REP> Services en ligne
2004-04-29 11:58 <REP> ComPlus Applications
2004-04-29 11:58 <REP> Internet Explorer
2004-04-29 11:59 <REP> Outlook Express
2004-04-29 11:59 <REP> NetMeeting
2004-04-29 11:59 <REP> Windows Media Player
2004-04-29 11:59 <REP> Movie Maker
2004-04-29 12:01 <REP> microsoft frontpage
2004-04-29 12:01 <REP> xerox
2004-04-29 12:14 <REP> SiS VGA Utilities V3.55
2004-04-29 12:18 <REP> AvRack
2004-04-29 12:18 <REP> Realtek Sound Manager
2004-04-29 12:18 <REP> SiSLan
2004-04-30 13:53 <REP> Adobe
2004-04-30 13:54 <REP> Ahead
2004-04-30 14:56 <REP> Microsoft Office
2004-04-30 14:56 <REP> Microsoft Visual Studio
2004-04-30 14:56 <REP> Microsoft Works
2004-04-30 14:57 <REP> Microsoft.NET
2004-05-12 07:04 <REP> AutoCAD 2002
2006-10-03 19:07 <REP> Grisoft
2006-10-07 09:48 <REP> coolpro2
2004-05-12 07:08 <REP> WexTech
2004-06-08 19:52 <REP> Iomega
2004-08-30 14:01 <REP> LoudSoft
2006-10-03 19:23 <REP> MessengerPlus! 3
2004-12-14 09:43 <REP> Common Files
2005-01-18 14:33 <REP> Winamp
2005-01-18 14:34 <REP> WinRAR
2006-10-03 19:33 <REP> LimeWire
2005-10-19 12:49 <REP> Spybot - Search & Destroy
2006-10-03 17:29 <REP> MSN Messenger
2006-10-03 18:57 <REP> Zone Labs
2006-10-03 19:34 <REP> Java
2006-10-06 16:24 <REP> BitLord
2006-10-06 22:25 <REP> TuneUp Utilities 2006
2006-10-07 19:56 <REP> Guitar Pro 5
2006-10-06 23:50 <REP> MagicDisc
2006-10-07 16:47 <REP> ewido anti-spyware 4.0
2006-10-07 16:55 <REP> CCleaner
2006-10-08 15:21 <REP> jv16 PowerTools
2006-10-08 15:27 <REP> RegSupreme
0 fichier(s) 0 octets
49 Rép(s) 28 688 515 072 octets libres
Le volume dans le lecteur C s'appelle XP_PRO
Le numéro de série du volume est 2B61-42AC

Répertoire de C:\Program Files\fichiers communs

2003-01-01 00:11 <REP> .
2003-01-01 00:11 <REP> ..
2003-01-01 00:11 <REP> Microsoft Shared
2003-01-01 00:11 <REP> SpeechEngines
2003-01-01 00:11 <REP> ODBC
2004-04-29 11:58 <REP> System
2004-04-29 11:59 <REP> MSSoap
2004-04-29 11:59 <REP> Services
2004-04-29 12:13 <REP> InstallShield
2004-04-30 13:53 <REP> Adobe
2004-04-30 14:56 <REP> DESIGNER
2004-05-12 07:04 <REP> Autodesk Shared
2004-05-12 07:05 <REP> Wextech Shared
2004-05-12 07:08 <REP> LHSPF
2004-12-17 17:48 <REP> Macromedia
2006-10-03 19:33 <REP> Java
2006-10-06 22:24 <REP> Wise Installation Wizard
2006-10-06 23:54 <REP> Adobe Systems Shared
0 fichier(s) 0 octets
18 Rép(s) 28 688 515 072 octets libres
Le volume dans le lecteur C s'appelle XP_PRO
Le numéro de série du volume est 2B61-42AC

Répertoire de C:\Program Files\common files

2004-12-14 09:43 <REP> .
2004-12-14 09:43 <REP> ..
2004-12-14 09:43 <REP> McNeel Shared
0 fichier(s) 0 octets
3 Rép(s) 28 688 515 072 octets libres
Le volume dans le lecteur C s'appelle XP_PRO
Le numéro de série du volume est 2B61-42AC

