Forum Clubic

Problème de messagerie MSN

bonjour, depuis plusieurs semaines, ma messagerie hotmail envoie des mails à mes contacts provenant de :frowning:asff2889ryqsuxhpam@hotmail.com) et se faisant passer pour ebay…comment faire pour arrêter ça sans changer de messagerie afin d’éviter de perdre mon adresse…est ce un virus?une personne qui a piraté mon compte? ou autre chose d’inconnu pour moi, de ce vaste monde qu’est internet…:-)) Merci beaucoup de votre aide tant attendue. B.soirée.
Message edité le 15/01/2008 à 10:32

scan ton pc avec ton anti-virus
sinon contacte le problème à hotmail

pas un virus, mais plutot un trojan…

telecharge spybotSD… www.clubic.com…
maj, vaccination et scan

et surout dans ton logiciel de messagerie active “me prévenir si d’autres envoient des emaisl dans mon autorisation” qqes chose comme ca… a voir dans les parametres de sécurité.

a+
Edité le 12/01/2008 à 23:08

j’ai déjà envoyé un message à hotmail qui ne m’a pas répondu…et comme je n’attends pas de réponse de leur part avant 2012, je préfère solliciter votre aide…:slight_smile:
qqun serait près à m’aider en me guidant un peu? je maitrise un peu mais pas tout a fait…:slight_smile:

MERCI MERCI

tu as suivi ma procedure ?
a+

j’ai Anti vir, zone alarm et AVG anti spyware.
j’ai aussi a-squared, ad-adware, cc-cleaner, hijackthis, spybot et tools cleaner qui sont déjà sur mon ordi.
je vais faire un ptit scan de spybot, ça fera pas de mal j’imagine…
et à propos de la messagerie, j’ai bloqué l’expéditeur, mais ca ne l’empeche pas d’envoyer des trucs qd meme…!
Edité le 12/01/2008 à 23:38

fait le scan spybot et maj et vaccine, dans 99.9 % des cas le prob est réglé…

a+

t’as mis résolu un peu vite dis donc…!!

Non Laure2264, je n’ai pas la possibilité de mettre un résolu sur ton post… il n’y a que Toi…?

mais peu importe… je suis là… si tu veux …pour résoudre ton post
a+

ahhh accepte mes plates excuses…! je sais meme pas sur quoi je clique…dslée.
j’attends que spybot finisse (plus que 1/4) il a trouvé pour l’instant deux trucs qu’il a mis en rouge, je soupçonne donc que c’est pas très bon :slight_smile: . Je te poste le rapport qd c’est fini?


j'ai une ptite question sinon..je viens de voir dans la partie message indésirable de hotmail: "signaler comme tentative de hameçonnage". Tu sais ce que ça veut dire?

Quand il à fini tu clic sur corriger les problemes, tu refait autant de scan qu’il faut
jusqu’a ce que tu es la fameuse phrase “félicitations etc…”)

fait bien les maj et surtout vaccination…

je ne sais pas si je serais encore là ce soir, mais post et demain je reprends le post…

Pas de prob pour ta mauvaise manip… il ne me reste plus qu’à la mériter…:slight_smile:


message indesirable: oui peut etre un site web frauduleux...tu peux valider l'action....

regarde ici:
fr.wikipedia.org…

a+
Edité le 13/01/2008 à 00:32

merci. On continue demain, pas de pb. T’as un défi à relever…:super:

bonne soirée

désolée, je n’ai pas été sur internet hier…je te poste le rapport de quoi? tu veux hijackthis? (j’ai fait et refait spybot jusqu’a ce qu’il me félicite…:slight_smile: mais je n’ai pas le rapport.

salut,

spybot est terminé et tout est propre ?

telecharche hijackthis, fais un scan & log et post le log de hijackthis

a+

Aussitôt dit, aussitôt fait…avec qqes heures de décalage…:slight_smile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:34, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.01net.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.01net.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM…\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM…\Run: [UpdateManager] “C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - support.f-secure.com…
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - download.playfirst.com…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - […](file:///C:/Documents%20and%20Settings/ninou/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2_fr.1.0.0.70.cab)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - download.playfirst.com…
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com…
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - game06.zylom.com…
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - jeuxenligne.orange.fr…
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - download.playfirst.com…
O17 - HKLM\System\CCS\Services\Tcpip…{9B041F39-8361-474E-B06C-1232F0ECAB7C}: NameServer = 80.10.246.1,80.10.246.132
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of file - 10275 bytes

message recu je regarde
a+


fixes les lignes suivantes:

