Bonne annee 2010 - Besoin d'une petite verification

Quel honneur, Sham Rock reprend du service pour moi.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Alice at 2010-01-01 22:13:05
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 91 GB (95%) free of 95 GB
Total RAM: 1022 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:10, on 01/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Alice\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Alice.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

--
End of file - 3989 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{6E4232FE-DA2B-4A0C-9CB1-171CFFFF0FC4}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 202032]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-31 761946]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-23 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-05 240128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-01 22:13:05 ----D---- C:\rsit
2010-01-01 03:34:34 ----D---- C:\Program Files\Trend Micro
2010-01-01 03:23:22 ----D---- C:\WINDOWS\WBEM
2010-01-01 03:22:25 ----HDC---- C:\WINDOWS\ie8
2010-01-01 03:22:25 ----D---- C:\WINDOWS\system32\fr-FR
2010-01-01 03:18:56 ----D---- C:\Documents and Settings\Alice\Application Data\Macromedia
2010-01-01 03:18:56 ----D---- C:\Documents and Settings\Alice\Application Data\Adobe
2010-01-01 03:08:57 ----D---- C:\Program Files\CCleaner
2010-01-01 01:00:28 ----D---- C:\WINDOWS\pss
2009-12-31 23:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-12-31 23:23:12 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-12-31 23:21:33 ----RSD---- C:\WINDOWS\assembly
2009-12-31 23:21:33 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-31 23:21:31 ----D---- C:\WINDOWS\system32\URTTemp
2009-12-31 22:25:43 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-12-31 22:21:35 ----D---- C:\WINDOWS\system32\FxsTmp
2009-12-31 22:21:30 ----A---- C:\WINDOWS\ModemLog_AC97 Data Fax SoftModem with SmartCP.txt
2009-12-31 22:21:14 ----A---- C:\WINDOWS\system32\simptcp.dll
2009-12-31 22:21:09 ----A---- C:\WINDOWS\system32\fxssend.exe
2009-12-31 22:21:09 ----A---- C:\WINDOWS\system32\fxsroute.dll
2009-12-31 22:21:09 ----A---- C:\WINDOWS\system32\fxsperf.ini
2009-12-31 22:21:08 ----A---- C:\WINDOWS\system32\fxsclntR.dll
2009-12-31 22:21:07 ----A---- C:\WINDOWS\system32\lprmon.dll
2009-12-31 22:21:07 ----A---- C:\WINDOWS\system32\lpdsvc.dll
2009-12-31 22:21:07 ----A---- C:\WINDOWS\system32\iprip.dll
2009-12-31 22:21:07 ----A---- C:\WINDOWS\system32\fxscfgwz.dll
2009-12-31 22:21:06 ----A---- C:\WINDOWS\system32\snmptrap.exe
2009-12-31 22:21:06 ----A---- C:\WINDOWS\system32\snmp.exe
2009-12-31 22:21:06 ----A---- C:\WINDOWS\system32\evntwin.exe
2009-12-31 22:21:05 ----A---- C:\WINDOWS\system32\snmpmib.dll
2009-12-31 22:21:05 ----A---- C:\WINDOWS\system32\lmmib2.dll
2009-12-31 22:21:05 ----A---- C:\WINDOWS\system32\hostmib.dll
2009-12-31 22:21:05 ----A---- C:\WINDOWS\system32\fxsxp32.dll
2009-12-31 22:21:05 ----A---- C:\WINDOWS\system32\evntcmd.exe
2009-12-31 22:21:05 ----A---- C:\WINDOWS\system32\evntagnt.dll
2009-12-31 22:21:04 ----A---- C:\WINDOWS\system32\fxswzrd.dll
2009-12-31 22:21:04 ----A---- C:\WINDOWS\system32\fxsui.dll
2009-12-31 22:21:04 ----A---- C:\WINDOWS\system32\fxstiff.dll
2009-12-31 22:21:04 ----A---- C:\WINDOWS\system32\fxst30.dll
2009-12-31 22:21:04 ----A---- C:\WINDOWS\system32\fxssvc.exe
2009-12-31 22:21:04 ----A---- C:\WINDOWS\system32\fxsst.dll
2009-12-31 22:21:04 ----A---- C:\WINDOWS\system32\fxsres.dll
2009-12-31 22:21:04 ----A---- C:\WINDOWS\system32\fxsperf.dll
2009-12-31 22:21:03 ----A---- C:\WINDOWS\system32\fxsmon.dll
2009-12-31 22:21:03 ----A---- C:\WINDOWS\system32\fxsext32.dll
2009-12-31 22:21:03 ----A---- C:\WINDOWS\system32\fxsevent.dll
2009-12-31 22:21:03 ----A---- C:\WINDOWS\system32\fxsdrv.dll
2009-12-31 22:21:03 ----A---- C:\WINDOWS\system32\fxscover.exe
2009-12-31 22:21:03 ----A---- C:\WINDOWS\system32\fxscomex.dll
2009-12-31 22:21:03 ----A---- C:\WINDOWS\system32\fxsclnt.exe
2009-12-31 22:21:01 ----A---- C:\WINDOWS\system32\fxscom.dll
2009-12-31 22:19:31 ----D---- C:\Program Files\ATI Technologies
2009-12-31 22:19:26 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-12-31 22:18:25 ----A---- C:\WINDOWS\WININIT.INI
2009-12-31 22:14:23 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2009-12-31 22:14:22 ----D---- C:\Program Files\Synaptics
2009-12-31 22:14:22 ----A---- C:\WINDOWS\system32\SynTPCo2.dll
2009-12-31 22:14:22 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2009-12-31 22:14:22 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2009-12-31 22:14:22 ----A---- C:\WINDOWS\system32\SynCOM.dll
2009-12-31 22:14:02 ----D---- C:\Program Files\DIFX
2009-12-31 22:14:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-31 22:13:55 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-12-31 22:13:35 ----D---- C:\Program Files\Hewlett-Packard
2009-12-31 22:13:35 ----A---- C:\WINDOWS\system32\wdfcoinstaller01005.dll
2009-12-31 22:13:35 ----A---- C:\WINDOWS\system32\BttnCmns_64.dll
2009-12-31 22:13:35 ----A---- C:\WINDOWS\system32\BttnCmns.dll
2009-12-31 22:13:35 ----A---- C:\WINDOWS\system32\BttnCmn.dll
2009-12-31 22:13:31 ----D---- C:\Documents and Settings\Alice\Application Data\InstallShield
2009-12-31 22:12:56 ----D---- C:\Program Files\WIDCOMM
2009-12-31 22:12:23 ----D---- C:\Program Files\CONEXANT
2009-12-31 22:12:18 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-12-31 22:12:18 ----A---- C:\WINDOWS\system32\hsfci012.dll
2009-12-31 22:12:12 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-31 22:11:57 ----D---- C:\WINDOWS\OPTIONS
2009-12-31 22:11:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-31 22:11:31 ----D---- C:\WINDOWS\tiinst
2009-12-31 22:10:17 ----SHD---- C:\RECYCLER
2009-12-31 22:06:27 ----D---- C:\WINDOWS\system32\PreInstall
2009-12-31 22:06:27 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-12-31 22:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-12-31 22:06:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-31 22:06:18 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-31 22:06:13 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-12-31 22:03:59 ----D---- C:\Program Files\Broadcom
2009-12-31 22:03:58 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-12-31 22:03:57 ----D---- C:\SWSetup
2009-12-31 21:49:51 ----D---- C:\Documents and Settings\Alice\Application Data\Mozilla
2009-12-31 21:49:36 ----D---- C:\Program Files\Mozilla Firefox
2009-12-31 21:48:49 ----A---- C:\WINDOWS\system32\fxsapi.dll
2009-12-31 21:47:08 ----A---- C:\WINDOWS\system32\wups2.dll
2009-12-31 21:47:08 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-12-31 21:47:07 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-12-31 21:47:06 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-12-31 21:47:06 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-12-31 21:46:04 ----A---- C:\WINDOWS\system32\wpa.bak
2009-12-29 20:02:21 ----A---- C:\WINDOWS\system32\h323log.txt
2009-12-29 19:45:32 ----D---- C:\Documents and Settings\Alice\Application Data\Identities
2009-12-29 19:45:30 ----HD---- C:\Program Files\Uninstall Information
2009-12-29 19:45:23 ----ASH---- C:\Documents and Settings\Alice\Application Data\desktop.ini
2009-12-29 19:45:22 ----SD---- C:\Documents and Settings\Alice\Application Data\Microsoft
2009-12-29 19:44:00 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-29 19:43:59 ----SD---- C:\WINDOWS\system32\Microsoft
2009-12-29 19:43:59 ----D---- C:\WINDOWS\Prefetch
2009-12-29 19:43:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-29 19:24:20 ----D---- C:\WINDOWS\system32\xircom
2009-12-29 19:24:20 ----D---- C:\Program Files\xerox
2009-12-29 19:24:20 ----D---- C:\Program Files\microsoft frontpage
2009-12-29 19:24:13 ----A---- C:\WINDOWS\control.ini
2009-12-29 19:24:13 ----A---- C:\AUTOEXEC.BAT
2009-12-29 19:23:53 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-12-29 19:23:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-29 19:23:11 ----RD---- C:\WINDOWS\Offline Web Pages
2009-12-29 19:23:11 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-29 19:23:05 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-29 19:23:00 ----HD---- C:\Program Files\WindowsUpdate
2009-12-29 19:22:57 ----D---- C:\Program Files\Services en ligne
2009-12-29 19:22:41 ----D---- C:\WINDOWS\system32\DirectX
2009-12-29 19:22:21 ----A---- C:\WINDOWS\system32\atrace.dll
2009-12-29 19:22:18 ----A---- C:\WINDOWS\system32\desktop.ini
2009-12-29 19:22:18 ----A---- C:\WINDOWS\desktop.ini
2009-12-29 19:22:12 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-12-29 19:22:11 ----A---- C:\WINDOWS\system32\acctres.dll
2009-12-29 19:22:10 ----D---- C:\Program Files\Fichiers communs\Services
2009-12-29 19:22:08 ----SD---- C:\WINDOWS\Tasks
2009-12-29 19:22:08 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-12-29 19:22:07 ----D---- C:\Program Files\Fichiers communs\MSSoap