Répertoire de C:\

2005-10-31 11:56 700 416 StubInstaller.exe
1 fichier(s) 700 416 octets
0 Rép(s) 28 688 515 072 octets libres
c:\Documents and Settings\All Users\Menu Démarrer\Programmes\IDEUtil\SISIDE.exe
c:\Documents and Settings\N\Local Settings\Temp\Temporary Internet Files\Content.IE5\W8N8LY9F\sdsetup[1].exe
c:\Documents and Settings\N\Local Settings\Temporary Internet Files\Content.IE5\45UJKLMZ\srvmyf[1].exe
c:\Documents and Settings\N\Local Settings\Temporary Internet Files\Content.IE5\C1QFS5I7\jv16pt_setup1.3.0.195[1].exe
c:\Documents and Settings\N\Local Settings\Temporary Internet Files\Content.IE5\C1QFS5I7\srvbny[1].exe
c:\Documents and Settings\N\Local Settings\Temporary Internet Files\Content.IE5\C36929A3\RegSupreme_setup[1].exe
c:\Documents and Settings\N\Local Settings\Temporary Internet Files\Content.IE5\C36929A3\RegSupreme_setup[2].exe
c:\Documents and Settings\N\Local Settings\Temporary Internet Files\Content.IE5\6L4FEDSV\srvwks[1].exe
c:\Documents and Settings\N\Bureau\avenger.exe
c:\Documents and Settings\N\Bureau\blbetac.exe
c:\Documents and Settings\N\Bureau\HijackThis.exe
c:\Documents and Settings\N\Bureau\keygen.exe
c:\Documents and Settings\N\Bureau\KillBox.exe
c:\Documents and Settings\N\Bureau\VundoFix.exe
c:\Documents and Settings\N\Bureau\DiagHelp\diaghelp\FilesInfoCmd.exe
c:\Documents and Settings\N\Bureau\DiagHelp\diaghelp\Fport.exe
c:\Documents and Settings\N\Bureau\DiagHelp\diaghelp\grep.exe
c:\Documents and Settings\N\Bureau\DiagHelp\diaghelp\LFiles.exe
c:\Documents and Settings\N\Bureau\DiagHelp\diaghelp\LISTDLLS.exe
c:\Documents and Settings\N\Bureau\DiagHelp\diaghelp\pslist.exe
c:\Documents and Settings\N\Bureau\DiagHelp\diaghelp\streams.exe
c:\Documents and Settings\N\Bureau\DiagHelp\diaghelp\swreg.exe
c:\Documents and Settings\N\.limewire\.NetworkShare\LimeWireWin4.12.6-nopack2.exe
c:\Documents and Settings\N\.limewire\.NetworkShare\LimeWireWinInstaller.exe
c:\Documents and Settings\N\.housecall6.6\getMac.exe
c:\Documents and Settings\N\.housecall6.6\patch.exe
c:\Documents and Settings\N\.housecall6.6\tsc.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\N\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

Bonjour

Clic sur le menu Démarrer puis executer et copie/colle ceci :

"%userprofile%\Bureau\combofix.exe" /v gebya

puis clic sur OK.

Ne touche a rien et attends que combofix ait terminé, un rapport sera créé. Poste le rapport avec un nouveau rapport HijackThis.

Bonjour,

Va sur le site de VirusTotal
Clique sur Parcourir... puis ouvre:

C:\WINDOWS\System32\hernoen.dll

Clique ensuite sur Send
Poste le rapport en fin d'analyse.

Si tu vois ce message:
" Your file " ***.*** " is queued in position: ***. Estimated start time is between *** and *** minutes. "
Il te faudra patienter.

Oui mais il n'est pas complet.

Re,

S'il te plaît, va ici pour uploader un fichier douteux pour analyse.

• "Your Username:" - Entre ton pseudo sur ce forum
• "Topic Where File Was Requested:" - Copie-colle le lien vers cette discussion
• "File(s) To Submit:" - Bouton "Parcourir..." pour naviguer vers ce nom de fichier : C:\WINDOWS\System32\hernoen.dll
• Cliquez sur Send File

• Double-clique VundoFix.exe afin de le lancer
• NE clique PAS sur le bouton Scan for Vundo
• Clique Droit dans la fenêtre blanche, choisis Add more files ?
• Rajoute dans la première ligne :

C:\WINDOWS\System32\hernoen.dll

• Clique successivement sur :

- Add Files
- Close Windows
- Remove Vundo

• Si l'outil te demande de redémarrer, accepte.
• Copie/Colle ensuite le rapport C:\vundofix.txt

Ne me lacher pas sa persiste.

Logfile of HijackThis v1.99.1
Scan saved at 20:08:40, on 2006-10-10
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Fichiers communs\{2B6142AC-0871-1036-0107-040404030002}\Update.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\N\Bureau\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4FAB3EC1-3537-AFDC-4C32-03614B7E1C69} - C:\WINDOWS\System32\hernoen.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: (no name) - {BE3F23AC-570D-4A8D-BE11-0D4F7F3AB017} - (no file)
O2 - BHO: (no name) - {D0FF9A44-567D-46CF-8BF4-D014756EA07B} - C:\WINDOWS\System32\mljgd.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB15E98A-D1D5-4477-A99D-0138DC65B753}: NameServer = 206.123.6.11 206.123.6.10
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljgd - C:\WINDOWS\System32\mljgd.dll
O20 - Winlogon Notify: wintmh32 - C:\WINDOWS\SYSTEM32\wintmh32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/11/2006 4:06:58 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\N\Bureau\WinPFind\
Microsoft Windows XP (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2600.0000)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
PEC2 10/7/2006 9:41:10 AM 34505423 C:\xscan.txt ()

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 10/7/2006 9:14:28 AM 1101904 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
aspack 10/7/2006 9:14:28 AM 1101904 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
UPX! 10/6/2006 11:27:20 PM 176709 C:\WINDOWS\tsc.exe (Trend Micro Inc.)
PECompact2 10/6/2006 11:27:18 PM 25814751 C:\WINDOWS\VPTNFILE.825 ()
qoologic 10/6/2006 11:27:18 PM 25814751 C:\WINDOWS\VPTNFILE.825 ()
SAHAgent 10/6/2006 11:27:18 PM 25814751 C:\WINDOWS\VPTNFILE.825 ()
PECompact2 10/6/2006 11:27:18 PM 25814751 C:\WINDOWS\LPT$VPN.825 ()
qoologic 10/6/2006 11:27:18 PM 25814751 C:\WINDOWS\LPT$VPN.825 ()
SAHAgent 10/6/2006 11:27:18 PM 25814751 C:\WINDOWS\LPT$VPN.825 ()