O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - download.playfirst.com
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - …
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - download.playfirst.com
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - download.playfirst.com

redemarre en mode sans sans echec, spybotn antivirus et reboot et ressai
a+

alors je viens de fixer les trucs, et je vais incessamment sous peu redémarrer en mode sans échec, donc si ca ne marche plus, je te dis adieu (j’aurai plus internet…):wink:

une ptite question, (parce que j’essaye de comprendre qd meme), ça fait quoi de fixer les lignes? ca les efface? (merci des explications en plus de l’aide. C’est gentil)

fixer les lignes, evite au prochain redemarrage qu’elles se “fixe en memoires” et permet un scan antispyware et antivirus
pour les éliminer sans mal… (en gros … bien sur)

a+

merci de la réponse. je te poste le rapport de antivir et de spybot et de hijackthis: (je suis pas sure de pouvoir revenir sur internet après donc la suite demain??)

— Search result list —
Félicitations!: Aucun mouchard n’a été trouvé. ()

— Spybot - Search & Destroy version: 1.5 (build: 20070830) —

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2008-01-04 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2003-10-03 framedyn.dll (5.1.2600.0)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2008-01-09 Includes\Cookies.sbi ()
2007-12-26 Includes\Dialer.sbi (
)
2008-01-09 Includes\DialerC.sbi ()
2008-01-09 Includes\HeavyDuty.sbi (
)
2007-12-26 Includes\Hijackers.sbi ()
2008-01-09 Includes\HijackersC.sbi (
)
2007-10-04 Includes\Keyloggers.sbi ()
2008-01-09 Includes\KeyloggersC.sbi (
)
2008-01-09 Includes\Malware.sbi ()
2008-01-09 Includes\MalwareC.sbi (
)
2007-10-24 Includes\PUPS.sbi ()
2008-01-09 Includes\PUPSC.sbi (
)
2008-01-09 Includes\Revision.sbi ()
2008-01-09 Includes\Security.sbi (
)
2008-01-09 Includes\SecurityC.sbi ()
2007-11-07 Includes\Spybots.sbi (
)
2008-01-09 Includes\SpybotsC.sbi ()
2007-11-06 Includes\Tracks.uti
2007-12-12 Includes\Trojans.sbi (
)
2008-01-09 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

— System information —
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ DataAccess: Security Update for Microsoft Data Access Components
/ Internet Explorer 6 / SP1: Correctif Windows XP - KB918439
/ Internet Explorer 6 / SP1: Correctif Windows XP - KB918899
/ Internet Explorer 6 / SP1: Correctif Windows XP - KB925486
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Outlook Express 6 / SP1: Correctif Windows XP - KB911567
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 11: Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
/ Windows Media Player 11: Correctif pour Lecteur Windows Media 11 (KB939683)
/ Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
/ Windows Media Player 9: Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
/ Windows XP: Mise à jour de sécurité pour Windows XP (KB923689)
/ Windows XP: Mise à jour de sécurité pour Windows XP (KB941569)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Correctif Windows XP - KB873339
/ Windows XP / SP3: Correctif Windows XP - KB885835
/ Windows XP / SP3: Correctif Windows XP - KB885836
/ Windows XP / SP3: Correctif Windows XP - KB886185
/ Windows XP / SP3: Correctif Windows XP - KB887472
/ Windows XP / SP3: Correctif Windows XP - KB888302
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB890046)
/ Windows XP / SP3: Correctif Windows XP - KB890859
/ Windows XP / SP3: Correctif Windows XP - KB891781
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896358)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896423)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896424)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896428)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899587)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899591)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB900485)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB900725)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901017)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901214)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB902400)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB904706)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB904942)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905414)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905749)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB908519)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB908531)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB910437)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB911280)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911562)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911927)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB912919)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB913580)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914388)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914389)
/ Windows XP / SP3: Correctif pour Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB916595)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917344)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917422)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917953)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB918118)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB919007)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920213)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920670)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920683)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920685)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB920872)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921398)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921503)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921883)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB922582)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922616)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922819)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923191)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923414)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923694)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923980)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924191)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924270)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924496)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924667)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB926255)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB926436)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB927779)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB927802)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB927891)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB928090)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB928255)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB928843)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB929123)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB929338)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB929969)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB930178)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB930916)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB931261)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB931784)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB931836)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB932168)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB933360)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB933566)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB933729)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB935839)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB935840)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB936021)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB938828)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB938829)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB941202)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB941568)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB941644)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB942763)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB943460)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB943485)
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB944653)