2009-12-29 19:22:03 ----D---- C:\WINDOWS\srchasst
2009-12-29 19:22:02 ----D---- C:\WINDOWS\system32\Macromed
2009-12-29 19:21:59 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-12-29 19:21:59 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-12-29 19:21:59 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-12-29 19:21:59 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-12-29 19:21:58 ----A---- C:\WINDOWS\system32\wups.dll
2009-12-29 19:21:58 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-12-29 19:21:58 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-12-29 19:21:58 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-12-29 19:21:58 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-12-29 19:21:58 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-12-29 19:21:58 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-12-29 19:21:58 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-12-29 19:21:57 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-12-29 19:21:53 ----D---- C:\Program Files\Movie Maker
2009-12-29 19:21:49 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-12-29 19:21:49 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-12-29 19:21:49 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-12-29 19:21:49 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-12-29 19:21:45 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-12-29 19:21:45 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-12-29 19:21:44 ----D---- C:\WINDOWS\system32\Restore
2009-12-29 19:21:44 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-12-29 19:21:44 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-12-29 19:21:44 ----A---- C:\WINDOWS\system32\srclient.dll
2009-12-29 19:21:43 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-12-29 19:21:43 ----A---- C:\WINDOWS\system32\msconf.dll
2009-12-29 19:21:43 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-12-29 19:21:43 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-12-29 19:21:43 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-12-29 19:21:43 ----A---- C:\WINDOWS\system32\ils.dll
2009-12-29 19:21:40 ----D---- C:\Program Files\NetMeeting
2009-12-29 19:21:40 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-12-29 19:21:40 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-12-29 19:21:39 ----A---- C:\WINDOWS\system32\inetres.dll
2009-12-29 19:21:39 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-12-29 19:21:36 ----D---- C:\Program Files\Outlook Express
2009-12-29 19:21:36 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-12-29 19:21:35 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-12-29 19:21:35 ----A---- C:\WINDOWS\system32\mstask.dll
2009-12-29 19:21:34 ----A---- C:\WINDOWS\system32\isign32.dll
2009-12-29 19:21:34 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-12-29 19:21:34 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-12-29 19:21:34 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-12-29 19:21:25 ----D---- C:\Program Files\Fichiers communs\System
2009-12-29 19:21:12 ----D---- C:\Program Files\Internet Explorer
2009-12-29 19:21:02 ----D---- C:\Program Files\ComPlus Applications
2009-12-29 19:21:00 ----A---- C:\WINDOWS\vbaddin.ini
2009-12-29 19:21:00 ----A---- C:\WINDOWS\vb.ini
2009-12-29 19:20:53 ----D---- C:\WINDOWS\Registration
2009-12-29 19:20:25 ----D---- C:\Program Files\Windows Media Player
2009-12-29 19:20:20 ----D---- C:\Program Files\Messenger
2009-12-29 19:20:16 ----D---- C:\Program Files\MSN Gaming Zone
2009-12-29 19:20:16 ----A---- C:\WINDOWS\system32\write.exe
2009-12-29 19:20:06 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-12-29 19:20:06 ----A---- C:\WINDOWS\system32\hticons.dll
2009-12-29 19:20:05 ----A---- C:\WINDOWS\system32\winchat.exe
2009-12-29 19:20:05 ----A---- C:\WINDOWS\system32\avwav.dll
2009-12-29 19:20:05 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-12-29 19:20:05 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-12-29 19:19:48 ----A---- C:\WINDOWS\system32\getuname.dll
2009-12-29 19:19:48 ----A---- C:\WINDOWS\system32\charmap.exe
2009-12-29 19:19:48 ----A---- C:\WINDOWS\system32\calc.exe
2009-12-29 19:19:47 ----A---- C:\WINDOWS\system32\winmine.exe
2009-12-29 19:19:47 ----A---- C:\WINDOWS\system32\sol.exe
2009-12-29 19:19:46 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-12-29 19:19:46 ----A---- C:\WINDOWS\system32\freecell.exe
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\tskill.exe
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\tscon.exe
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\shadow.exe
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\reset.exe
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\regini.exe
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-12-29 19:19:45 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-12-29 19:19:44 ----A---- C:\WINDOWS\system32\msg.exe
2009-12-29 19:19:44 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-12-29 19:19:44 ----A---- C:\WINDOWS\system32\logoff.exe
2009-12-29 19:19:44 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-12-29 19:19:43 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-12-29 19:19:43 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-12-29 19:19:43 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-12-29 19:19:43 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-12-29 19:19:43 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-12-29 19:19:43 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-12-29 19:19:42 ----A---- C:\WINDOWS\system32\stclient.dll
2009-12-29 19:19:42 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-12-29 19:19:36 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-12-29 19:18:59 ----D---- C:\Program Files\MSN
2009-12-29 19:18:57 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-12-29 19:18:57 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-12-29 19:18:48 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-12-29 19:18:48 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-12-29 19:18:46 ----D---- C:\Program Files\Windows NT
2009-12-29 19:18:46 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-12-29 19:18:46 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-12-29 19:18:44 ----A---- C:\WINDOWS\system32\spider.exe
2009-12-29 19:18:43 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-12-29 19:18:42 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-12-29 19:18:42 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-29 19:18:42 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-12-29 19:18:42 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-12-29 19:18:42 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-12-29 19:18:42 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-12-29 19:18:42 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-12-29 19:18:42 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-12-29 19:18:41 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-12-29 19:18:41 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-12-29 19:18:41 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-12-29 19:18:41 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-12-29 19:18:41 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-12-29 19:18:41 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-12-29 19:18:41 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-12-29 19:18:40 ----D---- C:\WINDOWS\system32\MsDtc
2009-12-29 19:18:40 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-12-29 19:18:40 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-12-29 19:18:40 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-12-29 19:18:39 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-12-29 19:18:39 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-12-29 19:18:38 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-12-29 19:18:38 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-12-29 19:18:36 ----D---- C:\WINDOWS\system32\Com
2009-12-29 19:18:36 ----A---- C:\WINDOWS\system32\colbact.dll
2009-12-29 19:18:36 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-12-29 19:18:36 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-12-29 19:18:36 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-12-29 19:18:35 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-12-29 19:18:34 ----A---- C:\WINDOWS\system32\comuid.dll
2009-12-29 19:18:34 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-12-29 19:18:34 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-12-29 19:18:03 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-12-29 19:18:03 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-12-29 19:18:03 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-12-29 19:18:02 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-12-29 18:27:43 ----A---- C:\WINDOWS\system32\usbui.dll