Checking %System% folder...
WSUD 8/28/2001 12:00:00 PM 1166336 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
PEC2 8/28/2001 12:00:00 PM 41131 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 11/8/2001 6:20:24 PM 18944 C:\WINDOWS\SYSTEM32\VCEDIT.DLL ()
UPX! 3/17/2001 9:34:12 PM 22528 C:\WINDOWS\SYSTEM32\WNASPI32.DLL (Jukka Poikolainen Software)
UPX! 11/8/2001 6:20:24 PM 46080 C:\WINDOWS\SYSTEM32\VORBIS.DLL ()
UPX! 11/8/2001 6:20:24 PM 19968 C:\WINDOWS\SYSTEM32\OGG.DLL ()
WSUD 8/28/2001 12:00:00 PM 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/28/2001 12:00:00 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/28/2001 12:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
WSUD 10/8/2003 4:05:36 AM 13426176 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
UPX! 11/8/2001 6:20:24 PM 70144 C:\WINDOWS\SYSTEM32\vorbisenc.dll ()
UPX! 1/9/2003 4:51:38 PM 20992 C:\WINDOWS\SYSTEM32\AffiliateNow.dll ()
UPX! 11/8/2001 6:20:24 PM 9216 C:\WINDOWS\SYSTEM32\vorbisfile.dll ()
PEC2 10/6/2006 9:57:24 PM 15872 C:\WINDOWS\SYSTEM32\wintmh32.dll ()
PECompact2 10/6/2006 9:57:24 PM 15872 C:\WINDOWS\SYSTEM32\wintmh32.dll ()

Checking %System%\Drivers folder and sub-folders...
UPX! 10/3/2006 7:07:24 PM 816288 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
FSG! 10/3/2006 7:07:24 PM 816288 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
PEC2 10/3/2006 7:07:24 PM 816288 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)
aspack 10/3/2006 7:07:24 PM 816288 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys (GRISOFT, s.r.o.)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/11/2006 4:02:32 PM S 2048 C:\WINDOWS\bootstat.dat ()
10/9/2006 1:23:36 PM HS 40973 C:\WINDOWS\system32\efcbbxw.dll ()
10/7/2006 6:32:48 PM HS 40973 C:\WINDOWS\system32\pmnljjg.dll ()
10/8/2006 3:27:24 PM HS 5 C:\WINDOWS\system32\babeeb5_g.dll ()
10/3/2006 6:59:12 PM H 4212 C:\WINDOWS\system32\zllictbl.dat ()
10/6/2006 9:57:24 PM HS 40973 C:\WINDOWS\system32\opnkhii.dll ()
10/11/2006 4:05:24 PM H 1024 C:\WINDOWS\system32\config\system.LOG ()
10/11/2006 4:10:48 PM H 1024 C:\WINDOWS\system32\config\software.LOG ()
10/11/2006 4:11:30 PM H 1024 C:\WINDOWS\system32\config\default.LOG ()
10/11/2006 4:02:34 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/11/2006 4:03:38 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
10/6/2006 10:48:24 PM H 0 C:\WINDOWS\system32\config\SECURITY_TU_36755.LOG ()
10/6/2006 10:48:24 PM H 0 C:\WINDOWS\system32\config\SOFTWARE_TU_93730.LOG ()
10/6/2006 10:48:26 PM H 0 C:\WINDOWS\system32\config\SYSTEM_TU_40630.LOG ()
10/6/2006 10:48:26 PM H 0 C:\WINDOWS\system32\config\DEFAULT_TU_21771.LOG ()
10/6/2006 10:48:26 PM H 0 C:\WINDOWS\system32\config\SAM_TU_65779.LOG ()
10/11/2006 4:04:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini ()
10/11/2006 4:04:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini ()
10/11/2006 4:04:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I123M56P\desktop.ini ()
10/11/2006 4:04:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8RATUDEX\desktop.ini ()
10/11/2006 4:04:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A2LDE9GE\desktop.ini ()
10/11/2006 4:04:12 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X18FAWIY\desktop.ini ()
10/6/2006 10:25:32 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\b1d375d7-a41d-4f26-8949-61f8d6d9bc53 ()
10/6/2006 10:25:32 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
8/29/2006 12:59:16 PM S 30933 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.CAT ()
10/11/2006 4:02:38 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()
10/3/2006 6:21:16 PM H 0 C:\WINDOWS\LastGood\INF\MPPRE10.inf ()
10/3/2006 6:21:16 PM H 0 C:\WINDOWS\LastGood\INF\MPPRE10.PNF ()
10/3/2006 6:21:16 PM H 0 C:\WINDOWS\LastGood\INF\DRM10.inf ()
10/3/2006 6:21:16 PM H 0 C:\WINDOWS\LastGood\INF\DRM10.PNF ()
10/3/2006 6:21:18 PM H 0 C:\WINDOWS\LastGood\INF\codecs10.inf ()
10/3/2006 6:21:18 PM H 0 C:\WINDOWS\LastGood\INF\codecs10.PNF ()
10/3/2006 6:21:18 PM H 0 C:\WINDOWS\LastGood\INF\WMFSDK10.inf ()
10/3/2006 6:21:18 PM H 0 C:\WINDOWS\LastGood\INF\WMFSDK10.PNF ()
10/3/2006 6:21:22 PM H 0 C:\WINDOWS\LastGood\INF\WMDM10.inf ()
10/3/2006 6:21:22 PM H 0 C:\WINDOWS\LastGood\INF\WMDM10.PNF ()
10/3/2006 6:21:22 PM H 0 C:\WINDOWS\LastGood\INF\WPD10.inf ()
10/3/2006 6:21:22 PM H 0 C:\WINDOWS\LastGood\INF\WPD10.PNF ()
10/3/2006 6:21:24 PM H 0 C:\WINDOWS\LastGood\INF\wpdmtp.inf ()
10/3/2006 6:21:24 PM H 0 C:\WINDOWS\LastGood\INF\wpdmtp.PNF ()
10/3/2006 6:36:10 PM H 0 C:\WINDOWS\LastGood\INF\WMP10.inf ()
10/3/2006 6:36:10 PM H 0 C:\WINDOWS\LastGood\INF\WMP10.PNF ()
10/3/2006 6:36:18 PM H 0 C:\WINDOWS\LastGood\INF\MPCD10.inf ()
10/3/2006 6:36:18 PM H 0 C:\WINDOWS\LastGood\INF\MPCD10.PNF ()
10/3/2006 6:36:18 PM H 0 C:\WINDOWS\LastGood\INF\MPSTUB10.inf ()
10/3/2006 6:36:18 PM H 0 C:\WINDOWS\LastGood\INF\MPSTUB10.PNF ()
10/3/2006 6:36:18 PM H 0 C:\WINDOWS\LastGood\INF\WMSET10.inf ()
10/3/2006 6:36:18 PM H 0 C:\WINDOWS\LastGood\INF\WMSET10.PNF ()
10/6/2006 7:02:06 PM H 0 C:\WINDOWS\LastGood\INF\dxxp.inf ()
10/6/2006 7:02:06 PM H 0 C:\WINDOWS\LastGood\INF\dxxp.PNF ()
10/6/2006 7:02:22 PM H 0 C:\WINDOWS\LastGood\INF\oem8.inf ()
10/6/2006 7:02:22 PM H 0 C:\WINDOWS\LastGood\INF\oem8.PNF ()
10/6/2006 7:02:28 PM H 0 C:\WINDOWS\LastGood\INF\dxdllreg.inf ()
10/6/2006 7:02:28 PM H 0 C:\WINDOWS\LastGood\INF\dxdllreg.PNF ()
10/6/2006 7:02:28 PM H 0 C:\WINDOWS\LastGood\INF\dxbda.inf ()
10/6/2006 7:02:28 PM H 0 C:\WINDOWS\LastGood\INF\dxbda.PNF ()
10/10/2006 6:33:04 PM H 0 C:\WINDOWS\LastGood\INF\oem9.inf ()
10/10/2006 6:33:04 PM H 0 C:\WINDOWS\LastGood\INF\oem9.PNF ()
10/2/2006 4:14:04 PM S 64 C:\WINDOWS\CSC\00000002 ()
10/6/2006 10:48:28 PM S 64 C:\WINDOWS\CSC\00000001 ()