— Startup entries list —
Located: HK_LM:Run, !AVG Anti-Spyware
command: “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
size: 6731312
MD5: CC6BC45DD5A58158645E7FB2953604FE

Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88363
MD5: A7DE471B5403DBF8AFA4138A92B8012F

Located: HK_LM:Run, Apoint
command: C:\Program Files\Apoint2K\Apoint.exe
file: C:\Program Files\Apoint2K\Apoint.exe
size: 159744
MD5: 45A55108FC51F9A54FDCF3B07A8A3AFC

Located: HK_LM:Run, avgnt
command: “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min
file: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
size: 327720
MD5: FFC52645CA868E6FE125EB14018E2166

Located: HK_LM:Run, Cpqset
command: C:\Program Files\HPQ\Default Settings\cpqset.exe
file: C:\Program Files\HPQ\Default Settings\cpqset.exe
size: 200766
MD5: C76D192FB605168E8050B450D143A6A8

Located: HK_LM:Run, eabconfg.cpl
command: C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
file: C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
size: 245760
MD5: E2BBBB295820FECB0146EBC1431C5DB6

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1490944
MD5: 969F1A9E2AC00EFD755E713376EAE533

Located: HK_LM:Run, QuickTime Task
command: “C:\Program Files\QuickTime\qttask.exe” -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 9B4C1812595C389AB9CCF1FF3B315248

Located: HK_LM:Run, SunJavaUpdateSched
command: “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
file: C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896E712A34D654A337C8CBB9DEB07200

Located: HK_LM:Run, UpdateManager
command: “C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe” /r
file: C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
size: 110592
MD5: 22FD4E58D69969A9165721C797D54931

Located: HK_LM:Run, ZoneAlarm Client
command: “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 7462B3864DA32E6B3D1EF0524E663A23

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT…
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, DWQueuedReporting
where: .DEFAULT…
command: “C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe” -t
file: C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
size: 36040
MD5: 34125F1CA24B978DF64AD98A1A0121E6

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20…
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1085031214-515967899-839522115-1004…
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, swg
where: S-1-5-21-1085031214-515967899-839522115-1004…
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18…
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, DWQueuedReporting
where: S-1-5-18…
command: “C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe” -t
file: C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe
size: 36040
MD5: 34125F1CA24B978DF64AD98A1A0121E6

Located: Démarrage (désactivé), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
size: 210520
MD5: F14219FC767F1383526AB423F278A8E3

Located: Démarrage (désactivé), Microsoft Office (DISABLED)
command: C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l
file: C:\PROGRA~1\MICROS~2\Office\OSA9.EXE
size: 65588
MD5: 36BF1DDD46FAA78FE59DDB4F98CDEC12

Located: Démarrage (désactivé), Outil de mise à jour Google (DISABLED)
command: C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -systray -startup
file: C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE
size: 124400
MD5: D5CBD60C6863D68D61A4205429594AF9

Located: Démarrage (désactivé), WinZip Quick Pick (DISABLED)
command: C:\PROGRA~1\WinZip\WZQKPICK.EXE
file: C:\PROGRA~1\WinZip\WZQKPICK.EXE
size: 394856
MD5: 6D23B8CB307E455428A778535BE6E6D9

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

— Browser helper object list —
{0347C33E-8762-4905-BF09-768834316C61} (HP Print Enhancer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name: HP Print Enhancer
Path: C:\Program Files\HP\Smart Web Printing
Long name: hpswp_printenhancer.dll
Short name: HPSWP_~1.DLL
Date (created): 02/03/2007 16:52:24
Date (last access): 14/01/2008 21:05:08
Date (last write): 02/03/2007 16:52:24
Filesize: 1298024
Attributes: readonly archive
MD5: 1062E80907867BFC14EB844241391331
CRC32: 4B194A34
Version: 2.15.7.0