2009-12-29 18:26:44 ----SHD---- C:\WINDOWS\Installer
2009-12-29 18:26:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-29 18:26:43 ----D---- C:\Program Files\Fichiers communs\ODBC
2009-12-29 18:26:43 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-29 18:26:39 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2009-12-29 18:26:39 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-12-29 18:26:38 ----RD---- C:\Program Files
2009-12-29 18:26:38 ----D---- C:\Program Files\Fichiers communs
2009-12-29 18:26:36 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-12-29 18:26:36 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-12-29 18:26:36 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-12-29 18:26:34 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-12-29 18:26:34 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-12-29 18:26:34 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-12-29 18:26:34 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-12-29 18:26:34 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-12-29 18:26:34 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-12-29 18:26:34 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-12-29 18:26:34 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-12-29 18:26:34 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-12-29 18:26:34 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-12-29 18:26:34 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-12-29 18:26:34 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-12-29 18:26:32 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-12-29 18:26:32 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-12-29 18:26:32 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-12-29 18:26:32 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-12-29 18:26:32 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-12-29 18:26:32 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-12-29 18:26:32 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-12-29 18:26:31 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-12-29 18:26:31 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-12-29 18:26:31 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-12-29 18:26:31 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-12-29 18:26:31 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-12-29 18:26:29 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-12-29 18:26:27 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-29 18:26:27 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-29 18:26:27 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-12-29 18:26:27 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-12-29 18:26:27 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-12-29 18:26:25 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-12-29 18:26:25 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-12-29 18:26:24 ----A---- C:\WINDOWS\system32\batt.dll
2009-12-29 18:26:24 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-12-29 18:26:22 ----A---- C:\WINDOWS\system32\storprop.dll
2009-12-29 18:26:14 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-12-29 18:26:11 ----RA---- C:\WINDOWS\SET8.tmp
2009-12-29 18:26:08 ----RA---- C:\WINDOWS\SET4.tmp
2009-12-29 18:26:06 ----RA---- C:\WINDOWS\SET3.tmp
2009-12-29 18:26:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-29 18:26:00 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-29 18:25:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-29 18:25:22 ----D---- C:\Documents and Settings
2009-12-29 18:25:21 ----SHD---- C:\System Volume Information
2009-12-29 18:24:18 ----RSH---- C:\boot.ini
2009-12-29 18:14:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-29 18:14:51 ----RSD---- C:\WINDOWS\Fonts
2009-12-29 18:14:51 ----RD---- C:\WINDOWS\Web
2009-12-29 18:14:51 ----HD---- C:\WINDOWS\inf
2009-12-29 18:14:51 ----D---- C:\WINDOWS\WinSxS
2009-12-29 18:14:51 ----D---- C:\WINDOWS\twain_32
2009-12-29 18:14:51 ----D---- C:\WINDOWS\Temp
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\wins
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\wbem
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\usmt
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\spool
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\ShellExt
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\Setup
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\ras
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\oobe
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\npp
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\mui
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\IME
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\icsxml
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\ias
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\export
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\drivers
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\dhcp
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\config
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\3com_dmi
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\3076
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\2052
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\1054
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\1042
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\1041
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\1037
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\1036
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\1033
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\1031
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\1028
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32\1025
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system32
2009-12-29 18:14:51 ----D---- C:\WINDOWS\system
2009-12-29 18:14:51 ----D---- C:\WINDOWS\security
2009-12-29 18:14:51 ----D---- C:\WINDOWS\Resources
2009-12-29 18:14:51 ----D---- C:\WINDOWS\repair
2009-12-29 18:14:51 ----D---- C:\WINDOWS\Provisioning
2009-12-29 18:14:51 ----D---- C:\WINDOWS\PeerNet
2009-12-29 18:14:51 ----D---- C:\WINDOWS\pchealth
2009-12-29 18:14:51 ----D---- C:\WINDOWS\mui
2009-12-29 18:14:51 ----D---- C:\WINDOWS\msapps
2009-12-29 18:14:51 ----D---- C:\WINDOWS\msagent
2009-12-29 18:14:51 ----D---- C:\WINDOWS\Media
2009-12-29 18:14:51 ----D---- C:\WINDOWS\java
2009-12-29 18:14:51 ----D---- C:\WINDOWS\ime
2009-12-29 18:14:51 ----D---- C:\WINDOWS\Help
2009-12-29 18:14:51 ----D---- C:\WINDOWS\Driver Cache
2009-12-29 18:14:51 ----D---- C:\WINDOWS\Debug
2009-12-29 18:14:51 ----D---- C:\WINDOWS\Cursors
2009-12-29 18:14:51 ----D---- C:\WINDOWS\Connection Wizard
2009-12-29 18:14:51 ----D---- C:\WINDOWS\Config
2009-12-29 18:14:51 ----D---- C:\WINDOWS\AppPatch
2009-12-29 18:14:51 ----D---- C:\WINDOWS\addins
2009-12-29 18:14:51 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-12-29 19:24:13 ----A---- C:\WINDOWS\win.ini
2009-12-29 18:26:37 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-05 223616]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-03-22 13059]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-23 1273344]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-28 429184]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2004-12-23 1337850]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-12-23 55320]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-03-15 37760]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-03-15 346496]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-03-22 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-05 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-31 193056]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-23 162176]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-05 12416]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-22 703232]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-23 380928]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2004-12-23 254007]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 Iprip;Écouteur RIP; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
R2 SimpTcp;Services TCP/IP simplifiés; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-05 19456]
R2 SNMP;Service SNMP; C:\WINDOWS\System32\snmp.exe [2004-08-05 32768]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-05 19456]
S3 p2pgasvc;Authentification de groupe réseau homologue; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S3 p2psvc;Réseau homologue; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S3 PNRPSvc;Protocole de résolution de noms d'homologues; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S3 SNMPTRAP;Service d'interruption SNMP; C:\WINDOWS\System32\snmptrap.exe [2004-08-05 8704]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-01-01 22:13:13