Checking for CPL files...
8/28/2001 12:00:00 PM 133120 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 563712 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 296448 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 124416 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 189952 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 567296 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 38400 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 112640 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 277504 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/28/2001 8:00:00 AM 69120 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
10/8/2003 4:05:36 AM 13426176 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
9/24/2002 4:44:10 PM 151552 C:\WINDOWS\SYSTEM32\ADPanel.cpl (Iomega Corporation)
8/11/2006 9:43:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl ()
8/11/2006 9:43:00 PM 69632 C:\WINDOWS\SYSTEM32\nvcpl.cpl (NVIDIA Corporation)
7/26/2006 3:03:14 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/29/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 563712 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
8/28/2001 7:00:00 AM 133120 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 296448 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
8/28/2001 7:00:00 AM 124416 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
8/28/2001 8:00:00 AM 69120 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 260096 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 112640 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 189952 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/28/2001 7:00:00 AM 567296 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
8/28/2001 8:00:00 AM 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 277504 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
8/28/2001 12:00:00 PM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
8/29/2002 3:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} - HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537 [...] scan53.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/j [...] s-i586.cab
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/j [...] s-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/j [...] s-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub [...] wflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
4/29/2004 12:01:20 PM HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/1/2003 12:11:22 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
10/10/2006 4:27:56 PM 926 C:\Documents and Settings\N\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk ()
4/29/2004 12:01:20 PM HS 84 C:\Documents and Settings\N\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
1/1/2003 12:11:22 AM HS 62 C:\Documents and Settings\N\Application Data\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/red [...] R}&ar=home
\\Search Page - http://www.microsoft.com/isapi/red [...] r=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/red [...] ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/red [...] r=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.google.ca/
\\Search Page - http://www.microsoft.com/isapi/red [...] r=iesearch
\\Local Page - C:\WINDOWS\System32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1 [...] chasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
\{4FAB3EC1-3537-AFDC-4C32-03614B7E1C69} - = C:\WINDOWS\System32\hernoen.dll ()
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc.)
\{849B9523-785F-4014-9CAF-079FB4A74C61} - = ()
\{BE3F23AC-570D-4A8D-BE11-0D4F7F3AB017} - = ()