{053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name: HP Print Clips
Path: C:\Program Files\HP\Smart Web Printing
Long name: hpswp_framework.dll
Short name: HPSWP_~4.DLL
Date (created): 02/03/2007 16:52:08
Date (last access): 14/01/2008 21:05:08
Date (last write): 02/03/2007 16:52:08
Filesize: 177768
Attributes: readonly archive
MD5: A40456DE4EF7E318104955361C72AC9D
CRC32: 6F06AAE2
Version: 2.15.7.0

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx
AcroIEhelper.dll
info link: www.adobe.com…
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 03/11/2003 13:17:44
Date (last access): 14/01/2008 21:37:16
Date (last write): 03/11/2003 13:17:44
Filesize: 54248
Attributes: archive
MD5: FC7850324464E4D19A24A03D882B5CC4
CRC32: 452E8571
Version: 6.0.1.1091

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: spybot.eon.net.au…
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1
Long name: SDHelper.dll
Short name:
Date (created): 04/01/2008 21:00:34
Date (last access): 14/01/2008 22:05:36
Date (last write): 31/08/2007 16:46:14
Filesize: 1122128
Attributes: archive
MD5: B8958471DAA4481E93B03DF8F991DD6E
CRC32: 35E35F14
Version: 1.5.0.8

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_02\bin
Long name: ssv.dll
Short name:
Date (created): 27/07/2007 22:49:42
Date (last access): 14/01/2008 21:05:08
Date (last write): 12/07/2007 03:00:36
Filesize: 501136
Attributes: archive
MD5: D6137540BDF0F9F9B9055C60ADD8007A
CRC32: 29E910AF
Version: 6.0.20.6

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d’aide de l’Assistant de connexion Windows Live)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name: Programme d’aide de l’Assistant de connexion Windows Live
Path: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 20/09/2007 10:30:18
Date (last access): 14/01/2008 21:05:10
Date (last write): 20/09/2007 10:30:18
Filesize: 328752
Attributes: archive
MD5: 59CF5BF6684AFCF906CADAD39B4214DE
CRC32: C363813C
Version: 4.200.520.1

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll
googletoolbar*.dll
(* = number)
googletoolbar_en_.**-big.dll
Googletoolbar_en_
.*.**-deleon.dll
info link: toolbar.google.com…
info source: TonyKlein
Path: c:\program files\google
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 12/01/2008 14:57:28
Date (last access): 14/01/2008 21:10:36
Date (last write): 12/01/2008 14:57:28
Filesize: 2436160
Attributes: readonly archive
MD5: 6D44E0C3B43D27484FBB355E470C4188
CRC32: 2DE875CD
Version: 4.0.1601.4978

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736
Long name: swg.dll
Short name:
Date (created): 12/01/2008 14:56:30
Date (last access): 14/01/2008 21:05:10
Date (last write): 12/01/2008 14:56:30
Filesize: 654320
Attributes: archive
MD5: 72D6804DC43CC0CF4F10E699D7738138
CRC32: ABF4BA3E
Version: 2.1.1119.1736

— ActiveX list —
{0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1)
DPF name:
CLSID name: F-Secure Online Scanner 3.1
Installer: C:\WINDOWS\Downloaded Program Files\fscax.inf
Codebase: support.f-secure.com…
description:
classification: Legitimate
known filename: fscax.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files
Long name: fscax.dll
Short name:
Date (created): 07/05/2007 16:39:24
Date (last access): 14/01/2008 21:44:30
Date (last write): 07/05/2007 16:39:24
Filesize: 254360
Attributes: archive
MD5: D5199825510E4C4F97DC93B7BC3B1A8A
CRC32: 9FA45099
Version: 3.1.0.5

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: download.macromedia.com…
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director
Long name: swdir.dll
Short name:
Date (created): 13/08/2007 20:19:16
Date (last access): 13/01/2008 04:26:54
Date (last write): 02/05/2007 11:32:04
Filesize: 182512
Attributes: archive
MD5: 95F03ABE4B96C50CF4DA8245819138E4
CRC32: 12E5BB80
Version: 10.2.0.22

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: download.microsoft.com…
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32
Long name: LegitCheckControl.dll
Short name: LEGITC~1.DLL
Date (created): 15/03/2007 17:19:28
Date (last access): 14/01/2008 22:02:40
Date (last write): 11/10/2007 14:12:48
Filesize: 1468968
Attributes: archive
MD5: FC6680B6D4812D017109518AC07DED0E
CRC32: 4DC7C79C
Version: 1.7.59.1

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\PROGRA~1\Yahoo!\Common
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 04/01/2008 21:18:14
Date (last access): 13/01/2008 00:22:54
Date (last write): 30/07/2006 13:25:34
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 2006.4.14.2

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: java.sun.com…
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_02\bin
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 01:22:38
Date (last access): 13/01/2008 00:22:56
Date (last write): 12/07/2007 03:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner)
DPF name:
CLSID name: a-squared Scanner
Installer:
Codebase: ax.emsisoft.com…
description:
classification: Legitimate
known filename: axscan.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1
Long name: asquared.ocx
Short name:
Date (created): 02/07/2007 15:44:26
Date (last access): 13/01/2008 00:22:56
Date (last write): 02/07/2007 15:44:26
Filesize: 941688
Attributes: archive
MD5: 1E80F3093FA93340A61174AB5F371457
CRC32: E2D562DD
Version: 3.0.0.3

{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player)
DPF name:
CLSID name: Zylom Games Player
Installer: C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf
Codebase: game06.zylom.com…
description:
classification: Legitimate
known filename: zylomgamesplayer.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files
Long name: zylomgamesplayer.dll
Short name: ZYLOMG~1.DLL
Date (created): 29/08/2006 14:17:22
Date (last access): 14/01/2008 21:44:30
Date (last write): 29/08/2006 14:17:22
Filesize: 161976
Attributes: archive
MD5: 7FAF5222EEB546E1DC0F348DCB314B0B
CRC32: B03D23B2
Version: 2.0.0.1

{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_03
Installer:
Codebase: java.sun.com…
description:
classification: Legitimate
known filename: npjpi142_03.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\j2re1.4.2_03\bin
Long name: NPJPI142_03.dll
Short name: NPJPI1~1.DLL
Date (created): 28/09/2006 00:38:40
Date (last access): 13/01/2008 00:22:56
Date (last write): 28/09/2006 00:38:40
Filesize: 65650
Attributes: archive
MD5: 2AD31341BE41AC9B086128AD86A2B53F
CRC32: 081CFB35
Version: 1.4.2.30

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: java.sun.com…
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 01:22:38
Date (last access): 14/01/2008 22:21:54
Date (last write): 12/07/2007 03:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: java.sun.com…
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_02\bin
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 01:22:38
Date (last access): 14/01/2008 22:21:54
Date (last write): 12/07/2007 03:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object)
DPF name:
CLSID name: CPlayFirstDinerDashControl Object
Installer: C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.4.inf
Codebase: jeuxenligne.orange.fr…
description:
classification: Open for discussion
known filename: DinerDash.1.0.0.80.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files
Long name: DinerDash.1.0.0.4.dll
Short name: DINERD~1.DLL
Date (created): 16/05/2007 14:00:32
Date (last access): 14/01/2008 21:44:30
Date (last write): 16/05/2007 14:00:32
Filesize: 1783400
Attributes: archive
MD5: 211E9A130C435480B7290045D0430FD1
CRC32: 023B4923
Version: 1.0.0.4

— Process list —
PID: 0 ( 0) [System]
PID: 132 ( 0) \SystemRoot\System32\smss.exe
size: 50688
PID: 188 ( 0) ??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 212 ( 0) ??\C:\WINDOWS\system32\winlogon.exe
size: 506368
PID: 256 ( 0) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 63DCDE1A0D86EEB8924D6738FF616EAD
PID: 268 ( 0) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 259AF82A0932EEA4F316F92DB94707B6
PID: 416 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 480 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 560 ( 0) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
size: 561152
MD5: 62E1B62C9DD8F446D224166A4D78B5DD
PID: 588 ( 0) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
size: 312880
MD5: 5DCD235C061022BCDA9AA48670B64211
PID: 600 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 792 ( 0) C:\WINDOWS\Explorer.EXE
size: 1037312
MD5: D0288319660EDCFED07C7E74C4EA38A5
PID: 1104 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9

— Browser start & search pages list —
Spybot - Search & Destroy browser pages report, 14/01/2008 22:21:53

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
www.microsoft.com…
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
www.microsoft.com…
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
www.orange.fr…
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
ie.search.msn.com…
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
ie.search.msn.com…
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl@
home.microsoft.com…
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
go.microsoft.com…
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
www.01net.com…
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
www.01net.com…
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
go.microsoft.com…
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
www.google.com…
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
ie.search.msn.com…

— Winsock Layered Service Provider list —
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3D94ED63-DAFE-4C71-A39B-E0067DD25AF2}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3D94ED63-DAFE-4C71-A39B-E0067DD25AF2}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9301CD90-AD50-4E99-AC35-3A4B015FF252}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9301CD90-AD50-4E99-AC35-3A4B015FF252}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{96BF7F46-46F5-4AB5-BDEF-A360A5B4A45B}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{96BF7F46-46F5-4AB5-BDEF-A360A5B4A45B}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9B041F39-8361-474E-B06C-1232F0ECAB7C}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9B041F39-8361-474E-B06C-1232F0ECAB7C}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7C5B3847-6AF0-4528-A8AB-EB9FA42648C1}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7C5B3847-6AF0-4528-A8AB-EB9FA42648C1}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{46F69B69-8E32-4B52-94C8-0DB24C098C93}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{46F69B69-8E32-4B52-94C8-0DB24C098C93}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{901A7E23-C43C-43D0-948D-D9A62B542593}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{901A7E23-C43C-43D0-948D-D9A62B542593}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0A261A48-11B7-401A-AB99-4D0575F2ECEF}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0A261A48-11B7-401A-AB99-4D0575F2ECEF}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A52E1F06-8DB3-48B5-8F1E-22B83552D751}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A52E1F06-8DB3-48B5-8F1E-22B83552D751}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA3AEAE3-8DFC-449D-9144-E7694CFDE16A}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BA3AEAE3-8DFC-449D-9144-E7694CFDE16A}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9C27DAB-5379-45E1-B68B-34869F80D066}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D9C27DAB-5379-45E1-B68B-34869F80D066}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll

Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll


AntiVir PersonalEdition Classic Report file date: lundi 14 janvier 2008 22:24

Scanning for 740715 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: ninou
Computer name: FRANKLIN

Version information:
BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 12:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 12:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 12:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 12:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 14:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 14:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 14:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 14:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 14:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 12:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 08:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 09:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 12:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 11:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 10:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 12:42:42

Configuration settings for the scan:
Jobname…: Local Drives
Configuration file…: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging…: low
Primary action…: interactive
Secondary action…: ignore
Scan master boot sector…: off
Scan boot sector…: on
Boot sectors…: D:,
Scan memory…: on
Process scan…: on
Scan registry…: on
Search for rootkits…: off
Scan all files…: All files
Scan archives…: on
Recursion depth…: 20
Smart extensions…: on
Macro heuristic…: on
File heuristic…: medium

Start of the scan: lundi 14 janvier 2008 22:24

The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘ctfmon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘guard.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘aawservice.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
14 processes with 14 modules were scanned

Start scanning boot sectors:
Boot sector ‘C:’
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( ‘18’ files ).

Starting the file scan:

Begin scan in ‘C:’
C:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: lundi 14 janvier 2008 22:57
Used time: 33:10 min

The scan has been canceled!

3729 Scanning directories
124542 Files were scanned
0 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
124542 Files not concerned
1713 Archives were scanned
1 Warnings
0 Notes
0 Hidden objects were found


Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:08:06, on 14/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.01net.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.01net.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM…\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM…\Run: [UpdateManager] “C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe” /r
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - support.f-secure.com…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - ax.emsisoft.com…
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - game06.zylom.com…
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - jeuxenligne.orange.fr…
O17 - HKLM\System\CCS\Services\Tcpip…{9B041F39-8361-474E-B06C-1232F0ECAB7C}: NameServer = 80.10.246.1,80.10.246.132
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of file - 9137 bytes