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class ISPLAY -clean
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conexant AC-Link Audio-->CIAunwdm.exe
Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C\HXFSETUP.EXE -U -Icpl30855.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Quick Launch Buttons 6.30 J1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x040c -removeonly uninst
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C7A451815AD6A55564D6F47B5A12C61D8B4DCFD1\amdk8.inf
Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x40c REMOVE
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FF6F491D-BC82-4DCC-A72F-1824957C6466} /l1036
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

======System event log======

Computer Name: ALICE-F556AEA0A
Event Code: 15007
Message: La réservation de l'espace de nom identifié par le préfixe d'URL http://*:2869/ a été correctement ajoutée.

Record Number: 5
Source Name: HTTP
Time Written: 20091229192259.000000+060
Event Type: Informations
User:

Computer Name: ALICE-F556AEA0A
Event Code: 7
Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Record Number: 4
Source Name: Cdrom
Time Written: 20091229191817.000000+060
Event Type: erreur
User:

Computer Name: ALICE-F556AEA0A
Event Code: 6011
Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers ALICE-F556AEA0A.

Record Number: 3
Source Name: EventLog
Time Written: 20091229190231.000000+060
Event Type: Informations
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 2
Source Name: EventLog
Time Written: 20091229182528.000000+060
Event Type: Informations
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20091229182528.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: ALICE-F556AEA0A
Event Code: 1000
Message: Les compteurs de performances pour le service ContentIndex (ContentIndex) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20091229192027.000000+060
Event Type: Informations
User:

Computer Name: ALICE-F556AEA0A
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20091229192025.000000+060
Event Type: Informations
User:

Computer Name: ALICE-F556AEA0A
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20091229190317.000000+060
Event Type: Informations
User:

Computer Name: ALICE-F556AEA0A
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20091229190245.000000+060
Event Type: Informations
User:

Computer Name: ALICE-F556AEA0A
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20091229190244.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-02 20:03:00
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Alice\LOCALS~1\Temp\fgdyyfod.sys


---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] cdkhawopq <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\cdkhawopq@DisplayName Image Monitor
Reg HKLM\SYSTEM\CurrentControlSet\Services\cdkhawopq@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\cdkhawopq@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\cdkhawopq@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\cdkhawopq@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\cdkhawopq@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\cdkhawopq@Description Autorise le t?l?chargement et l?installation des mises ? jour de Windows. Si ce service est d?sactiv?, cet ordinateur ne pourra pas utiliser la fonctionnalit? Mises ? jour automatiques, ni acc?der au site Web Windows Update.
Reg HKLM\SYSTEM\CurrentControlSet\Services\cdkhawopq\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\cdkhawopq\Parameters@ServiceDll C:\WINDOWS\system32\phbwpzqk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\cdkhawopq@DisplayName Image Monitor
Reg HKLM\SYSTEM\ControlSet002\Services\cdkhawopq@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\cdkhawopq@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\cdkhawopq@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\cdkhawopq@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\cdkhawopq@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\cdkhawopq@Description Autorise le t?l?chargement et l?installation des mises ? jour de Windows. Si ce service est d?sactiv?, cet ordinateur ne pourra pas utiliser la fonctionnalit? Mises ? jour automatiques, ni acc?der au site Web Windows Update.
Reg HKLM\SYSTEM\ControlSet002\Services\cdkhawopq\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\cdkhawopq\Parameters@ServiceDll C:\WINDOWS\system32\phbwpzqk.dll

---- EOF - GMER 1.0.15 ----

ComboFix 10-01-02.01 - Alice 02/01/2010 22:33:51.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.640 [GMT 1:00]
Lancé depuis: c:\documents and settings\Alice\Mes documents\Téléchargements\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-02 au 2010-01-02 ))))))))))))))))))))))))))))))))))))
.

2010-01-02 13:25 . 2010-01-02 13:36 -------- d-----w- c:\documents and settings\Alice\Local Settings\Application Data\Temp
2010-01-02 13:25 . 2010-01-02 13:36 -------- d-----w- c:\documents and settings\Alice\Local Settings\Application Data\Google
2010-01-01 21:13 . 2010-01-01 21:13 -------- d-----w- C:\rsit
2010-01-01 02:56 . 2010-01-01 02:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-01 02:34 . 2010-01-01 02:34 -------- d-----w- c:\program files\Trend Micro
2010-01-01 02:29 . 2010-01-01 02:29 -------- d-sh--w- c:\documents and settings\Alice\IECompatCache
2010-01-01 02:28 . 2010-01-01 02:28 -------- d-sh--w- c:\documents and settings\Alice\PrivacIE
2010-01-01 02:27 . 2010-01-01 02:27 -------- d-sh--w- c:\documents and settings\Alice\IETldCache
2010-01-01 02:22 . 2010-01-01 02:23 -------- dc-h--w- c:\windows\ie8
2010-01-01 02:22 . 2010-01-01 02:23 -------- d-----w- c:\windows\system32\fr-FR
2010-01-01 02:08 . 2010-01-01 02:08 -------- d-----w- c:\program files\CCleaner
2009-12-31 22:21 . 2009-12-31 22:22 -------- d-----w- c:\windows\system32\URTTemp
2009-12-31 21:21 . 2009-12-31 21:21 -------- d-----w- c:\windows\system32\FxsTmp
2009-12-31 21:19 . 2009-12-31 21:20 -------- d-----w- c:\program files\ATI Technologies
2009-12-31 21:19 . 2004-08-03 23:54 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-12-31 21:19 . 2004-08-03 23:54 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-12-31 21:19 . 2004-08-03 22:15 145792 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2009-12-31 21:19 . 2004-08-03 22:15 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-12-31 21:19 . 2004-08-03 22:08 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-12-31 21:19 . 2004-08-03 22:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-12-31 21:14 . 2006-03-31 15:03 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2009-12-31 21:14 . 2009-12-31 21:14 -------- d-----w- c:\program files\Synaptics
2009-12-31 21:14 . 2006-03-31 15:06 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2009-12-31 21:14 . 2006-03-31 14:48 94298 ----a-w- c:\windows\system32\SynTPAPI.dll
2009-12-31 21:14 . 2006-03-31 14:47 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2009-12-31 21:14 . 2006-03-31 14:47 82013 ----a-w- c:\windows\system32\SynCOM.dll
2009-12-31 21:14 . 2006-03-31 14:41 193056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2009-12-31 21:14 . 2009-12-31 21:14 -------- d-----w- c:\documents and settings\Alice\Bluetooth Software
2009-12-31 21:14 . 2009-12-31 21:14 -------- d-----w- c:\program files\DIFX
2009-12-31 21:14 . 2009-12-31 21:14 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-31 21:14 . 2006-06-18 22:40 43520 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-12-31 21:13 . 2009-12-31 21:13 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-31 21:13 . 2007-06-18 15:12 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2009-12-31 21:13 . 2007-06-08 12:46 1560576 ----a-w- c:\windows\system32\BttnCmns_64.dll
2009-12-31 21:13 . 2006-11-02 05:09 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-12-31 21:13 . 2006-06-30 04:46 1560576 ----a-w- c:\windows\system32\BttnCmns.dll
2009-12-31 21:13 . 2005-10-31 13:30 987136 ----a-w- c:\windows\system32\BttnCmn.dll
2009-12-31 21:13 . 2009-12-31 21:13 -------- d-----w- c:\documents and settings\Alice\Application Data\InstallShield
2009-12-31 21:12 . 2009-12-31 21:12 -------- d-----w- c:\program files\WIDCOMM
2009-12-31 21:12 . 2009-12-31 21:12 -------- d-----w- c:\program files\CONEXANT
2009-12-31 21:12 . 2005-03-22 13:39 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2009-12-31 21:12 . 2005-03-22 13:39 13059 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2009-12-31 21:12 . 2005-03-22 13:39 200192 ----a-w- c:\windows\system32\drivers\HSFHWATI.sys
2009-12-31 21:12 . 2005-03-22 13:39 39018 ----a-w- c:\windows\system32\hsfci012.dll
2009-12-31 21:12 . 2005-03-22 13:39 1038208 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2009-12-31 21:12 . 2005-03-22 13:39 703232 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2009-12-31 21:03 . 2009-12-31 21:19 -------- d-----w- C:\SWSetup
2009-12-31 20:49 . 2009-12-31 20:49 0 ----a-w- c:\windows\nsreg.dat
2009-12-31 20:49 . 2009-12-31 20:49 -------- d-----w- c:\documents and settings\Alice\Local Settings\Application Data\Mozilla
2009-12-31 20:48 . 2004-08-05 11:00 452096 -c--a-w- c:\windows\system32\dllcache\fxsapi.dll
2009-12-31 20:48 . 2004-08-05 11:00 452096 ----a-w- c:\windows\system32\fxsapi.dll
2009-12-31 20:47 . 2009-08-06 18:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-31 20:45 . 2009-12-31 20:45 -------- d-sh--w- c:\documents and settings\Alice\UserData
2009-12-31 20:43 . 2009-12-31 20:43 12328 ----a-w- c:\documents and settings\Alice\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 18:58 . 2004-08-05 11:00 64922 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-02 18:58 . 2004-08-05 11:00 447222 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-01 20:50 . 2009-12-29 18:23 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-31 21:20 . 2009-12-31 21:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 21:14 . 2009-12-31 21:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-12-31 21:14 . 2009-12-31 21:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-31 21:11 . 2009-12-31 21:03 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-12-31 21:03 . 2009-12-31 21:03 -------- d-----w- c:\program files\Broadcom
2009-12-29 18:24 . 2009-12-29 18:24 -------- d-----w- c:\program files\microsoft frontpage
2009-12-29 18:22 . 2009-12-29 18:22 -------- d-----w- c:\program files\Services en ligne
2009-12-29 18:21 . 2009-12-29 18:21 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2004-08-05 11:00 . 2004-08-05 11:00 156691 --sha-r- c:\windows\system32\phbwpzqk.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Alice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-02 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-12-23 569405]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP rotocole PNRP (Peer Name Resolution Protocol)
"5576:TCP"= 5576:TCP:xvgljor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [31/12/2009 22:12 200192]
S2 cdkhawopq;Image Monitor;c:\windows\system32\svchost.exe -k netsvcs [05/08/2004 12:00 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
cdkhawopq
.
Contenu du dossier 'Tâches planifiées'

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-308236825-839522115-1004Core.job
- c:\documents and settings\Alice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-02 13:25]

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-308236825-839522115-1004UA.job
- c:\documents and settings\Alice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-02 13:25]

2010-01-02 c:\windows\Tasks\User_Feed_Synchronization-{6E4232FE-DA2B-4A0C-9CB1-171CFFFF0FC4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
FF - ProfilePath - c:\documents and settings\Alice\Application Data\Mozilla\Firefox\Profiles\mwrvnkf0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\documents and settings\Alice\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 22:37
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdkhawopq]
"ServiceDll"="c:\windows\system32\phbwpzqk.dll"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3236)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
.
**************************************************************************
.
Heure de fin: 2010-01-02 22:39:28 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-02 21:39

Avant-CF: 95 242 354 688 octets libres
Après-CF: 95 187 312 640 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 9C1364909BA1E6EF062F6618D6C9DB9F

ComboFix 10-01-02.01 - Alice 03/01/2010 2:05.3.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1022.632 [GMT 1:00]
Lancé depuis: c:\documents and settings\Alice\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Alice\Mes documents\Téléchargements\CFScript.txt

FILE ::
"c:\windows\system32\phbwpzqk.dll"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\phbwpzqk.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDKHAWOPQ
-------\Service_cdkhawopq


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-03 au 2010-01-03 ))))))))))))))))))))))))))))))))))))
.

2010-01-02 22:41 . 2010-01-02 22:41 -------- d-----w- c:\program files\Unlocker
2010-01-02 13:25 . 2010-01-02 13:36 -------- d-----w- c:\documents and settings\Alice\Local Settings\Application Data\Temp
2010-01-02 13:25 . 2010-01-02 13:36 -------- d-----w- c:\documents and settings\Alice\Local Settings\Application Data\Google
2010-01-01 21:13 . 2010-01-01 21:13 -------- d-----w- C:\rsit
2010-01-01 02:56 . 2010-01-01 02:56 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-01 02:34 . 2010-01-01 02:34 -------- d-----w- c:\program files\Trend Micro
2010-01-01 02:29 . 2010-01-01 02:29 -------- d-sh--w- c:\documents and settings\Alice\IECompatCache
2010-01-01 02:28 . 2010-01-01 02:28 -------- d-sh--w- c:\documents and settings\Alice\PrivacIE
2010-01-01 02:27 . 2010-01-01 02:27 -------- d-sh--w- c:\documents and settings\Alice\IETldCache
2010-01-01 02:22 . 2010-01-01 02:23 -------- dc-h--w- c:\windows\ie8
2010-01-01 02:22 . 2010-01-01 02:23 -------- d-----w- c:\windows\system32\fr-FR
2010-01-01 02:08 . 2010-01-01 02:08 -------- d-----w- c:\program files\CCleaner
2009-12-31 22:21 . 2009-12-31 22:22 -------- d-----w- c:\windows\system32\URTTemp
2009-12-31 21:21 . 2009-12-31 21:21 -------- d-----w- c:\windows\system32\FxsTmp
2009-12-31 21:19 . 2009-12-31 21:20 -------- d-----w- c:\program files\ATI Technologies
2009-12-31 21:19 . 2004-08-03 23:54 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2009-12-31 21:19 . 2004-08-03 23:54 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-12-31 21:19 . 2004-08-03 22:15 145792 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2009-12-31 21:19 . 2004-08-03 22:15 145792 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-12-31 21:19 . 2004-08-03 22:08 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2009-12-31 21:19 . 2004-08-03 22:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys
2009-12-31 21:14 . 2006-03-31 15:03 69722 ----a-w- c:\windows\system32\SynTPFcs.dll
2009-12-31 21:14 . 2009-12-31 21:14 -------- d-----w- c:\program files\Synaptics
2009-12-31 21:14 . 2006-03-31 15:06 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2009-12-31 21:14 . 2006-03-31 14:48 94298 ----a-w- c:\windows\system32\SynTPAPI.dll
2009-12-31 21:14 . 2006-03-31 14:47 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2009-12-31 21:14 . 2006-03-31 14:47 82013 ----a-w- c:\windows\system32\SynCOM.dll
2009-12-31 21:14 . 2006-03-31 14:41 193056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2009-12-31 21:14 . 2009-12-31 21:14 -------- d-----w- c:\documents and settings\Alice\Bluetooth Software
2009-12-31 21:14 . 2009-12-31 21:14 -------- d-----w- c:\program files\DIFX
2009-12-31 21:14 . 2009-12-31 21:14 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-31 21:14 . 2006-06-18 22:40 43520 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-12-31 21:13 . 2009-12-31 21:13 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-31 21:13 . 2007-06-18 15:12 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2009-12-31 21:13 . 2007-06-08 12:46 1560576 ----a-w- c:\windows\system32\BttnCmns_64.dll
2009-12-31 21:13 . 2006-11-02 05:09 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-12-31 21:13 . 2006-06-30 04:46 1560576 ----a-w- c:\windows\system32\BttnCmns.dll

2009-12-31 21:13 . 2005-10-31 13:30 987136 ----a-w- c:\windows\system32\BttnCmn.dll
2009-12-31 21:13 . 2009-12-31 21:13 -------- d-----w- c:\documents and settings\Alice\Application Data\InstallShield
2009-12-31 21:12 . 2009-12-31 21:12 -------- d-----w- c:\program files\WIDCOMM
2009-12-31 21:12 . 2009-12-31 21:12 -------- d-----w- c:\program files\CONEXANT
2009-12-31 21:12 . 2005-03-22 13:39 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2009-12-31 21:12 . 2005-03-22 13:39 13059 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2009-12-31 21:12 . 2005-03-22 13:39 200192 ----a-w- c:\windows\system32\drivers\HSFHWATI.sys
2009-12-31 21:12 . 2005-03-22 13:39 39018 ----a-w- c:\windows\system32\hsfci012.dll
2009-12-31 21:12 . 2005-03-22 13:39 1038208 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2009-12-31 21:12 . 2005-03-22 13:39 703232 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2009-12-31 21:03 . 2009-12-31 21:19 -------- d-----w- C:\SWSetup
2009-12-31 20:49 . 2009-12-31 20:49 0 ----a-w- c:\windows\nsreg.dat
2009-12-31 20:49 . 2009-12-31 20:49 -------- d-----w- c:\documents and settings\Alice\Local Settings\Application Data\Mozilla
2009-12-31 20:48 . 2004-08-05 11:00 452096 -c--a-w- c:\windows\system32\dllcache\fxsapi.dll
2009-12-31 20:48 . 2004-08-05 11:00 452096 ----a-w- c:\windows\system32\fxsapi.dll
2009-12-31 20:47 . 2009-08-06 18:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-31 20:45 . 2009-12-31 20:45 -------- d-sh--w- c:\documents and settings\Alice\UserData
2009-12-31 20:43 . 2009-12-31 20:43 12328 ----a-w- c:\documents and settings\Alice\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 22:49 . 2004-08-05 11:00 64922 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-02 22:49 . 2004-08-05 11:00 447222 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-01 20:50 . 2009-12-29 18:23 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-31 21:20 . 2009-12-31 21:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-31 21:14 . 2009-12-31 21:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-12-31 21:14 . 2009-12-31 21:14 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-31 21:11 . 2009-12-31 21:03 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-12-31 21:03 . 2009-12-31 21:03 -------- d-----w- c:\program files\Broadcom
2009-12-29 18:24 . 2009-12-29 18:24 -------- d-----w- c:\program files\microsoft frontpage
2009-12-29 18:22 . 2009-12-29 18:22 -------- d-----w- c:\program files\Services en ligne
2009-12-29 18:21 . 2009-12-29 18:21 21892 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-01-02_21.37.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-03 01:08 . 2010-01-03 01:08 16384 c:\windows\temp\Perflib_Perfdata_7dc.dat
+ 2004-08-05 11:00 . 2010-01-02 22:49 53770 c:\windows\system32\perfc009.dat
- 2004-08-05 11:00 . 2010-01-02 18:58 53770 c:\windows\system32\perfc009.dat
+ 2004-08-05 11:00 . 2010-01-02 22:49 382026 c:\windows\system32\perfh009.dat
- 2004-08-05 11:00 . 2010-01-02 18:58 382026 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Alice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-02 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-12-23 569405]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP rotocole PNRP (Peer Name Resolution Protocol)
"5576:TCP"= 5576:TCP:xvgljor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [31/12/2009 22:12 200192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-308236825-839522115-1004Core.job
- c:\documents and settings\Alice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-02 13:25]

2010-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-308236825-839522115-1004UA.job
- c:\documents and settings\Alice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-02 13:25]

2010-01-02 c:\windows\Tasks\User_Feed_Synchronization-{6E4232FE-DA2B-4A0C-9CB1-171CFFFF0FC4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
FF - ProfilePath - c:\documents and settings\Alice\Application Data\Mozilla\Firefox\Profiles\mwrvnkf0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\documents and settings\Alice\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-03 02:08
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2140)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
c:\windows\SoftwareDistribution\Download\554b02f9a03c5ae1df2f82ce723146ca\update\update.exe
.
**************************************************************************
.
Heure de fin: 2010-01-03 02:10:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-03 01:10
ComboFix2.txt 2010-01-02 22:50
ComboFix3.txt 2010-01-02 21:39

Avant-CF: 95 173 795 840 octets libres
Après-CF: 95 141 249 024 octets libres

- - End Of File - - 173951632F480E2CA617256A81AC3AD0

PS: le PC peut griller, s'pas le mien c'est celui d'Alice  

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-03 17:33:57
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Alice\LOCALS~1\Temp\fgdyyfod.sys


---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] plcbowv <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\plcbowv@DisplayName Server Network
Reg HKLM\SYSTEM\CurrentControlSet\Services\plcbowv@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\plcbowv@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\plcbowv@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\plcbowv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\plcbowv@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\plcbowv@Description Vous permet d'envoyer et de recevoir des t?l?copies, d'utiliser les ressources de t?l?copie disponibles sur cet ordinateur ou le r?seau.
Reg HKLM\SYSTEM\CurrentControlSet\Services\plcbowv\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\plcbowv\Parameters@ServiceDll C:\WINDOWS\system32\phbwpzqk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\plcbowv@DisplayName Server Network
Reg HKLM\SYSTEM\ControlSet002\Services\plcbowv@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\plcbowv@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\plcbowv@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\plcbowv@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\plcbowv@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\plcbowv@Description Vous permet d'envoyer et de recevoir des t?l?copies, d'utiliser les ressources de t?l?copie disponibles sur cet ordinateur ou le r?seau.
Reg HKLM\SYSTEM\ControlSet002\Services\plcbowv\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\plcbowv\Parameters@ServiceDll C:\WINDOWS\system32\phbwpzqk.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup@LogLevel 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\dllcache\msdtcprx.dll (size mismatch) 426496/428032 bytes executable
File C:\WINDOWS\system32\dllcache\msdtctm.dll (size mismatch) 956416/956928 bytes executable
File C:\WINDOWS\system32\dllcache\msdtcuiu.dll (size mismatch) 161280/161792 bytes executable
File C:\WINDOWS\system32\dllcache\kernel32.dll (size mismatch) 1051136/1048576 bytes executable
File C:\WINDOWS\system32\spmsg.dll (size mismatch) 16928/18296 bytes executable
File C:\WINDOWS\system32\kernel32.dll (size mismatch) 1051136/1048576 bytes executable
File C:\WINDOWS\system32\_000006_.tmp.dll 344576 bytes executable
File C:\WINDOWS\system32\_000007_.tmp.dll 1048576 bytes executable
File C:\WINDOWS\system32\SET105.tmp 350208 bytes executable
File C:\WINDOWS\system32\SET39.tmp 351232 bytes executable
File C:\WINDOWS\system32\SET40.tmp 55808 bytes executable
File C:\WINDOWS\system32\SETF7.tmp 584192 bytes executable
File C:\WINDOWS\system32\SETF8.tmp 370176 bytes executable
File C:\WINDOWS\Installer\MSI11F.tmp 0 bytes
File C:\WINDOWS\KB954154.log 4171 bytes
File C:\WINDOWS\KB960803.log 12373 bytes
File C:\WINDOWS\KB963093.log 11989 bytes
File C:\WINDOWS\$NtUninstallKB929399$ 0 bytes
File C:\WINDOWS\$NtUninstallKB929399$\msscp.dll 414208 bytes executable
File C:\WINDOWS\$NtUninstallKB929399$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe 213216 bytes executable
File C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.inf 9692 bytes
File C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.txt 301 bytes
File C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll 371424 bytes executable
File C:\WINDOWS\$NtUninstallKB952004$ 0 bytes
File C:\WINDOWS\$NtUninstallKB952004$\msdtclog.dll 58880 bytes executable
File C:\WINDOWS\$NtUninstallKB952004$\msdtcprx.dll 426496 bytes executable
File C:\WINDOWS\$NtUninstallKB952004$\msdtctm.dll 956416 bytes executable
File C:\WINDOWS\$NtUninstallKB952004$\msdtcuiu.dll 161280 bytes executable
File C:\WINDOWS\$NtUninstallKB952004$\mtxclu.dll 66560 bytes executable
File C:\WINDOWS\$NtUninstallKB952004$\mtxoci.dll 91136 bytes executable
File C:\WINDOWS\$NtUninstallKB952004$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe 234872 bytes executable
File C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.inf 13135 bytes
File C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.txt 2259 bytes
File C:\WINDOWS\$NtUninstallKB952004$\spuninst\updspapi.dll 406392 bytes executable
File C:\WINDOWS\$NtUninstallKB954154_WM11$ 0 bytes
File C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe 234872 bytes executable
File C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.inf 9228 bytes
File C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.txt 232 bytes
File C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\$NtUninstallKB954154_WM11$\wmpeffects.dll 295936 bytes executable
File C:\WINDOWS\$NtUninstallKB959426$ 0 bytes
File C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll 1048576 bytes executable
File C:\WINDOWS\$NtUninstallKB959426$\secur32.dll 55808 bytes executable
File C:\WINDOWS\$NtUninstallKB959426$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe 234872 bytes executable
File C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.inf 11297 bytes
File C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.txt 839 bytes
File C:\WINDOWS\$NtUninstallKB959426$\spuninst\updspapi.dll 406392 bytes executable
File C:\WINDOWS\$NtUninstallKB960803$ 0 bytes
File C:\WINDOWS\$NtUninstallKB960803$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe 234872 bytes executable
File C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.inf 10524 bytes
File C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.txt 477 bytes
File C:\WINDOWS\$NtUninstallKB960803$\spuninst\updspapi.dll 406392 bytes executable
File C:\WINDOWS\$NtUninstallKB960803$\winhttp.dll 351232 bytes executable
File C:\WINDOWS\$NtUninstallKB961501$ 0 bytes
File C:\WINDOWS\$NtUninstallKB961501$\localspl.dll 344576 bytes executable
File C:\WINDOWS\$NtUninstallKB961501$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe 234872 bytes executable
File C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.inf 10668 bytes
File C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.txt 484 bytes
File C:\WINDOWS\$NtUninstallKB961501$\spuninst\updspapi.dll 406392 bytes executable
File C:\WINDOWS\$NtUninstallKB963093$ 0 bytes
File C:\WINDOWS\$NtUninstallKB963093$\mapine.dll 275456 bytes executable
File C:\WINDOWS\$NtUninstallKB963093$\msnlext.dll 595456 bytes executable
File C:\WINDOWS\$NtUninstallKB963093$\msnlnamespacemgr.dll 304128 bytes executable
File C:\WINDOWS\$NtUninstallKB963093$\mssph.dll 350208 bytes executable
File C:\WINDOWS\$NtUninstallKB963093$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe 231456 bytes executable
File C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.inf 10024 bytes
File C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.txt 550 bytes
File C:\WINDOWS\$NtUninstallKB963093$\spuninst\updspapi.dll 382496 bytes executable
File C:\WINDOWS\$NtUninstallKB970238$ 0 bytes
File C:\WINDOWS\$NtUninstallKB970238$\reg00001 32768 bytes
File C:\WINDOWS\$NtUninstallKB970238$\rpcrt4.dll 581120 bytes executable
File C:\WINDOWS\$NtUninstallKB970238$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe 234872 bytes executable
File C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.inf 11001 bytes
File C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.txt 618 bytes
File C:\WINDOWS\$NtUninstallKB970238$\spuninst\updspapi.dll 406392 bytes executable
File C:\WINDOWS\$NtUninstallKB970238$\xpsp3res.dll 370176 bytes executable
File C:\WINDOWS\$NtUninstallWIC$ 0 bytes

---- EOF - GMER 1.0.15 ----

Killall::
Driver::
fyeyb
NetSvc::
fyeyb
File::
C:\WINDOWS\system32\pkjimo.dll

KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, January 4, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, January 04, 2010 01:27:54
Records in database: 3364244
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Objects scanned 27772
Threats found 1
Infected objects found 2
Suspicious objects found 0
Scan duration 00:50:15

File name Threat Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\_phbwpzqk_.dll.zip Infected: Net-Worm.Win32.Kido.ih 2
Selected area has been scanned.

quels logiciels peuvent m'eviter ca genre de merdouille ? Antivirus, firewall, ... ?

- quel est le bon antivirus gratuit en ce moment ?

- des ordinateurs en reseau mais qui n'echangent pas de documents, qui sont juste sur le reseau peuvent ils etre tous infectes ?
Parce que j'ai au bas mot 8 PC en reseau Wifi et j'aimerais savoir si je dois tous les tester....  

- est ce que c'est possible d'identifier la source de l'infection ?