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Astuce du jour = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Liens = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{C004DEC2-2623-438E-9CA2-C9043AB28508} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - 8192 =
\\NEXTID - 8194
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8193 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Extension Affichage Panorama du Panneau de configuration = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Extensions de l'environnement de compression de fichiers = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Menu contextuel de cryptage = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Extension icône HyperTerminal = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Barre des tâches et menu Démarrer = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Comptes d'utilisateurs = ()
\\{c7745760-8ead-11ce-b750-02608ca5202c} - IomegaWare Shell Extension = C:\Program Files\Iomega\Shell\ImgMenu.dll (Iomega Corp.)
\\{c7745761-8ead-11ce-b750-02608ca5202c} - IomegaWare Shell Extension = C:\Program Files\Iomega\Shell\ImgProp.dll (Iomega Corp.)
\\{C81DCBCA-8AE2-41FC-9C39-78B160393210} - RhinoShExt = C:\WINDOWS\system32\RhinoShExt.dll (Robert McNeel & Associates)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\System32\nvshell.dll ()
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\System32\nvshell.dll ()
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\System32\nvshell.dll ()
\\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - AVG7 Shell Extension = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.)
\\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} - AVG7 Find Extension = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.)
\\{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} - TuneUp Shredder Shell Context Menu Extension = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.)
\RhinoShExt - {C81DCBCA-8AE2-41FC-9C39-78B160393210} = C:\WINDOWS\system32\RhinoShExt.dll (Robert McNeel & Associates)
\TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Program Files\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\System32\nvshell.dll ()
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\AVG7 Shell Extension - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SiS Tray - C:\WINDOWS\System32\sistray.EXE (Silicon Integrated Systems Corporation)
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe ()
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll ()
Zone Labs Client - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MessengerPlus3 - C:\Program Files\MessengerPlus! 3\MsgPlus.exe (Patchou)
msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\N\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
C:\Documents and Settings\N\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\System32\ctfmon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCTVOICE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pctspk
hkey HKLM
command pctspk.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RunDLL
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bridge
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SiS Windows KeyHook
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item keyhook
hkey HKLM
command C:\WINDOWS\System32\keyhook.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SiSUSBRG
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SiSUSBrg
hkey HKLM
command C:\WINDOWS\SiSUSBrg.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wintmh32 - wintmh32.dll = ()
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{82B97C71-62CF-4BE0-8A21-84474050F82E} - (SiS 900-Based PCI Fast Ethernet Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



maintenant le rapport de combofix

ComboFix 06.09.28 - Running from: "C:\Documents and Settings\N\Bureau"
Command switches used :: /v mljgd

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\system32\dgjlm.bak1
C:\WINDOWS\system32\dgjlm.bak2


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Fichiers communs\Yazzle1122OinAdmin.exe
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Inetget2
C:\Program Files\Fichiers communs\{2B6142AC-0871-1036-0107-040404030002}
C:\Program Files\Fichiers communs\{3B6142AC-0871-1036-0107-040404030002}


((((((((((((((((((((((((((((((( Files Created from 2006-09-11 to 2006-10-11 ))))))))))))))))))))))))))))))))))


2006-10-10 18:39 22,528 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-10-10 18:39 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-10-10 18:38 9,216 --a------ C:\WINDOWS\system32\vorbisfile.dll
2006-10-10 18:38 835,584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2006-10-10 18:38 70,144 --a------ C:\WINDOWS\system32\vorbisenc.dll
2006-10-10 18:38 46,080 --a------ C:\WINDOWS\system32\VORBIS.DLL
2006-10-10 18:38 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2006-10-10 18:38 315,392 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll
2006-10-10 18:38 3,082 --a------ C:\WINDOWS\system32\affv11300p1now.sys
2006-10-10 18:38 20,992 --a------ C:\WINDOWS\system32\AffiliateNow.dll
2006-10-10 18:38 196,608 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2006-10-10 18:38 19,968 --a------ C:\WINDOWS\system32\OGG.DLL
2006-10-10 18:38 18,944 --a------ C:\WINDOWS\system32\VCEDIT.DLL
2006-10-10 18:38 139,264 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2006-10-10 18:38 1,843,200 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2006-10-10 18:38 1,245,184 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2006-10-10 18:37 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2006-10-10 18:37 1,703,936 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2006-10-10 18:33 765,952 --a------ C:\WINDOWS\system32\tvqenc.dll
2006-10-10 18:33 573,440 --a------ C:\WINDOWS\system32\tvqdec.dll
2006-10-10 18:33 118,784 --a------ C:\WINDOWS\system32\mp3dec.dll
2006-10-10 18:32 671,744 --a------ C:\WINDOWS\system32\DGVorbis.dll
2006-10-09 13:23 40,973 ---hs---- C:\WINDOWS\system32\efcbbxw.dll
2006-10-08 15:27 5 --ahs---- C:\WINDOWS\system32\babeeb5_g.dll
2006-10-08 14:57 53,248 --a------ C:\WINDOWS\system32\itunesff.exe
2006-10-08 14:57 53,248 --a------ C:\WINDOWS\internt.exe
2006-10-07 18:32 40,973 ---hs---- C:\WINDOWS\system32\pmnljjg.dll
2006-10-07 17:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-06 23:50 92,160 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2006-10-06 21:57 40,973 ---hs---- C:\WINDOWS\system32\opnkhii.dll
2006-10-06 21:57 15,872 --a------ C:\WINDOWS\system32\wintmh32.dll
2006-10-06 19:02 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-10-06 19:02 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-10-06 19:02 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-10-06 19:02 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-10-06 19:02 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-10-06 19:02 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-10-06 19:02 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-10-06 19:02 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-10-06 19:02 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2006-10-06 19:02 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-10-06 19:02 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2006-10-06 19:02 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2006-10-06 19:02 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-10-06 19:02 667,648 --a------ C:\WINDOWS\system32\dinput8.dll
2006-10-06 19:02 648,704 --a------ C:\WINDOWS\system32\dinput.dll
2006-10-06 19:02 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2006-10-06 19:02 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-10-06 19:02 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-10-06 19:02 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-10-06 19:02 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2006-10-06 19:02 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2006-10-06 19:02 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-10-06 19:02 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-10-06 19:02 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-10-06 19:02 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-10-06 19:02 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-10-06 19:02 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2006-10-06 19:02 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-06 19:02 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2006-10-06 19:02 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-10-06 19:02 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-10-06 19:02 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-10-06 19:02 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-10-06 19:02 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2006-10-06 19:02 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-10-06 19:02 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-10-06 19:02 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-10-06 19:02 31,744 --a------ C:\WINDOWS\system32\pid.dll
2006-10-06 19:02 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-10-06 19:02 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-10-06 19:02 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-10-06 19:02 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-10-06 19:02 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2006-10-06 19:02 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2006-10-06 19:02 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-10-06 19:02 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-10-06 19:02 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-10-06 19:02 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-10-06 19:02 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-10-06 19:02 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2006-10-06 19:02 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2006-10-06 19:02 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2006-10-06 19:02 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-10-06 19:02 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-10-06 19:02 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2006-10-06 19:02 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-10-06 19:02 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2006-10-06 19:02 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2006-10-06 19:02 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2006-10-06 19:02 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2006-10-06 19:02 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-10-06 19:02 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-10-06 19:02 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2006-10-06 19:02 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-10-06 19:02 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-10-06 19:02 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2006-10-06 19:02 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2006-10-06 19:02 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2006-10-06 19:02 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-10-06 19:02 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-10-06 19:02 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-10-06 19:02 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-10-06 19:02 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2006-10-06 19:02 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-10-03 19:07 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-03 19:07 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-03 19:07 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-03 19:07 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-03 19:07 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-03 19:07 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-03 19:07 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-03 19:07 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-10-03 18:57 42,920 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2006-10-03 18:21 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-03 18:21 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-03 18:21 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-10-03 18:21 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-29 18:42 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-29 18:41 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-29 18:30 182,880 --a------ C:\WINDOWS\system32\iuengine.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-10 18:39 -------- d-------- C:\Program Files\Alt WAV MP3 WMA OGG Converter
2006-10-10 18:38 -------- d-------- C:\Program Files\Audiotoolsfactory
2006-10-10 18:37 -------- d-------- C:\Program Files\MP3 Converter Simple
2006-10-10 18:33 -------- d-------- C:\Program Files\audio-mp3-converter
2006-10-10 18:23 -------- d-------- C:\Program Files\Audacity
2006-10-10 16:26 -------- d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2006-10-08 15:27 -------- d-------- C:\Program Files\RegSupreme
2006-10-08 15:21 -------- d-------- C:\Program Files\jv16 PowerTools
2006-10-07 19:56 -------- d-------- C:\Program Files\Guitar Pro 5
2006-10-07 16:55 -------- d-------- C:\Program Files\CCleaner
2006-10-07 16:47 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-07 09:51 -------- d-------- C:\Documents and Settings\N\Application Data\Syntrillium
2006-10-07 09:14 86094 --a------ C:\WINDOWS\BPMNT.dll
2006-10-07 09:14 1101904 --a------ C:\WINDOWS\vsapi32.dll
2006-10-06 23:50 -------- d-------- C:\Program Files\MagicDisc
2006-10-06 23:27 71749 --a------ C:\WINDOWS\hcextoutput.dll
2006-10-06 23:27 176709 --a------ C:\WINDOWS\tsc.exe
2006-10-06 22:25 -------- d-------- C:\Program Files\TuneUp Utilities 2006
2006-10-06 22:25 -------- d-------- C:\Documents and Settings\N\Application Data\TuneUp Software
2006-10-06 22:23 -------- d-------- C:\Documents and Settings\N\Application Data\Sun
2006-10-06 16:24 -------- d-------- C:\Program Files\BitLord
2006-10-03 19:34 -------- d-------- C:\Program Files\Java
2006-10-03 19:33 -------- d-------- C:\Program Files\LimeWire
2006-10-03 19:23 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-10-03 18:57 -------- d-------- C:\Program Files\Zone Labs
2006-10-03 17:29 -------- d-------- C:\Program Files\MSN Messenger
2006-09-29 19:01 69689 --a------ C:\WINDOWS\UNZIP.DLL
2006-09-29 19:01 507904 --a------ C:\WINDOWS\TMUPDATE.DLL
2006-09-29 19:01 286720 --a------ C:\WINDOWS\PATCH.EXE
2006-08-24 23:47 36528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-08-11 21:45 258048 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrses.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-08-11 21:44 266240 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-08-11 21:44 262144 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-08-11 21:44 241664 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-08-11 21:43 274432 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-08-11 21:43 270336 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-08-11 21:43 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-08-11 21:43 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-08-11 21:43 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 3958496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS Tray"="C:\\WINDOWS\\System32\\sistray.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"SoundMan"="SOUNDMAN.EXE"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCTVOICE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pctspk"
"hkey"="HKLM"
"command"="pctspk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RunDLL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bridge"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SiS Windows KeyHook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="keyhook"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\keyhook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SiSUSBRG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SiSUSBrg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SiSUSBrg.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintmh32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: 2006-10-11 16:03:18.26
ComboFix3.txt
ComboFix2.txt
ComboFix.txt


et le hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 16:18:19, on 2006-10-11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\N\Bureau\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4FAB3EC1-3537-AFDC-4C32-03614B7E1C69} - C:\WINDOWS\System32\hernoen.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: (no name) - {BE3F23AC-570D-4A8D-BE11-0D4F7F3AB017} - (no file)
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB15E98A-D1D5-4477-A99D-0138DC65B753}: NameServer = 206.123.6.11 206.123.6.10
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: wintmh32 - C:\WINDOWS\SYSTEM32\wintmh32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fagyyrbh

*******************

Script file located at: \??\C:\Documents and Settings\uwycqpih.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\System32\hernoen.dll not found!
Deletion of file C:\WINDOWS\System32\hernoen.dll failed!

Could not process line:
C:\WINDOWS\System32\hernoen.dll
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\wintmh32.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Logfile of HijackThis v1.99.1
Scan saved at 17:10:13, on 2006-10-11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\N\Bureau\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4FAB3EC1-3537-AFDC-4C32-03614B7E1C69} - C:\WINDOWS\System32\hernoen.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - (no file)
O2 - BHO: (no name) - {BE3F23AC-570D-4A8D-BE11-0D4F7F3AB017} - (no file)
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB15E98A-D1D5-4477-A99D-0138DC65B753}: NameServer = 206.123.6.11 206.123.6.10
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: wintmh32 - wintmh32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

et les rapport avec virus total


AntiVir 7.2.0.25 10.11.2006 TR/Vundo.Gen
Authentium 4.93.8 10.11.2006 no virus found
Avast 4.7.892.0 10.11.2006 no virus found
AVG 386 10.11.2006 no virus found
BitDefender 7.2 10.11.2006 DeepScan:Generic.Malware.SYddldg.6AD3E836
CAT-QuickHeal 8.00 10.11.2006 no virus found
ClamAV devel-20060426 10.11.2006 no virus found
eTrust-InoculateIT 23.73.19 10.11.2006 no virus found
eTrust-Vet 30.3.3127 10.11.2006 Win32/Chisyne!generic
DrWeb 4.33 10.11.2006 Trojan.Virtumod
Ewido 4.0 10.11.2006 no virus found
Fortinet 2.82.0.0 10.11.2006 Misc/Vundo
F-Prot 3.16f 10.11.2006 no virus found
F-Prot4 4.2.1.29 10.11.2006 no virus found
Ikarus 0.2.65.0 10.11.2006 no virus found
Kaspersky 4.0.2.24 10.11.2006 no virus found
McAfee 4871 10.11.2006 potentially unwanted program Vundo
Microsoft 1.1603 10.11.2006 no virus found
NOD32v2 1.1797 10.10.2006 no virus found
Norman 5.80.02 10.11.2006 W32/Vundo.gen1
Panda 9.0.0.4 10.11.2006 Suspicious file
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.096 10.11.2006 no virus found
UNA 1.83 10.11.2006 no virus found
VBA32 3.11.1 10.11.2006 Trojan.Virtumod
VirusBuster 4.3.7:9 10.11.2006 no virus found


AntiVir 7.2.0.25 10.11.2006 TR/Vundo.Gen
Authentium 4.93.8 10.11.2006 no virus found
Avast 4.7.892.0 10.11.2006 no virus found
AVG 386 10.11.2006 no virus found
BitDefender 7.2 10.11.2006 DeepScan:Generic.Malware.SYddldg.6AD3E836
CAT-QuickHeal 8.00 10.11.2006 no virus found
ClamAV devel-20060426 10.11.2006 no virus found
DrWeb 4.33 10.11.2006 Trojan.Virtumod
eTrust-InoculateIT 23.73.19 10.11.2006 no virus found
eTrust-Vet 30.3.3127 10.11.2006 Win32/Chisyne!generic
Ewido 4.0 10.11.2006 no virus found
Fortinet 2.82.0.0 10.11.2006 Misc/Vundo
F-Prot 3.16f 10.11.2006 no virus found
F-Prot4 4.2.1.29 10.11.2006 no virus found
Ikarus 0.2.65.0 10.11.2006 no virus found
Kaspersky 4.0.2.24 10.11.2006 no virus found
McAfee 4871 10.11.2006 potentially unwanted program Vundo
Microsoft 1.1603 10.11.2006 no virus found
NOD32v2 1.1797 10.10.2006 no virus found
Norman 5.80.02 10.11.2006 W32/Vundo.gen1
Panda 9.0.0.4 10.11.2006 Suspicious file
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.096 10.11.2006 no virus found
UNA 1.83 10.11.2006 no virus found
VBA32 3.11.1 10.11.2006 Trojan.Virtumod
VirusBuster 4.3.7:9 10.11.2006 no virus found


AntiVir 7.2.0.25 10.11.2006 no virus found
Authentium 4.93.8 10.11.2006 no virus found
Avast 4.7.892.0 10.11.2006 no virus found
AVG 386 10.11.2006 no virus found
BitDefender 7.2 10.11.2006 no virus found
CAT-QuickHeal 8.00 10.11.2006 no virus found
ClamAV devel-20060426 10.11.2006 no virus found
DrWeb 4.33 10.11.2006 no virus found
eTrust-InoculateIT 23.73.19 10.11.2006 no virus found
eTrust-Vet 30.3.3127 10.11.2006 no virus found
Ewido 4.0 10.11.2006 no virus found
Fortinet 2.82.0.0 10.11.2006 no virus found
F-Prot 3.16f 10.11.2006 no virus found
F-Prot4 4.2.1.29 10.11.2006 no virus found
Ikarus 0.2.65.0 10.11.2006 no virus found
Kaspersky 4.0.2.24 10.11.2006 no virus found
McAfee 4871 10.11.2006 no virus found
Microsoft 1.1603 10.11.2006 no virus found
NOD32v2 1.1797 10.10.2006 no virus found
Norman 5.80.02 10.11.2006 no virus found
Panda 9.0.0.4 10.11.2006 no virus found
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.096 10.11.2006 no virus found
UNA 1.83 10.11.2006 no virus found
VBA32 3.11.1 10.11.2006 no virus found
VirusBuster 4.3.7:9 10.11.2006 no virus found


AntiVir 7.2.0.25 10.11.2006 TR/Vundo.Gen
Authentium 4.93.8 10.11.2006 no virus found
Avast 4.7.892.0 10.11.2006 no virus found
AVG 386 10.11.2006 no virus found
BitDefender 7.2 10.11.2006 DeepScan:Generic.Malware.SYddldg.6AD3E836
CAT-QuickHeal 8.00 10.11.2006 no virus found
ClamAV devel-20060426 10.11.2006 no virus found
DrWeb 4.33 10.11.2006 Trojan.Virtumod
eTrust-InoculateIT 23.73.19 10.11.2006 no virus found
eTrust-Vet 30.3.3127 10.11.2006 Win32/Chisyne!generic
Ewido 4.0 10.11.2006 no virus found
Fortinet 2.82.0.0 10.11.2006 Misc/Vundo
F-Prot 3.16f 10.11.2006 no virus found
F-Prot4 4.2.1.29 10.11.2006 no virus found
Ikarus 0.2.65.0 10.11.2006 no virus found
Kaspersky 4.0.2.24 10.11.2006 no virus found
McAfee 4871 10.11.2006 potentially unwanted program Vundo
Microsoft 1.1603 10.11.2006 no virus found
NOD32v2 1.1797 10.10.2006 no virus found
Norman 5.90.23 10.11.2006 W32/Vundo.gen1
Panda 9.0.0.4 10.11.2006 Suspicious file
Sophos 4.10.0 10.05.2006 no virus found
TheHacker 6.0.1.096 10.11.2006 no virus found
UNA 1.83 10.11.2006 no virus found
VBA32 3.11.1 10.11.2006 Trojan.Virtumod
VirusBuster 4.3.7:9 10.11.2006 no virus found


merci

le rapport marche pas je vais faire le scan la

Bonjour

Kaspersky ne trouve rien

As tu encore des dysfonctionnements ?

Dans ce cas, encore une petite chose
Dénonce ton infection pour faire condamner les auteurs.
Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être le plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : http://www.malwarecomplaints.info/viewtopic.php?t=5
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).
La tienne = WINANTIVIRUS
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections conforme au règle du forum (age, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé.
---> http://www.malwarecomplaints.info/viewforum.php?f=10
Plus d'informations ici

Bonsoir,

salut à tous, j'ai un problème de publicité (casino, antivirus) qui s'affiche et l'ordi s'éteint tout seul. j'ai établi un rapport à partir de Hijack et cela me donne çà.

je ne sais pas trop quoi faire après:

Logfile of HijackThis v1.99.1
Scan saved at 23:07:21, on 18/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\TWlja2FlbCBUZXJvc2llcg\command.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe
C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe
C:\Program Files\ADS Tech\INSTANT TV PVR\Scheduled.exe
C:\Program Files\Zdagxp\Ktjy.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\sndman.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\VirusKeeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Propriétaire\Mes documents\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lemonde.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qfr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O3 - Toolbar: (no name) - {44BE0690-5429-47f0-85BB-3FFD8020233E} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [qqsgob] C:\WINDOWS\System32\cscgoqmv.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe
O4 - HKLM\..\Run: [Ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe
O4 - HKLM\..\Run: [ADS TVR Agent] C:\Program Files\ADS Tech\INSTANT TV PVR\Scheduled.exe
O4 - HKLM\..\Run: [Jeqava] C:\Program Files\Gjxch\Rkhlfzv.exe
O4 - HKLM\..\Run: [Auloq] C:\Program Files\Zdagxp\Ktjy.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] C:\WINDOWS\sndman.exe -i
O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\timed.exe /i
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [hzw67af2] RUNDLL32.EXE w0ae63fb.dll,n 00567aed0000000a0ae63fb
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e25.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e25.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e24.exe
O4 - HKLM\..\Run: [msbb] c:\program files\internet optimizer\sim\msbb.exe
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2006 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Norton Personal Firewall.lnk = C:\Program Files\Norton Personal Firewall\nisfirst.exe
O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://static.flingstone.com/cab/2 [...] ge-c11.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OfficeUpdate - C:\WINDOWS\system32\s2pulc791f.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\ewcapi.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlja2FlbCBUZXJvc2llcg\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe