Dersou1

Bonjour WawaSab. Les dossiers .tmp sont vides. Lorsque Avira détecte quelque chose, il faut se dépecher pour le capturer, sinon ils s'autodétruisent... Voila le rapport ComboFix. ComboFix 10-04-09.06 - Rkl305 10/04/2010 11:03:47.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.673 [GMT 2:00] Lancé depuis: c:\documents and settings\Rkl305\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users.\documents\settings c:\documents and settings\Rkl305\autorun.inf c:\documents and settings\Rkl305\Documents .lnk c:\documents and settings\Rkl305\Music .lnk c:\documents and settings\Rkl305\New Folder .lnk c:\documents and settings\Rkl305\Passwords .lnk c:\documents and settings\Rkl305\Pictures .lnk c:\documents and settings\Rkl305\Video .lnk c:\windows\system32\gsntcji.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kclegkgs ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-10 au 2010-04-10 )))))))))))))))))))))))))))))))))))) . 2010-04-08 17:57 . 2010-04-08 22:36 -------- d-----w- C:\Papa 2010-04-06 20:39 . 2010-04-10 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\usb-set 2010-04-06 20:39 . 2010-04-06 20:39 -------- d-----w- c:\program files\USB-set 2010-04-06 18:21 . 2010-04-06 18:21 -------- d-----w- c:\documents and settings\Rkl305\Application Data\Malwarebytes 2010-04-06 18:20 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-06 18:20 . 2010-04-06 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-04-06 18:20 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-06 17:24 . 1999-01-20 03:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL 2010-04-06 17:24 . 2010-04-06 17:24 -------- d-----w- c:\program files\Fichiers communs\Borland Shared 2010-03-31 17:26 . 2010-03-31 17:28 -------- d-----w- c:\documents and settings\Rkl305\Local Settings\Application Data\Temp 2010-03-31 16:30 . 2010-04-10 09:15 -------- d-----w- c:\documents and settings\Rkl305\Tracing 2010-03-31 16:24 . 2010-03-31 16:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-03-31 16:21 . 2010-03-31 16:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-10 08:51 . 2009-03-13 10:27 81816 ----a-w- c:\windows\system32\perfc00C.dat 2010-04-10 08:51 . 2009-03-13 10:27 502688 ----a-w- c:\windows\system32\perfh00C.dat 2010-04-09 07:00 . 2009-06-09 03:24 60672 ----a-w- c:\documents and settings\Rkl305\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-09 06:03 . 2009-12-25 11:09 -------- d-----w- c:\program files\Microsoft Silverlight 2010-04-08 21:31 . 2009-03-13 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-06 18:20 . 2009-12-24 18:45 -------- d-----w- c:\program files\Utilities 2010-04-03 15:09 . 2009-03-13 10:30 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-03-31 16:21 . 2009-03-13 02:49 -------- d-----w- c:\program files\Google 2010-02-25 06:17 . 2009-03-13 10:27 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-11 18:56 . 2010-02-11 18:56 -------- d-----w- c:\program files\Alfa & Ariss . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-09 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB-Set"="wscript" [X] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824] "avgnt"="c:\program files\Utilities\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-13 565248] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Rkl305^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk] backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M3000Mnt] M3000Rmv.dll [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 11:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] 2006-01-25 10:45 53248 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-03-13 02:49 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2008-04-15 16:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-28 01:00 141848 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] 2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] 2008-12-30 07:09 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-02-28 01:00 137752 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-02-24 07:40 17529856 ----a-w- c:\windows\RTHDCPL.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Utilities\Avira\AntiVir Desktop\sched.exe [24/12/2009 20:48 108289] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [13/03/2009 05:16 237568] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/03/2009 05:03 49664] R3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [25/03/2009 06:52 145408] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/03/2010 18:21 135664] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/03/2009 04:37 1684736] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/03/2009 04:49 24064] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [13/03/2009 04:35 162816] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contenu du dossier 'Tâches planifiées' 2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 16:21] 2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 16:21] 2010-04-10 c:\windows\Tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=0609&m=aspire_one uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=0609&m=aspire_one IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html . . ------- Associations de fichier ------- . txtfile\shell\ab_notepad\command="d:\prog\LiberKeyAmanda\Apps\Notepad++\Notepad++LKL.exe" "%1" inifile\shell\ab_notepadpp_open\command="d:\prog\LiberKeyAmanda\Apps\Notepad++\Notepad++LKL.exe" "%1" . - - - - ORPHELINS SUPPRIMES - - - - BHO-{9E1CE04F-0CC2-4D9D-91B4-B1A63833DB59} - c:\windows\system32\gsntcji.dll ShellIconOverlayIdentifiers-{9E1CE04F-0CC2-4D9D-91B4-B1A63833DB59} - c:\windows\system32\gsntcji.dll AddRemove-Mozilla Firefox (2.0.0.20) - d:\progs\LiberKey\Apps\Firefox\App\firefox\uninstall\helper.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-10 11:15 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86305618]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf7681f28 \Driver\ACPI -> ACPI.sys @ 0xf75f3cb8 \Driver\atapi -> atapi.sys @ 0xf75ab852 \Driver\iaStor -> iaStor.sys @ 0xf751278c IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Atheros AR8132 PCI-E Fast Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf73e9bb0 PacketIndicateHandler -> NDIS.sys @ 0xf73d8a0d SendHandler -> NDIS.sys @ 0xf73ecb40 user & kernel MBR OK ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(776) c:\windows\system32\btmmhook.dll c:\windows\system32\webcheck.dll c:\windows\system32\eappprxy.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Utilities\Avira\AntiVir Desktop\avguard.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wscript.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2010-04-10 11:21:03 - La machine a redémarré ComboFix-quarantined-files.txt 2010-04-10 09:20 Avant-CF: 139 939 016 704 octets libres Après-CF: 139 855 806 464 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 17862721AAC97AF77122B838BD6CED9B Le dossier Windows\Temp a été vidé pendant l'opération ComboFix mais la création de dossiers continue actuellement. J'attends la suite de tes instructions. Merci encore

Hum, j'ai du mal à copier les rapports très longs. Je les ai sauvés sous cijoint.fr 1) OTL http://www.cijoint.fr/cjlink.php?file=cj20.../cijEb1N5Yc.txt 2) Extra http://www.cijoint.fr/cjlink.php?file=cj20.../cij58hj80A.txt Voila.

Il manque la fin du rapport : b) Extras.Txt OTL Extras logfile created on: 10/04/2010 00:59:16 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Rkl305\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 014,00 Mb Total Physical Memory | 560,00 Mb Available Physical Memory | 55,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142,05 Gb Total Space | 130,04 Gb Free Space | 91,55% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-454F29D87C Current User Name: Rkl305 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = htmlfile] -- Reg Error: Key error. File not found .ini [@ = inifile] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- Reg Error: Key error. File not found .txt [@ = txtfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01523985-2098-43AF-9C97-12B07BE02A9B}" = Windows Live Call "{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger "{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA "{10A44844-4465-456E-8C97-80BDD4F68845}" = Assistant de connexion Windows Live ID "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.1.221_Foxconn Installation Program "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3CCB732A-E472-4CF9-B1EE-F18365341FE0}" = Installation Windows Live "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{43563ACB-371B-4C58-8979-B192B390424C}" = Galerie de photos Windows Live "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail "{67D0313C-4F15-437D-9A2D-C1564088A26A}" = Windows Live Sync "{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA "{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007 "{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Program Files\Acer GameZone\GameConsole "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B92B9 Il manque la fin du rapport : "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Program Files\Acer GameZone\GameConsole "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B92B952E-4459-480F-A500-60D87F6F527F}_is1" = USB-set 1.4 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "Acer Screensaver" = Acer ScreenSaver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALUpdate_is1" = ALTools Update "ALZip_is1" = ALZip "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Goog Il manque la fin du rapport : "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Program Files\Acer GameZone\GameConsole "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B92B952E-4459-480F-A500-60D87F6F527F}_is1" = USB-set 1.4 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "Acer Screensaver" = Acer ScreenSaver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALUpdate_is1" = ALTools Update "ALZip_is1" = ALZip "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Google Desktop%2 Suite du rapport : "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D2B0720-4787-437E-A949-97D01BF64BAE}_is1" = C:\Program Files\Acer GameZone\GameConsole "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B92B952E-4459-480F-A500-60D87F6F527F}_is1" = USB-set 1.4 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "Acer Screensaver" = Acer ScreenSaver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALUpdate_is1" = ALTools Update "ALZip_is1" = ALZip "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Google Desktop" = Google Desktop "HDMI" = Intel® Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "SecureW2 Client" = SecureW2 Client 3.1.2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WinLiveSuite_Wave3" = Installation Windows Live "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Zeb Help Process_is1" = ZebHelpProcess 2.34

b) Extras.Txt OTL Extras logfile created on: 10/04/2010 00:59:16 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Rkl305\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 014,00 Mb Total Physical Memory | 560,00 Mb Available Physical Memory | 55,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142,05 Gb Total Space | 130,04 Gb Free Space | 91,55% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-454F29D87C Current User Name: Rkl305 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = htmlfile] -- Reg Error: Key error. File not found .ini [@ = inifile] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- Reg Error: Key error. File not found .txt [@ = txtfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01523985-2098-43AF-9C97-12B07BE02A9B}" = Windows Live Call "{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger "{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA "{10A44844-4465-456E-8C97-80BDD4F68845}" = Assistant de connexion Windows Live ID "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.1.221_Foxconn Installation Program "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3CCB732A-E472-4CF9-B1EE-F18365341FE0}" = Installation Windows Live "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{43563ACB-371B-4C58-8979-B192B390424C}" = Galerie de photos Windows Live "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail "{67D0313C-4F15-437D-9A2D-C1564088A26A}" = Windows Live Sync "{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA "{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007 "{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}% b) Extras.Txt OTL Extras logfile created on: 10/04/2010 00:59:16 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Rkl305\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 014,00 Mb Total Physical Memory | 560,00 Mb Available Physical Memory | 55,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142,05 Gb Total Space | 130,04 Gb Free Space | 91,55% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-454F29D87C Current User Name: Rkl305 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = htmlfile] -- Reg Error: Key error. File not found .ini [@ = inifile] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- Reg Error: Key error. File not found .txt [@ = txtfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01523985-2098-43AF-9C97-12B07BE02A9B}" = Windows Live Call "{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger "{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA "{10A44844-4465-456E-8C97-80BDD4F68845}" = Assistant de connexion Windows Live ID "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.1.221_Foxconn Installation Program "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3CCB732A-E472-4CF9-B1EE-F18365341FE0}" = Installation Windows Live "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{43563ACB-371B-4C58-8979-B192B390424C}" = Galerie de photos Windows Live "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam "{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail "{67D0313C-4F15-437D-9A2D-C1564088A26A}" = Windows Live Sync "{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA "{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12 "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007 "{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007 "{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007 "{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007 "{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007 "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007 "{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007 "{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}%

Bonsoir WawaSeb et merci de bien vouloir t'interresser à mon problème. J'ai eu quelques difficultés à analyser le fichier detecté par avira car ils ont l'air de s'autodétruire... Mème lorsque le choix est refuser l'accès. Mais au final, j'ai attendu et lorsqu'un fichier a été détecté j'ai rapidement demandé la mise en quarantaine. Ensuite je l'ai copié sur le bureau en rajoutant un 2 à l'extension. 1) Voici le lien permanent pour voir le résultat du scan : http://virusscan.jotti.org/fr/scanresult/2...4893a7c987d3ff9 2) Voici le résultat d'OTL en 2 fichiers : a) OTL.txt OTL logfile created on: 10/04/2010 00:59:16 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Rkl305\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 1 014,00 Mb Total Physical Memory | 560,00 Mb Available Physical Memory | 55,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142,05 Gb Total Space | 130,04 Gb Free Space | 91,55% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-454F29D87C Current User Name: Rkl305 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/04/10 00:58:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe PRC - [2009/12/24 20:54:34 | 000,470,785 | ---- | M] (Avira GmbH) -- c:\Program Files\Utilities\Avira\AntiVir Desktop\avcenter.exe PRC - [2009/12/24 20:54:34 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avguard.exe PRC - [2009/12/24 20:54:34 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Utilities\Avira\AntiVir Desktop\sched.exe PRC - [2009/06/09 05:25:40 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009/03/30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009/03/02 14:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avgnt.exe PRC - [2009/02/20 13:24:42 | 000,271,617 | ---- | M] (Avira GmbH) -- c:\Program Files\Utilities\Avira\AntiVir Desktop\avconfig.exe PRC - [2009/02/11 16:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe PRC - [2009/02/05 09:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/11/01 17:55:30 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe ========== Modules (SafeList) ========== MOD - [2010/04/10 00:58:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe MOD - [2007/11/01 17:53:22 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll MOD - [2007/11/01 17:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ========== Win32 Services (SafeList) ========== SRV - [2009/12/24 20:54:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009/12/24 20:54:34 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/12/01 20:41:40 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/03/13 04:49:24 | 000,024,064 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-080708-050100) SRV - [2009/02/05 09:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2010/04/03 17:09:10 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2009/12/24 20:54:34 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/12/24 20:54:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/11/13 10:43:50 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2009/03/30 11:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009/02/24 10:49:44 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/02/13 13:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Utilities\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/02/05 12:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2009/02/03 08:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009/01/02 19:33:54 | 000,145,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv) DRV - [2008/12/30 05:02:32 | 001,346,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2008/08/05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008/04/14 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/04/14 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2008/04/14 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2008/04/14 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2008/04/14 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2008/04/14 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2008/04/14 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2008/04/14 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2008/04/14 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2008/04/14 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2008/04/14 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2008/04/14 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2008/04/14 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2008/04/14 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2008/04/14 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2008/04/13 12:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 12:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/02/15 01:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007/11/05 10:54:00 | 000,879,528 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007/11/05 10:53:58 | 000,539,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007/08/27 06:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007/06/29 05:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007/03/31 06:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2007/03/23 03:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006/11/02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006/01/04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2004/12/08 08:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://scanonlineonline.info/antivirus//?a...d=20435&ref IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://scanonlineonline.info/antivirus//?a...d=20435&ref IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one IE - HKU\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...mp;m=aspire_one IE - HKU\S-1-5-21-1417066420-598665437-137508776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: D:\Progs\LiberKey\Apps\Firefox\App\firefox\components FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: D:\Progs\LiberKey\Apps\Firefox\App\firefox\plugins O1 HOSTS File: ([2008/04/14 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-1417066420-598665437-137508776-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Utilities\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [uSB-Set] File not found O4 - HKU\S-1-5-21-1417066420-598665437-137508776-1005..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKU\S-1-5-21-1417066420-598665437-137508776-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-1417066420-598665437-137508776-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/03/13 03:44:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/04/06 22:42:39 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-1417066420-598665437-137508776-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/04/10 00:58:11 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe [2010/04/09 09:05:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rkl305\Recent [2010/04/09 09:04:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/04/08 19:57:51 | 000,000,000 | ---D | C] -- C:\Papa [2010/04/06 22:42:38 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010/04/06 22:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\USB-set [2010/04/06 22:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\usb-set [2010/04/06 20:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Application Data\Malwarebytes [2010/04/06 20:20:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/06 20:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/04/06 20:20:22 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/06 19:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Borland Shared [2010/03/31 19:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\Temp [2010/03/31 18:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rkl305\Tracing [2010/03/31 18:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/03/31 18:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2010/02/21 21:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2010/02/21 20:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2009/12/25 13:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/12/13 18:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2009/03/13 12:27:17 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll [2009/03/13 03:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/03/13 03:44:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/03/13 03:44:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft ========== Files - Modified Within 30 Days ========== [2010/04/10 01:03:18 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job [2010/04/10 00:58:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rkl305\Bureau\OTL.exe [2010/04/10 00:50:26 | 001,099,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/10 00:50:26 | 000,502,688 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/04/10 00:50:26 | 000,434,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/04/10 00:50:26 | 000,081,816 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/04/10 00:50:26 | 000,068,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/04/10 00:46:11 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/04/10 00:46:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/04/10 00:46:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/04/10 00:46:04 | 1063,198,720 | -HS- | M] () -- C:\hiberfil.sys [2010/04/09 09:39:26 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\Rkl305\NTUSER.DAT [2010/04/09 09:39:26 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Rkl305\ntuser.ini [2010/04/09 09:31:01 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/04/09 09:00:42 | 000,060,672 | ---- | M] () -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/04/09 08:48:57 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/04/08 23:19:34 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2010/04/08 19:47:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/04/06 22:39:44 | 000,000,620 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\USB-set.lnk [2010/04/06 20:20:31 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/04/03 17:09:10 | 000,312,344 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\iaStor.sys [2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2010/04/06 22:39:44 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\USB-set.lnk [2010/04/06 20:20:31 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/04/06 19:24:52 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET [2010/04/06 19:24:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\BDEADMIN.CPL [2010/03/31 18:21:28 | 000,001,054 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/03/31 18:21:28 | 000,001,050 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/03/03 22:30:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Rkl305\Video .lnk [2010/03/03 22:30:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Rkl305\Pictures .lnk [2010/03/03 22:30:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Rkl305\Passwords .lnk [2010/03/03 22:30:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Rkl305\New Folder .lnk [2010/03/03 22:30:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Rkl305\Music .lnk [2010/03/03 22:30:19 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Rkl305\Documents .lnk [2010/03/03 22:30:15 | 000,000,144 | RHS- | C] () -- C:\Documents and Settings\Rkl305\autorun.inf [2009/06/10 20:05:27 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Rkl305\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/09 05:24:57 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\Rkl305\NTUSER.DAT [2009/06/09 05:24:57 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Rkl305\ntuser.dat.LOG [2009/06/09 05:24:57 | 000,000,184 | -HS- | C] () -- C:\Documents and Settings\Rkl305\ntuser.ini [2009/06/09 05:24:46 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2009/06/09 05:24:46 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG [2009/03/25 06:52:35 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll [2009/03/25 06:52:35 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys [2009/03/25 06:52:35 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini [2009/03/25 06:52:30 | 000,000,639 | ---- | C] () -- C:\WINDOWS\AutoSetFrequency.ini [2009/03/13 05:32:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/03/13 04:36:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2009/03/13 03:47:23 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2009/03/13 03:41:20 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007/11/01 17:53:34 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007/11/01 17:43:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005/10/03 14:18:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\aa_sw2_gina.dll [2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2009/03/13 04:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer GameZone Console [2009/03/13 05:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi [2010/04/10 00:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\usb-set [2009/03/13 05:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Acer [2009/03/13 04:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Acer GameZone Console [2009/03/13 05:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Super-Cow [2009/12/13 18:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2009/03/13 05:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Acer [2009/03/13 04:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Acer GameZone Console [2010/01/14 18:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\PhotoFiltre [2009/03/13 05:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\Super-Cow [2009/12/11 18:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rkl305\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2010/04/10 01:03:18 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{033FC4F9-CA59-488F-B302-0BAA83884A88}.job ========== Purity Check ========== < End of report >

Bonsoir, Ma fille m'a laissé son PC et son iPod avec comme instructions : "Vaccine nous" J'ai passé un scan complet avec antivir, il a trouvé quelques éléments infectés, j'ai demandé la suppression. Installation de Malwarebytes'antimalware + scan complet tout ce qui est trouvé est supprimé. Installation de ZebHelpProcess, Diag, supression de ce qui est trouvé. Une fois cela fait, ZebHelpProcess me dit que mon système est clean, Avira ne trouve plus rien et Malwarebytes non plus. Hélas, Avira, de temps à autre m'informe qu'il a trouvé un virus. Il se cache dans c:\windows\temp\xxxx.tmp Lorsque je regarde le dossier windows\temp, je vois qu'il contient des dossiers tous nommés xxxx.tmp (xxxx = 4 lettres prises au hazard) Il se créé une dizaine de dossier chaque 15 minutes (à peu près). Tous ces dossiers sont vides sauf lorsqu'Avira trouve le fameux virus appelé svchost.exe qui contient un Trojan selon Avira. Que puis je faire ? Merci de vos aides

Bon, je suis content de voir que la machine refonctionne. J'ai fais tous les derniers points sauf la partie restriction de droits qui me semble difficulter également le surf. Je souhaite avoir également ton avis sur les protections installées. J'ai maintenant : - Antivir - Spyware Terminator - Ashampoo Firewall (Windows me signale que ma machine n'est pas protégée par un FireWall...) J'ai vu sur des sites consacrés à la protection que l'on recommandait en sus : - Spyware Blaster - Win Patrol - ... Tres bon antivirus...si votre systeme est stable...alors rendez le clean...faite un mixage de plusieurs logiciel gratuit et blinder votre pc a bloc...prenez Antivir 7 + Spyware terminator (avec protection en temps reel..et enlevé de la black-list donc reconnu officiellement) + avg anti-rootkit + win patrol + spywareguard + Spyareblaster + Ashampoo firewall (ou votre box modem en mode routeur comme firewall"top du top...) vous détenez alors une protection en beton armée,avec aucun conflit ni ralentissement puisque le tout est tres leger en ressources memoire...(a noter que "spybot-search and destroy",est aussi essentiel au cas ou...) ce mixage de protection est tres tres efficace et je le confirme "SANS CONFLICT"...pour l'avoir utiliser a mainte reprise sur bcp d'ordinateurs deffaillants de type zombie...legèreté et efficacité garantie.votre systeme restera stable et a l'abrit de tout type de "malware,spyware,trojan,root et autre keylogger"..a vous de juger et de choisir...de la part d'un technicien en maintenance informatique de 3° niveau J'ai également vu des désinstalleurs qui permettent de revenir à la situation d'avant... J'ai réinstallé SpyBot avec les réglages que tu m'as recommandé, mais je n'ai pas installé le TeaTimer qui, si j'ai bien compris, fais la même chose que Spyware Terminator. De toutes façons, J'ai téléchargé Kubuntu et vais l'installer sur mon PC. Je crois que cela ne vas pas être facile, mais je vais essayer... Je dois passer aux logiciels libres, mais qu'il est difficile de changer d'habitudes Merci encore pour ton aide précieuse.

Bonsoir. Fichier pi2srv.exe, toujours introuvable, même avec les options de recherches que tu indiques. La clef existe bien là où l'indique le scan de ComboFix mais je ne vois pas le fichier. Je croyais que Ccleaner nettoyait ce genre de clef orpheline ??? La recherche sur Google ne donne absolument rien. Je laisse la clef ? Je la vire ? Je change le nom du fichier en pi2srv.exe2 ? - - - - - - - - - - Log HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:43, on 12/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Internet\No-IP\DUC20.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Internet\RA\RaMaint.exe C:\Program Files\Internet\RA\RemotelyAnywhere.exe C:\Program Files\Internet\sambar70\bin\ntserver.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet\UltraVNC\WinVNC.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\UTILIT~1\MImpPRO\MIProHst.exe C:\Program Files\Peripheriques\Logitech\iTouch\iTouch.exe C:\Program Files\Internet\RA\RAGui.exe C:\Program Files\Internet\FTP\Full Présence\full_presence.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe C:\Program Files\Audio\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Utilities\Security\Ashampoo FireWall\FireWall.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Internet\FTP\CuteFTP\TE\ftpte.exe C:\Program Files\Internet\ICQ\ICQ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Utilities\WinBar\WinBar.exe C:\Program Files\Utilities\Xplorer²\xplorer2_UC.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet\Firefox\firefox.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe C:\Program Files\Internet\FTP\FileZilla Server\FileZilla Server Interface.exe C:\Program Files\Internet\FTP\FileZilla Server\FileZilla Server.exe C:\Program Files\Internet\FTP\BPFTP Server\bpftpserver.exe C:\Program Files\Internet\FTP\CuteFTP\cftppro.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\regedit.exe C:\HijackThis\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [MImpPro] C:\PROGRA~1\UTILIT~1\MImpPRO\MIProHst.exe O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Peripheriques\Logitech\iTouch\iTouch.exe" O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\Internet\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\Internet\RA\RAGui.exe" O4 - HKLM\..\Run: [full_presence] "C:\Program Files\Internet\FTP\Full Présence\full_presence.exe" O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Audio\Winamp\winampa.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Utilities\Security\Ashampoo FireWall\FireWall.exe" -TRAY O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\Internet\FTP\FileZilla Server\FileZilla Server Interface.exe" O4 - HKCU\..\Run: [CuteFTP Pro TE] "C:\Program Files\Internet\FTP\CuteFTP\TE\ftpte.exe" O4 - HKCU\..\Run: [iCQ] "C:\Program Files\Internet\ICQ\ICQ.exe" silent O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Internet\RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Raccourci vers winampa.lnk = C:\Program Files\Audio\Winamp\winampa.exe O4 - Startup: WinBar.lnk = C:\Program Files\Utilities\WinBar\WinBar.exe O4 - Startup: xplorer2.lnk = ? O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Internet\RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Internet\RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Internet\RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Internet\RoboForm\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Internet\RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Internet\RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Internet\RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Internet\RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Internet\RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Internet\RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\Internet\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\Internet\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195324487484 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195324150015 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://xyz-p:2000/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FEEF3D11-B89E-4957-A97D-3B23809FF073}: NameServer = 200.118.2.66,200.118.2.85,63.245.1.3 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BPFTPServer - Unknown owner - C:\Program Files\Internet\FTP\BPFTP Server\bpftpserver-service.exe (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\Internet\FTP\FileZilla Server\FileZilla Server.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Audio\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\Internet\No-IP\DUC20.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - C:\Program Files\Internet\RA\RaMaint.exe O23 - Service: RemotelyAnywhere - LogMeIn, Inc. - C:\Program Files\Internet\RA\RemotelyAnywhere.exe O23 - Service: Sambar Server - Unknown owner - C:\Program Files\Internet\sambar70\bin\ntserver.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\Internet\UltraVNC\WinVNC.exe -- End of file - 13057 bytes - - - - - - - - BulletProof FTP Serveur, supprimé et remplacé par FileZillaServer - - - - - - - - - - Scan Antivir : AntiVir PersonalEdition Classic Report file date: samedi 12 janvier 2008 16:44 Scanning for 1027920 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: XYZ-P Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 19:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 18:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 21:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 18:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 20:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 13:57:47 ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 13:56:12 ANTIVIR3.VDF : 7.0.1.227 161280 Bytes 11/01/2008 00:32:22 AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 05/01/2008 13:57:47 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 16:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 13:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 19:16:24 AVPACK32.DLL : 7.6.0.2 360488 Bytes 05/01/2008 13:57:47 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 13:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 18:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 13:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 17:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 18:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 18:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 15:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\utilities\security\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: M:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: samedi 12 janvier 2008 16:44 Starting search for hidden objects. '41481' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'regedit.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'taskmgr.exe' - '1' Module(s) have been scanned Scan process 'cftppro.exe' - '1' Module(s) have been scanned Scan process 'bpftpserver.EXE' - '1' Module(s) have been scanned Scan process 'FileZilla server.exe' - '1' Module(s) have been scanned Scan process 'FileZilla Server Interface.exe' - '1' Module(s) have been scanned Scan process 'Acrobat.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned Scan process 'xplorer2_UC.exe' - '1' Module(s) have been scanned Scan process 'WinBar.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'ICQ.exe' - '1' Module(s) have been scanned Scan process 'ftpte.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'Spywareterminatorshield.Exe' - '1' Module(s) have been scanned Scan process 'FireWall.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'fpdisp5a.exe' - '1' Module(s) have been scanned Scan process 'full_presence.exe' - '1' Module(s) have been scanned Scan process 'ragui.exe' - '1' Module(s) have been scanned Scan process 'iTouch.exe' - '1' Module(s) have been scanned Scan process 'MIProHst.exe' - '1' Module(s) have been scanned Scan process 'soundman.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned Scan process 'winvnc.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned Scan process 'ntserver.exe' - '1' Module(s) have been scanned Scan process 'RemotelyAnywhere.exe' - '1' Module(s) have been scanned Scan process 'ramaint.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'DUC20.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 57 processes with 57 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Master boot sector HD1 [NOTE] No virus was found! Master boot sector HD2 [NOTE] No virus was found! Master boot sector HD3 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Boot sector 'M:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '25' files ). Starting the file scan: Begin scan in 'C:\' C:\Muestras.rar [0] Archive type: RAR --> Muestras\SROSA.SYS.Muestra EliBagle v10.81 [DETECTION] Is the Trojan horse TR/Rootkit.Gen [iNFO] The file was moved to '47ee35ad.qua'! C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\NirCmd.exe [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 [iNFO] The file was moved to '47fb3ebc.qua'! Begin scan in 'D:\' <D> D:\Ce-Jour\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> nircmd.exe [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 --> nircmd.cfexe [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 [iNFO] The file was moved to '47f64022.qua'! D:\ProgSave\Utilities\Security\Avast\Avast.4.7.1043_keygen.rar [0] Archive type: RAR --> keygen.exe [DETECTION] Contains detection pattern of the worm WORM/SdBot.136192.A [iNFO] The file was moved to '47ea4e68.qua'! D:\ProgSave\Utilities\Security\Avast\Avast.Pro.v4.7.1043.Incl.Keymaker-CORE.rar [0] Archive type: RAR --> keygen.exe [DETECTION] Contains detection pattern of the worm WORM/SdBot.136192.A [iNFO] The file was moved to '47ea4e74.qua'! Begin scan in 'E:\' <eMule> E:\RECYCLER\S-1-5-21-1960408961-1788223648-725345543-1003\De2.ace [0] Archive type: ACE --> Video voir en premier.avi [WARNING] Error creating the file --> Le concept.doc [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed E:\Zique\Graeme Allwright - Masterseries - 3Cd Mp3 Full Album Covers.ace [0] Archive type: ACE --> [mas][graeme_allwright.masterseries_3cd][vbr_mp3_full_album_covers]\cd11 - Emmne-moi.mp3 [WARNING] Error creating the file --> [mas][graeme_allwright.masterseries_3cd][vbr_mp3_full_album_covers]\cd32 - Vagabondage.mp3 [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed Begin scan in 'F:\' <F> Begin scan in 'M:\' <M> End of the scan: samedi 12 janvier 2008 22:06 Used time: 5:21:45 min The scan has been done completely. 24347 Scanning directories 1247002 Files were scanned 6 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 5 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 1246996 Files not concerned 12737 Archives were scanned 16 Warnings 80 Notes 41481 Objects were scanned with rootkit scan 0 Hidden objects were found => J'ai supprimé tout ce que j'avais d'Avast => Antivir n'aime décidement pas ComboFix.... - - - - - - - - - - - Scan Ewido : __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Adviva Path: :mozilla.21:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.22:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.32:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.33:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.34:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.38:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium - - - - - - - - - Scan de BlackLight : 01/13/08 08:02:46 [info]: BlackLight Engine 1.0.67 initialized 01/13/08 08:02:46 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/13/08 08:02:46 [Note]: 7019 4 01/13/08 08:02:46 [Note]: 7005 0 01/13/08 08:06:10 [Note]: 7006 0 01/13/08 08:06:12 [Note]: 7011 2720 01/13/08 08:06:13 [Note]: 7026 0 01/13/08 08:06:14 [Note]: 7026 0 01/13/08 08:06:16 [Note]: FSRAW library version 1.7.1024 01/13/08 08:08:05 [Note]: 2000 1012 01/13/08 08:08:05 [Note]: 2000 1012 01/13/08 08:23:05 [Note]: 7006 0 01/13/08 08:23:07 [Note]: 7011 2720 01/13/08 08:23:09 [Note]: 7026 0 01/13/08 08:23:09 [Note]: 7026 0 01/13/08 08:23:11 [Note]: FSRAW library version 1.7.1024 01/13/08 08:23:22 [Note]: 7007 0 - - - - - - - - Voila J'attends tes instructions pour la suite. Merci encore.

Bonsoir. Oui, ca marche à nouveau - - - - - - CableNet (Colombie) - - - - - - -- Incredimail : Je viens de terminer le transfert de tous mes mails vers Thunderbird. J'ai viré Incrédimail en utilisant le lien que tu m'as indiqué pour désinstaller Incrédimail. Je suis allé un peu plus loin en virant toutes les clefs contenant im ou inc.... - - - - - - - - - - - Fait - - - - - - - Je ne trouve pas l'exe sur C: malgré une recherche complète. Dans Google, je n'ai trouvé que cela sur cet exe : http://www.commentcamarche.net/forum/affic...in32-small-gen2 - - - - - - - - Il s'agit de mon serveur FTP qui tourne comme un service... J'utilise ce prog depuis plusieurs années, mais il est bien craqué. Je le mets dans ma liste de Freeware à trouver... Résultats du scan Virus Total : Fichier bpftpserver-service.exe reçu le 2008.01.12 06:05:55 (CET) Résultat: 14/32 (43.75%) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.1.12.10 2008.01.11 Win-Trojan/Zapchast.20992 AntiVir 7.6.0.46 2008.01.11 - Authentium 4.93.8 2008.01.12 - Avast 4.7.1098.0 2008.01.11 - AVG 7.5.0.516 2008.01.11 Potentially harmful program G6Service.A BitDefender 7.2 2008.01.12 - CAT-QuickHeal 9.00 2008.01.11 - ClamAV 0.91.2 2008.01.11 - DrWeb 4.44.0.09170 2008.01.11 Trojan.Runas eSafe 7.0.15.0 2008.01.10 Win32.IRC eTrust-Vet 31.3.5451 2008.01.11 - Ewido 4.0 2008.01.11 - FileAdvisor 1 2008.01.12 High threat detected Fortinet 3.14.0.0 2008.01.12 Misc/G6service F-Prot 4.4.2.54 2008.01.11 W32/G6Service F-Secure 6.70.13030.0 2008.01.11 - Ikarus T3.1.1.20 2008.01.12 - Kaspersky 7.0.0.125 2008.01.12 - McAfee 5205 2008.01.11 potentially unwanted program G6Service Microsoft 1.3109 2008.01.12 - NOD32v2 2785 2008.01.11 a variant of Win32/Tool.ServiceRunner Norman 5.80.02 2008.01.11 - Panda 9.0.0.4 2008.01.11 - Prevx1 V2 2008.01.12 TROJAN.RUNAS Rising 20.26.50.00 2008.01.12 - Sophos 4.24.0 2008.01.12 Service Daemon Sunbelt 2.2.907.0 2008.01.12 - Symantec 10 2008.01.12 - TheHacker 6.2.9.186 2008.01.11 Aplicacion/ServiceRunner.d VBA32 3.12.2.5 2008.01.12 Trojan.Runas VirusBuster 4.3.26:9 2008.01.11 - Webwasher-Gateway 6.6.2 2008.01.12 Riskware.Tool.ServiceRunner Information additionnelle File size: 22528 bytes MD5: d008fdb0ddfe02883232908ee4367331 SHA1: 28acb76dbdf4fe2128bec14f827362298ddbd4ae PEiD: - Bit9 info: http://fileadvisor.bit9.com/services/extin...232908ee4367331 Prevx info: http://info.prevx.com/aboutprogramtext.asp...87DAA00CB574518 Je le remets en quarantaine en attendant Il est tout de même curieux que le scan du fichier d'installation par AntiVir ne donne rien alors qu'il n'aime pas l'exe - - - - - - - - Le fichier était bloqué, mais Unlocker a pu le débloquer Une recherche sur google montre qu'il s'agit d'un driver installé par Daemon Tools, un émulateur que j'utilise pour lire des iso sans les graver.... Le scan n'a donné qu'un seul positif... Fichier sptd.sys reçu le 2008.01.12 06:27:06 (CET) Résultat: 1/31 (3.23%) Antivirus Version Dernière mise à jour Résultat Sunbelt 2.2.907.0 2008.01.12 VIPRE.Suspicious Information additionnelle File size: 685816 bytes MD5: d390675b8ce45e5fb359338e5e649329 SHA1: 9e9e14633460ce7d5440a9066aa70b8f34b8b6dd PEiD: - Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics. - - - - - - - - Viré - - - - - - Fait - - - - - - Je regarde Framasoft pour les autres progs crackés que j'ai, mais je crois que je vais devoir chercher une solution plus radicale : Ca sent Linux.... Voila, j'attends tes instructions pour la suite. Merci encore.

Bonjour. Encore une fois, je dois partir pour la semaine. Je reprends toutes tes instructions dès mon retour ce samedi. Je viens de désinstaller Lightroom et avais déjà supprimé Alap au vu du scan. Pour Muestras, il s'agit de fichiers crées par EliBagle que l'on est supposé envoyer aux auteurs du soft. J'ai perdu l'adresse email => je le supprime donc. Pour les autres progs + cracks infectés, Antivir les a mis en quarantaines. J'ai maintenant un nouveau dossier sur mon C: => QooBox que dois je en faire ? ComboFix m'inquiète, il est signalé comme infecté par AntiVir : Begin scan in 'D:\Ce-Jour\ComboFix.exe' D:\Ce-Jour\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> nircmd.exe [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 --> nircmd.cfexe [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 [WARNING] The file was ignored! Je crois qu'il est également à l'origine de ceci : Virus or unwanted program 'APPL/NirCmd.3 [APPL/NirCmd.3]' detected in file 'C:\WINDOWS\NirCmd.exe. Action performed: Allow access Comme je te l'ai écris, je suis en train de chercher des solutions en freeware pour mes logiciels pirates. J'ai même commencé à regarder Linux.... Il me faut néanmoins du temps pour certaines appli pour trouver comment récupérer ce que j'ai développé avec elles ( ex : Incredimail, InDesign, ...) Au sujet d'Incredimail, les messages détectés sont tous dans la poubelle d'Incrédimail, et j'ai bien entendu vider cette poubelle, de sorte qu'aucun message n'est visible. Il me semble qu'il manque une option du style Comprimer ce dossier comme dans Thunderbird pour éliminer définitivement ses messages... Comme je te l'ai dit, je vais installer Thunderbird et passer mes messages à conserver d'Incrédimail à Thundebird en me les renvoyant. Comme Antivir gratuit ne détecte pas les virus dans les mails, quelle solution y a t'il ? Merci de ton aide. A samedi.

Oui, j'ai bien vu, ni Avast, ni SpyBot avec son résident, ni le firewall de XP (sp2) ne m'ont protégés... J'ai, depuis cela, lu beaucoup d'articles mais il est vrai que le choix des outils de protection ne me parait pas évident. Et oui, j'ai bien compris que le problème est entre le clavier et la chaise... Mais il est des comportements (cracks) pas faciles à réformer... Mais je profite de cet épisode pour m'y mettre - - - - - - - Je me demande tout de même, si s'est bien ce keymaker qui est à l'origine de mon problème Les test faits sur Virus Total sont ils probants pour toi ? Je trouve surprenant qu'aucun des Anti virus majeurs du marché ne le détecte... : Scan du Keygen sur Virus Total : Fichier Key_Generator.EXE reçu le 2007.12.24 15:53:27 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - (Suspicious) - DNAScan ClamAV - - - DrWeb - - - eSafe - - suspicious Trojan/Worm eTrust-Vet - - - Ewido - - - FileAdvisor - - - Fortinet - - - F-Prot - - - F-Secure - - - Ikarus - - - Kaspersky - - - McAfee - - - Microsoft - - - NOD32v2 - - - Norman - - Suspicious_F.gen Panda - - - Prevx1 - - Generic.Malware Rising - - - Sophos - - Mal/Packer Sunbelt - - VIPRE.Suspicious Symantec - - - TheHacker - - - VBA32 - - - VirusBuster - - Packed/FSG Webwasher-Gateway - - Win32.Malware.gen#FSG (suspicious) Information additionnelle MD5: c7e60a5ded20ec9b7faaa1a932c51d45 - - - - - - - Il se pourrait alors que se ne soit pas là la source de l'infection ? Et que celle ci vienne d'un autre crack installé plusieurs jours avant (Lightroom) ? Ou est ce que les manifestations infectieuses sont immédiates ? - - - - - - - - Tout semble ok de ce coté... 01/06/08 08:11:20 [info]: BlackLight Engine 1.0.67 initialized 01/06/08 08:11:20 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/06/08 08:11:21 [Note]: 7019 4 01/06/08 08:11:21 [Note]: 7005 0 01/06/08 08:11:34 [Note]: 7006 0 01/06/08 08:11:36 [Note]: 7011 3460 01/06/08 08:11:36 [Note]: 7026 0 01/06/08 08:11:36 [Note]: 7026 0 01/06/08 08:11:40 [Note]: FSRAW library version 1.7.1024 01/06/08 08:15:19 [Note]: 2000 1012 01/06/08 08:15:19 [Note]: 2000 1012 01/06/08 08:15:19 [Note]: 2000 1012 01/06/08 08:16:08 [Note]: 7007 0 - - - - - - - Oui, je l'ai installé voila plusieurs jours. Je suis en évaluation pour un programme de traitement de photos... Je viens de soumettre le keygen au Virus Total et il n'est reconnu par personne sauf : Prevx1 V2 2008.01.06 Heuristic: Suspicious File With Bad Child Associations Sophos 4.24.0 2008.01.06 Mal/Dropper-O - - - - - - - Il s'agit des adresses du serveur DNS de mon FAI (je ne vis pas en France) - - - - - - - Suppression de Google... Ok, et effectivement, HijackThis ne trouve pas le service. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:38:02, on 06/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Internet\No-IP\DUC20.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Internet\RA\RaMaint.exe C:\Program Files\Internet\RA\RemotelyAnywhere.exe C:\Program Files\Internet\sambar70\bin\ntserver.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet\UltraVNC\WinVNC.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\UTILIT~1\MImpPRO\MIProHst.exe C:\Program Files\Peripheriques\Logitech\iTouch\iTouch.exe C:\Program Files\Internet\RA\RAGui.exe C:\Program Files\Internet\FTP\Full Présence\full_presence.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe C:\Program Files\Audio\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Utilities\Security\Ashampoo FireWall\FireWall.exe C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Internet\FTP\CuteFTP\TE\ftpte.exe C:\Program Files\Internet\ICQ\ICQ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Utilities\WinBar\WinBar.exe C:\Program Files\Utilities\Xplorer²\xplorer2_UC.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet\Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\cidaemon.exe C:\HijackThis\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Internet\RoboForm\roboform.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Internet\RoboForm\roboform.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [MImpPro] C:\PROGRA~1\UTILIT~1\MImpPRO\MIProHst.exe O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Peripheriques\Logitech\iTouch\iTouch.exe" O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\Internet\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\Internet\RA\RAGui.exe" O4 - HKLM\..\Run: [full_presence] "C:\Program Files\Internet\FTP\Full Présence\full_presence.exe" O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Audio\Winamp\winampa.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Utilities\Security\Ashampoo FireWall\FireWall.exe" -TRAY O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [CuteFTP Pro TE] "C:\Program Files\Internet\FTP\CuteFTP\TE\ftpte.exe" O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [iCQ] "C:\Program Files\Internet\ICQ\ICQ.exe" silent O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Internet\RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Raccourci vers winampa.lnk = C:\Program Files\Audio\Winamp\winampa.exe O4 - Startup: WinBar.lnk = C:\Program Files\Utilities\WinBar\WinBar.exe O4 - Startup: xplorer2.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Internet\RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Internet\RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Internet\RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Internet\RoboForm\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Internet\RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Internet\RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Internet\RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Internet\RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Internet\RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Internet\RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\Internet\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\Internet\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195324487484 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195324150015 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://xyz-p:2000/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FEEF3D11-B89E-4957-A97D-3B23809FF073}: NameServer = 200.118.2.66,200.118.2.85,63.245.1.3 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BPFTPServer - Unknown owner - C:\Program Files\Internet\FTP\BPFTP Server\bpftpserver-service.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Audio\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\Internet\No-IP\DUC20.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - C:\Program Files\Internet\RA\RaMaint.exe O23 - Service: RemotelyAnywhere - LogMeIn, Inc. - C:\Program Files\Internet\RA\RemotelyAnywhere.exe O23 - Service: Sambar Server - Unknown owner - C:\Program Files\Internet\sambar70\bin\ntserver.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\Internet\UltraVNC\WinVNC.exe -- End of file - 12828 bytes - - - - - - - - Nettoyage avec CCleaner => Ok - - - - - - - - Scan AntiVir (plus de 6 heures ) : AntiVir PersonalEdition Classic Report file date: dimanche 6 janvier 2008 19:38 Scanning for 1000802 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: XYZ-P Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 19:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 18:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 21:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 18:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 20:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 13:57:47 ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 13:57:47 ANTIVIR3.VDF : 7.0.1.194 93696 Bytes 04/01/2008 13:57:47 AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 05/01/2008 13:57:47 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 16:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 13:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 19:16:24 AVPACK32.DLL : 7.6.0.2 360488 Bytes 05/01/2008 13:57:47 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 13:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 18:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 13:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 17:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 18:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 18:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 15:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\utilities\security\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: M:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: dimanche 6 janvier 2008 19:38 Starting search for hidden objects. '45968' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'cidaemon.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'ImApp.exe' - '1' Module(s) have been scanned Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned Scan process 'xplorer2_UC.exe' - '1' Module(s) have been scanned Scan process 'WinBar.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'ICQ.exe' - '1' Module(s) have been scanned Scan process 'ftpte.exe' - '1' Module(s) have been scanned Scan process 'Spywareterminatorshield.Exe' - '1' Module(s) have been scanned Scan process 'apdproxy.exe' - '1' Module(s) have been scanned Scan process 'FireWall.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'fpdisp5a.exe' - '1' Module(s) have been scanned Scan process 'full_presence.exe' - '1' Module(s) have been scanned Scan process 'ragui.exe' - '1' Module(s) have been scanned Scan process 'iTouch.exe' - '1' Module(s) have been scanned Scan process 'MIProHst.exe' - '1' Module(s) have been scanned Scan process 'soundman.exe' - '1' Module(s) have been scanned Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'winvnc.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned Scan process 'ntserver.exe' - '1' Module(s) have been scanned Scan process 'RemotelyAnywhere.exe' - '1' Module(s) have been scanned Scan process 'ramaint.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'DUC20.exe' - '1' Module(s) have been scanned Scan process 'cisvc.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 54 processes with 54 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Master boot sector HD1 [NOTE] No virus was found! Master boot sector HD2 [NOTE] No virus was found! Master boot sector HD3 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Boot sector 'M:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '25' files ). Starting the file scan: Begin scan in 'C:\' C:\Muestras.rar [0] Archive type: RAR --> Muestras\SROSA.SYS.Muestra EliBagle v10.81 [DETECTION] Is the Trojan horse TR/Rootkit.Gen [WARNING] The file was ignored! C:\pagefile.sys [WARNING] The file could not be opened! C:\Muestras\SROSA.SYS.Muestra EliBagle v10.81 [DETECTION] Is the Trojan horse TR/Rootkit.Gen [WARNING] The file was ignored! C:\Program Files\Internet\FTP\BPFTP Server\bpftpserver-service.exe [DETECTION] Contains detection pattern of the SPR/Tool.ServiceRunner program [iNFO] The file was moved to '47e78678.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <D> D:\Ce-Jour\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> nircmd.exe [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 --> nircmd.cfexe [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 [iNFO] The file was moved to '47ee8cf9.qua'! D:\ProgSave\Ecrire&Fontes\Ecrire\Adobe\Alap.InEffects.1.0.2.for.Adobe.InDesign.CS2.incl.KeyGen-SCOTCH.rar [0] Archive type: RAR --> Alap.InEffects.1.0.2.for.Adobe.InDesign.CS2.incl.KeyGen-SCOTCH\siei102a.zip [1] Archive type: ZIP --> scotch.part1.rar [2] Archive type: RAR --> alap.software.multikeygen.v1.8.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file [iNFO] The file was moved to '47e2943a.qua'! Begin scan in 'E:\' <eMule> E:\Progs\ALAP.Imposer.Pro.v1.1.3.for.Adobe.InDesign.Incl.Keygen-SCOTCH.rar [0] Archive type: RAR --> ALAP.Imposer.Pro.v1.1.3.for.Adobe.InDesign.Incl.Keygen-SCOTCH\s-ip113a.zip [1] Archive type: ZIP --> scotch.part1.rar [2] Archive type: RAR --> alap.software.multikeygen.v1.8.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file [iNFO] The file was moved to '47c2a7f8.qua'! E:\Progs\Macromedia Studio 8 Fr (dreamweaver 8 - Fireworks 8 - Flash + Kegen.ace [0] Archive type: ACE --> Video voir en premier.avi [WARNING] Error creating the file --> Le concept.doc [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed E:\Progs\WinRAR 3.62 Fr & Crack.rar [0] Archive type: RAR --> WinRAR 3.62 Fr & Crack\Patch WinRAR 3.62.exe [DETECTION] Contains detection pattern of the application APPL/Xema.A [iNFO] The file was moved to '47efaa45.qua'! E:\Zique\Graeme Allwright - Masterseries - 3Cd Mp3 Full Album Covers.ace [0] Archive type: ACE --> [mas][graeme_allwright.masterseries_3cd][vbr_mp3_full_album_covers]\cd11 - Emmne-moi.mp3 [WARNING] Error creating the file --> [mas][graeme_allwright.masterseries_3cd][vbr_mp3_full_album_covers]\cd32 - Vagabondage.mp3 [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed Begin scan in 'F:\' <F> Begin scan in 'M:\' <M> End of the scan: lundi 7 janvier 2008 01:46 Used time: 6:07:18 min The scan has been done completely. 24731 Scanning directories 1294879 Files were scanned 8 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 5 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 1294871 Files not concerned 16977 Archives were scanned 33 Warnings 84 Notes 45968 Objects were scanned with rootkit scan 0 Hidden objects were found - - - - - - - - - Scan de KASPERSKY (également plus de 6 heures) ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Monday, January 07, 2008 10:27:50 AM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 6/01/2008 Enregistrements dans la base antivirus Kaspersky : 470191 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: A:\ C:\ D:\ E:\ F:\ G:\ H:\ M:\ Statistiques de l'analyse: Total d'objets analysés: 437730 Nombre de virus trouvés: 2 Nombre d'objets infectés: 108 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 08:14:47 Nom de l'objet infecté / Nom du virus / Dernière action C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20080106-193849-FFB6D3F1.LOG L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20080106-193849-FFB6B6732_system L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Application Data\ICQ\138919835\Messages.mdb L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Application Data\ICQ\138919835\Owner.mdb L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Application Data\ICQ\Application.mdb L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\formhistory.dat L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From Michael Page International <R-5-7 ... /[From brenda@conciviles.com][Date Thu, 19 Aug 2004 17:01:22 -0400]/photos_arc.exe Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "la ... ... /[ ... /[From sandra@consultant.com][Date Fri, 20 Aug 2004 17:19:23 - ... /UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "la ... ... /[ ... /[From sandra@consultant.com][Date Fri, 20 Aug 2004 17:19:23 -0400]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "la ... ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Thu, 30 Sep 2004 22:41:40 -0700]/text Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "la ... /[From Webmaster <webmaster@michaelpage.fr>][Date Fri, 16 Jan 2004 14:52:31 +0100]/text Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "laur . ... /[From xxxxxxxxxxx <xxxxxxx@free.fr>][Date Sun, 18 Jan 2004 10:18:52 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "laur ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sat, 11 Sep 2004 10:36:34 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "laure ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 6 Jun 2004 17:31:18 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "laurenc ... /[From frsupport@esupport.netgear.com][Date Mon, 03 Nov 2003 01:13:10 +1100]/text Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "laurencedewavrin" <laurencedewavrin@wanadoo.fr>][Date Wed, 24 Mar 2004 11:01:37 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... /[From Internet Mail Deliv ... /[From mbarbosa170@hotmail.com][Date Mon, 26 Apr 2004 13:11:33 -0500]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... /[From Internet Mail Delivery <postmaster@cable.net.co>][Date Sun, 23 May 2004 02:34:56 -0500 (COT)]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... /[From FORTUNEO <R-2-7 ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 9 Jul 2004 19:34:06 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... /[From FORTUNEO <R-2-7 ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:58:43 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... /[From FORTUNEO <R-2-7 ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 22 Mar 2004 17:19:19 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... /[From FORTUNEO <R-2-7 ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 12 Mar 2004 22:04:41 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... /[From FORTUNEO <R-2-78120-19130154-2-4699-FR1-38F69F85@xmr3.com>][Date Tue, 02 Dec 2003 10:20:55 -0500]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[From In ... /[From "ClickOptions" <clickoptions@clickoptions.ruk1.com>][Date Thu, 11 Mar 2004 10:47:53 +0000]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[From Internet Mail Delivery <postmaster@msgsrv01.telecom.com.co>][Date Mon, 31 May 2004 13:57:50 -0500 (GMT)]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[Fr ... /[F ... /[From ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 10 Sep 2004 21:37:40 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[Fr ... /[F ... /[From ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 18 Jan 2004 10:18:52 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[Fr ... /[F ... /[From "Boursorama INVEST" <boursomail@boursorama.fr>][Date Tue, 20 Apr 2004 07:37:49 +0200]/text Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[Fr ... /[From "ClickOp ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sat, 16 Oct 2004 21:25:18 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[Fr ... /[From "ClickOp ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Wed, 19 May 2004 05:56:03 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[Fr ... /[From "ClickOptions" <clickoptions@clickoptions.ruk1.com>][Date Wed, 19 May 2004 09:31:47 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From Tr ... ... /[Fro ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 21 May 2004 20:02:34 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From Tr ... ... /[From Lladro Center Paris <paris-pc@fr.lladro.com>][Date Tue, 13 Jul 2004 13:36:49 +0200]/html Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From Tr ... /[From "Bo ... /[Fro ... /[From webmaster@michaelpage.fr][Date Wed, 17 Nov 2004 12:41:07 -0200]/text Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From Tr ... /[From "Bo ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Wed, 25 Feb 2004 22:19:39 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From Tr ... /[From "Boursorama INVEST" <boursomail@boursorama.fr>][Date Wed, 11 Feb 2004 22:02:33 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From TradingLab <R-1-7 ... /[From ... /[From marineb@netcourrier.com][Date Wed, 26 May 2004 14:32:27 CEST]/text Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From TradingLab <R-1-7 ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Thu, 22 Jul 2004 19:29:24 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From TradingLab <R-1-78120-18694310-2-4699-FR1-BD37F22F@xmr3.com>][Date Thu, 20 Nov 2003 09:12:02 -0500]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From Michael Page Inter ... /[From "IncrediMail" <incredimail@incredimail.com>][Date Thu, 27 Nov 2003 21:43:34 +0200]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From Michael Page International <R-5-76363-9176359-2-53-FR1-6B14F1D9@xmr3.com>][Date Fri, 15 Oct 2004 03:00:11 -0400]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxx xxxx ... /[From "ClickO ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 18 Apr 2004 14:09:04 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxx xxxx ... /[From "ClickO ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sat, 13 Mar 2004 17:11:01 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxx xxxx ... /[From "ClickO ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sat, 13 Mar 2004 07:22:47 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxx xxxx ... /[From "ClickOptions" <clickoptions@clickoptions.ruk1.com>][Date Tue, 6 Apr 2004 10:11:13 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <m ... /[From " ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 23 May 2004 08:59:45 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <m ... /[From " ... ... /[From hamiltonfranco@hotmail.com][Date Mon, 31 May 2004 13:39:16 -0500]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <m ... /[From " ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Wed, 9 Jun 2004 20:49:56 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <m ... /[From " ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 22 Mar 2004 17:22:59 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <m ... /[From " ... /[From "H.H. xxxxxx" <hxxxxxx@free.fr>][Date Fri, 30 Jul 2004 19:58:55 +0200]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <m ... /[From "Service Clients Fortuneo" <mperf@bp03.net>][Date Fri, 01 Oct 2004 09:04:10 +02:00]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.f ... /[From "H.H. xxxxxx" <hxxxxxx@free.fr>][Date Sun, 31 Oct 2004 23:26:52 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>] ... /[From postmaster-univers@renault.fr][Date Mon, 3 May 2004 05:44:26 +0200]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sat, 8 Nov 2003 17:32:48 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\IM\Identities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm Mail: infecté - 52 ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Local Settings\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Local Settings\Temp\JET6D85.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Local Settings\Temp\~DF2623.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Local Settings\Temp\~DF3019.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Papa\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Papa\ntuser.dat.LOG L'objet est verrouillé ignoré C:\itouch_crash_info.txt L'objet est verrouillé ignoré C:\Muestras\SROSA.SYS.Muestra EliBagle v10.81 L'objet est verrouillé ignoré C:\Muestras.rar/Muestras/SROSA.SYS.Muestra EliBagle v10.81 Infecté : Trojan-Downloader.Win32.Bagle.go ignoré C:\Muestras.rar RAR: infecté - 1 ignoré C:\Program Files\Internet\No-IP\Service.log L'objet est verrouillé ignoré C:\Program Files\Internet\sambar70\log\access.log L'objet est verrouillé ignoré C:\Program Files\Internet\sambar70\log\isapi.log L'objet est verrouillé ignoré C:\Program Files\Internet\sambar70\log\server.log L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{CA28D084-E8EA-476F-8A53-4AEB876B3BAC}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré E:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci000002.ps1 L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci000002.ps2 L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci01000B.ci L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\cicat.fid L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\cicat.hsh L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\CiCL0001.000 L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\CiP10000.000 L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\CiP20000.000 L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\CiPT0000.000 L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\CiSL0001.000 L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\CiSP0000.000 L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\CiST0000.000 L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\CiVP0000.000 L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\INDEX.000 L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\propstor.bk1 L'objet est verrouillé ignoré M:\System Volume Information\catalog.wci\propstor.bk2 L'objet est verrouillé ignoré M:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From Michael Page International <R-5-7 ... /[From brenda@conciviles.com][Date Thu, 19 Aug 2004 17:01:22 -0400]/photos_arc.exe Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "la ... ... /[ ... /[From sandra@consultant.com][Date Fri, 20 Aug 2004 17:19:23 - ... /UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "la ... ... /[ ... /[From sandra@consultant.com][Date Fri, 20 Aug 2004 17:19:23 -0400]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "la ... ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Thu, 30 Sep 2004 22:41:40 -0700]/text Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "la ... /[From Webmaster <webmaster@michaelpage.fr>][Date Fri, 16 Jan 2004 14:52:31 +0100]/text Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "laur . ... /[From xxxxxxxxxxx <xxxxxxx@free.fr>][Date Sun, 18 Jan 2004 10:18:52 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "laur ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sat, 11 Sep 2004 10:36:34 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "laure ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 6 Jun 2004 17:31:18 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "laurenc ... /[From frsupport@esupport.netgear.com][Date Mon, 03 Nov 2003 01:13:10 +1100]/text Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... / ... /[From "laurencedewavrin" <laurencedewavrin@wanadoo.fr>][Date Wed, 24 Mar 2004 11:01:37 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... /[From Internet Mail Deliv ... /[From mbarbosa170@hotmail.com][Date Mon, 26 Apr 2004 13:11:33 -0500]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... ... /[From Internet Mail Delivery <postmaster@cable.net.co>][Date Sun, 23 May 2004 02:34:56 -0500 (COT)]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... /[From FORTUNEO <R-2-7 ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 9 Jul 2004 19:34:06 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... /[From FORTUNEO <R-2-7 ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:58:43 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... /[From FORTUNEO <R-2-7 ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 22 Mar 2004 17:19:19 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... /[From FORTUNEO <R-2-7 ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 12 Mar 2004 22:04:41 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[ ... /[From FORTUNEO <R-2-78120-19130154-2-4699-FR1-38F69F85@xmr3.com>][Date Tue, 02 Dec 2003 10:20:55 -0500]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[From In ... /[From "ClickOptions" <clickoptions@clickoptions.ruk1.com>][Date Thu, 11 Mar 2004 10:47:53 +0000]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[F ... /[From Internet Mail Delivery <postmaster@msgsrv01.telecom.com.co>][Date Mon, 31 May 2004 13:57:50 -0500 (GMT)]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[Fr ... /[F ... /[From ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 10 Sep 2004 21:37:40 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[Fr ... /[F ... /[From ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 18 Jan 2004 10:18:52 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[Fr ... /[F ... /[From "Boursorama INVEST" <boursomail@boursorama.fr>][Date Tue, 20 Apr 2004 07:37:49 +0200]/text Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[Fr ... /[From "ClickOp ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sat, 16 Oct 2004 21:25:18 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[Fr ... /[From "ClickOp ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Wed, 19 May 2004 05:56:03 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[Fr ... /[From "ClickOptions" <clickoptions@clickoptions.ruk1.com>][Date Wed, 19 May 2004 09:31:47 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From Tr ... ... /[Fro ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 21 May 2004 20:02:34 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From Tr ... ... /[From Lladro Center Paris <paris-pc@fr.lladro.com>][Date Tue, 13 Jul 2004 13:36:49 +0200]/html Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From Tr ... /[From "Bo ... /[Fro ... /[From webmaster@michaelpage.fr][Date Wed, 17 Nov 2004 12:41:07 -0200]/text Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From Tr ... /[From "Bo ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Wed, 25 Feb 2004 22:19:39 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From Tr ... /[From "Boursorama INVEST" <boursomail@boursorama.fr>][Date Wed, 11 Feb 2004 22:02:33 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From TradingLab <R-1-7 ... /[From ... /[From marineb@netcourrier.com][Date Wed, 26 May 2004 14:32:27 CEST]/text Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From TradingLab <R-1-7 ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Thu, 22 Jul 2004 19:29:24 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From M ... /[From TradingLab <R-1-78120-18694310-2-4699-FR1-BD37F22F@xmr3.com>][Date Thu, 20 Nov 2003 09:12:02 -0500]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From Michael Page Inter ... /[From "IncrediMail" <incredimail@incredimail.com>][Date Thu, 27 Nov 2003 21:43:34 +0200]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/U ... /[From Michael Page International <R-5-76363-9176359-2-53-FR1-6B14F1D9@xmr3.com>][Date Fri, 15 Oct 2004 03:00:11 -0400]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxx xxxx ... /[From "ClickO ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 18 Apr 2004 14:09:04 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxx xxxx ... /[From "ClickO ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sat, 13 Mar 2004 17:11:01 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxx xxxx ... /[From "ClickO ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sat, 13 Mar 2004 07:22:47 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxx xxxx ... /[From "ClickOptions" <clickoptions@clickoptions.ruk1.com>][Date Tue, 6 Apr 2004 10:11:13 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <m ... /[From " ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 23 May 2004 08:59:45 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <m ... /[From " ... ... /[From hamiltonfranco@hotmail.com][Date Mon, 31 May 2004 13:39:16 -0500]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <m ... /[From " ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Wed, 9 Jun 2004 20:49:56 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <m ... /[From " ... /[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 22 Mar 2004 17:22:59 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <m ... /[From " ... /[From "H.H. xxxxxx" <hxxxxxx@free.fr>][Date Fri, 30 Jul 2004 19:58:55 +0200]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <m ... /[From "Service Clients Fortuneo" <mperf@bp03.net>][Date Fri, 01 Oct 2004 09:04:10 +02:00]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.f ... /[From "H.H. xxxxxx" <hxxxxxx@free.fr>][Date Sun, 31 Oct 2004 23:26:52 +0100]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>] ... /[From postmaster-univers@renault.fr][Date Mon, 3 May 2004 05:44:26 +0200]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sat, 8 Nov 2003 17:32:48 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED/[From Internet Mail Delivery <postmaster@mmptvc.cable.net.co>][Date Fri, 02 Apr 2004 20:03:45 -0500 (COT)]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Sun, 2 May 2004 22:36:25 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Fri, 30 Jul 2004 18:01:16 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm/[From "xxxxxxxxxxx" <xxxxxxx@free.fr>][Date Mon, 5 Jul 2004 19:22:58 -0700]/UNNAMED Infecté : Email-Worm.Win32.Mydoom.q ignoré M:\Temp\Save\Install 200705\CDocuments and SettingsPapaLocal SettingsApplication DataIMIdentities\{42D00B20-479C-11d4-9706-00105A40931C}\Message Store\Deleted Items.imm Mail: infecté - 52 ignoré Analyse terminée. - - - - - - - - Les mails infectés dans => m:\Temp\Save\Install 200705\xxxx sont une sauvegarde des mails Incredimails effectuée lors de ma dernière réinstallation générale. J'ai occulté mon adresse email perso par des xxxxx - - - - - - - Scan de Ewido __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Adtech Path: C:\Documents and Settings\Papa\Cookies\papa@adtech[1].txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.29:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.51:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.53:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium Name: TrackingCookie.Adviva Path: :mozilla.61:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.69:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.70:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.71:C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\edw9uyqk.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrends Path: C:\Documents and Settings\vanessa\Cookies\vanessa@m.webtrends[2].txt Risk: Medium Name: Backdoor.Hupigon Path: D:\ProgSave\Audio\Nero\Ahead Nero 7 Premium Multilang with KeyGen CD Version by Verdigo DCP.rar/Nero7\Nero7Keygen.exe Risk: High Name: Backdoor.Hupigon Path: D:\ProgSave\Audio\Nero\Ahead Nero 7 Premium Multilang with KeyGen CD Version by Verdigo DCP.rar/Nero7\Nero7Keygen.zip/Nero7Keygen.exe Risk: High Name: Backdoor.Hupigon Path: D:\ProgSave\Audio\Nero\Ahead_Nero_v7.0_KeyGen_Only-PARADOX.rar/Nero7Keygen.exe Risk: High - - - - - - - - J'ai cliqué comme indiqué sur nettoyer - - - - - - - - - - J'ai bien téléchargé Combofix avec le lien indiqué, mais Antivir le signale comme problématique... J'ai répondu ignorer en esperant que je ne fait pas une grosse erreur Pour pouvoir exécuter Combofix, j'ai du désactiver temporairement l'Antivirus et Spyware Terminator... Ci-dessous le rapport : ComboFix 08-01-07.5 - Papa 2008-01-07 15:16:07.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.483 [GMT -5:00] Running from: D:\Ce-Jour\ComboFix.exe * Created a new restore point . ADS - system32: deleted 24329 bytes in 1 streams. ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))))))) . 2008-01-07 15:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-06 19:51 . 2008-01-06 19:51 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-06 19:17 . 2008-01-06 19:17 120,380 --a------ C:\Muestras.rar 2008-01-06 01:06 . 2008-01-06 01:06 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-01-06 01:04 . 2008-01-07 04:00 <REP> d-------- C:\Program Files\Spyware Terminator 2008-01-06 01:04 . 2008-01-07 04:00 <REP> d-------- C:\Documents and Settings\Papa\Application Data\Spyware Terminator 2008-01-06 01:04 . 2008-01-06 08:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-01-05 21:49 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-01-05 18:51 . 2008-01-05 18:55 <REP> d--h----- C:\WINDOWS\PIF 2008-01-05 17:19 . 2008-01-05 17:19 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-01-05 17:09 . 2008-01-05 17:09 <REP> dr------- C:\Documents and Settings\LocalService\Favoris 2008-01-05 17:09 . 2008-01-05 17:09 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback 2008-01-05 17:01 . 2008-01-05 17:01 <REP> d-------- C:\Program Files\Fichiers communs\Agnitum Shared 2008-01-05 16:45 . 2008-01-04 16:48 5,478,623 --a------ C:\WINDOWS\system32\ahnszds.szd 2008-01-05 16:45 . 2008-01-04 16:51 4,346,481 --a------ C:\WINDOWS\system32\ahnszhs.szd 2008-01-05 16:45 . 2008-01-04 16:47 2,276,928 --a------ C:\WINDOWS\system32\ahnszns.szd 2008-01-05 16:45 . 2007-11-06 10:24 64,128 --a------ C:\WINDOWS\system32\drivers\ahnsze.sys 2008-01-05 16:35 . 2008-01-05 16:35 <REP> d-------- C:\Program Files\AhnLab 2008-01-05 08:54 . 2008-01-05 08:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-05 08:02 . 2008-01-05 08:03 <REP> d-------- C:\Muestras 2008-01-01 21:45 . 2008-01-06 18:37 <REP> d-------- C:\HijackThis 2008-01-01 20:03 . 2007-02-28 11:02 2,138,112 --a------ C:\WINDOWS\system32\ntoskrnl.exe 2008-01-01 20:03 . 2007-02-28 11:02 2,138,112 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-01-01 17:29 . 2008-01-01 17:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-01-01 17:29 . 2008-01-07 15:24 156 --a------ C:\WINDOWS\Twunk001.MTX 2008-01-01 17:29 . 2008-01-07 15:25 4 --a------ C:\WINDOWS\Twain001.Mtx 2008-01-01 17:29 . 2008-01-01 17:29 0 --a------ C:\WINDOWS\Twunk002.MTX 2008-01-01 17:24 . 2008-01-01 17:24 <REP> d-------- C:\Program Files\Fichiers communs\Control Panels 2008-01-01 17:22 . 2008-01-01 17:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ALM 2008-01-01 17:17 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2008-01-01 17:17 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-01-01 17:07 . 2008-01-01 17:07 <REP> d-------- C:\Program Files\Bonjour 2008-01-01 17:00 . 2008-01-01 17:00 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared 2007-12-25 23:51 . 2007-12-25 23:51 <REP> d-------- C:\Documents and Settings\Papa\Application Data\Alien Skin 2007-12-24 16:41 . 2007-12-24 16:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-23 15:04 . 2007-08-30 06:33 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-12-23 15:04 . 2007-08-30 06:33 118,056 --------- C:\WINDOWS\system32\pxcpyi64.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-05 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-01-05 03:01 --------- d-----w C:\Program Files\Google 2008-01-01 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-01 22:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-01 21:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-24 21:38 --------- d-----w C:\Program Files\Images 2007-12-05 21:06 --------- d-----w C:\Documents and Settings\Papa\Application Data\Canon 2007-11-23 23:08 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-23 12:41 --------- d-----w C:\Documents and Settings\Papa\Application Data\AdobeUM 2007-11-17 22:40 --------- d-----w C:\Program Files\DivX 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-20 11:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2006-07-29 18:25 108 --sha-r C:\WINDOWS\neoqaz2.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CuteFTP Pro TE"="C:\Program Files\Internet\FTP\CuteFTP\TE\ftpte.exe" [2007-05-12 17:57 1571840] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-05-06 16:20 208946] "ICQ"="C:\Program Files\Internet\ICQ\ICQ.exe" [2007-10-22 10:45 177400] "RoboForm"="C:\Program Files\Internet\RoboForm\RoboTaskBarIcon.exe" [2007-10-14 08:15 160592] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 17:54 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-11-16 22:42 577536 C:\WINDOWS\soundman.exe] "nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 09:15 208896] "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 10:37 69632] "MImpPro"="C:\PROGRA~1\UTILIT~1\MImpPRO\MIProHst.exe" [2000-03-17 15:06 48128] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] "zBrowser Launcher"="C:\Program Files\Peripheriques\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928] "WinVNC"="C:\Program Files\Internet\UltraVNC\WinVNC.exe" [2006-07-17 15:44 364544] "RemotelyAnywhere GUI"="C:\Program Files\Internet\RA\RAGui.exe" [2006-07-10 11:58 377608] "full_presence"="C:\Program Files\Internet\FTP\Full Présence\full_presence.exe" [ ] "FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-04-06 09:28 499712] "NvMediaCenter"="RunDLL32.exe" [2004-08-03 17:55 33792 C:\WINDOWS\system32\rundll32.exe] "UnlockerAssistant"="C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe" [2006-09-07 12:19 15872] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 17:55 33792 C:\WINDOWS\system32\rundll32.exe] "WinampAgent"="C:\Program Files\Audio\Winamp\winampa.exe" [2007-12-20 10:16 37376] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "avgnt"="C:\Program Files\Utilities\Security\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-05 08:57 249896] "Ashampoo FireWall"="C:\Program Files\Utilities\Security\Ashampoo FireWall\FireWall.exe" [2007-04-05 14:57 3251800] "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-12-04 02:07 61440] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-06 01:05 2834432] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FolderGuard] C:\Program Files\Utilities\Security\Folder Guard\FGuard32.dll 2004-09-11 00:19 262723 C:\Program Files\Utilities\Security\Folder Guard\FGuard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit] RAinit.dll 2006-07-10 11:59 11520 C:\WINDOWS\system32\RAinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "WinampAgent"=C:\Program Files\Audio\Winamp\wianmpa.exe R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-06 01:06] R2 FGUARD32;FGUARD32;C:\Program Files\Utilities\Security\Folder Guard\FGUARD32.SYS [2004-09-01 07:01] R2 RAInfo;RemotelyAnywhere Kernel Information Provider;C:\Program Files\Internet\RA\RaInfo.sys [2006-07-10 11:59] R2 Sambar Server;Sambar Server;C:\Program Files\Internet\sambar70\bin\ntserver.exe [2007-03-06 18:29] R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 15:22] R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 09:50] R3 ramirr;ramirr;C:\WINDOWS\system32\DRIVERS\ramirr.sys [2006-07-10 11:59] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] R3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 15:22] S2 BPFTPServer;BPFTPServer;C:\Program Files\Internet\FTP\BPFTP Server\bpftpserver-service.exe /name:"BPFTPServer" /start:"bpftpserver.exe -h -s [] S3 M2500;802.11g Wireless Network Driver;C:\WINDOWS\system32\DRIVERS\M2500.sys [2004-06-24 01:38] S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-03 17:55] S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-03 17:55] S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-03 17:55] S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-03 17:55] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DB749F5C-4E5A-9303-73E5-529067FD290B}] C:\WINDOWS\system32:pi2srv.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-07 15:25:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\Program Files\Utilities\Security\Ashampoo FireWall\spi.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\Program Files\Utilities\Security\Ashampoo FireWall\spi.dll -> C:\Program Files\Utilities\Unlocker\UnlockerHook.dll . Completion time: 2008-01-07 15:28:49 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-07 20:28:47 . 2007-12-15 02:12:28 --- E O F --- - - - - - - - - - - - Voila... Je crois qu'il reste encore du travail. J'attends tes instructions. Merci encore.

Bien, le scan s'est enfin terminé. Il a trouvé pas mal de virus dans des fichiers *.zip que j'ai mis en quarantaine en attendant de les virer. En tournant un peu sur Zebulon et d'autres sites dédiés à la sécuritê, j'ai trouvé des programmes recomandés pour mieux protéger mon PC. Spyware Terminator => Installé Anti Spyware Guard Spyware Blaster Win Patrol Ashampoo Firewall => Installé AVG Anti Rootkit => Installé rien trouvé N'est ce pas too much ? Il semble que Spyware Terminator et Anti Spyware Guard veuillent s'éliminer l'un l'autre sur mon laptop. Anti Spyware Guard me signale Lavasoft et Spybot comme des attackware !!!

Merci à vous 2. J'ai lancé le scan général avec Antivir mais cela va être long car il lui a fallu 30 minutes pour le premier pourcent.... J'en profite pour vous demander que faut il installer en sus d'Antivir ? Dois je réinstaller Spy Bot ? Existe t'il un moyen pour que le résident (TeaTimer) ne soit pas supprimé par un virus ? Merci

Bonjour Angelique et merci de ton aide. Sat Jan 05 08:03:48 2008 EliBagle v10.81 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Acción Directa): Por favor, envienos una muestra del fichero C:\Muestras\WINSYS.EXE.Muestra EliBagle v10.81 a "virus@satinfo.es". Gracias. C:\WINDOWS\SYSTEM32\WINSYS.EXE --> Eliminado Bagle C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Eliminado Bagle C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle C:\WINDOWS\SYSTEM32\DRIVERS\HIDR.EXE --> Bagle Renombrado a .VIR Por favor, envienos una muestra del fichero C:\Muestras\SROSA.SYS.Muestra EliBagle v10.81 a "virus@satinfo.es". Gracias. C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle Eliminada Carpeta "%WinDir%\exefld" Restaurada Clave: "SafeBoot\Minimal y Network" Sat Jan 05 08:05:35 2008 EliBagle v10.81 ©2008 S.G.H. / Satinfo S.L. ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\RECYCLER\S-1-5-21-1960408961-1788223648-725345543-1003\Dc10\GOOGLETOOLBARNOTIFIER.EXE --> Eliminado Bagle C:\WINDOWS\system32\SOUNDMAN.EXE --> Eliminado Bagle Nº Total de Directorios: 13853 Nº Total de Ficheros: 152021 Nº de Ficheros Analizados: 9553 Nº de Ficheros Infectados: 3 Nº de Ficheros Limpiados: 2 Après cela, j'ai rebooté le PC et EliBaglA s'est relancé automatiquement. La nouvelle recherche n'a rien trouvé et s'est "contenté" d'éliminer le fichier hidr.exe.vir Par contre il y a 2 repertoires que le prog n'a pas pu explorer (accès refusé)... Je peux enfin installer AntiVir et retourner sur Internet... Un scan général poussé s'annonce... Merci de vos aides. - - - - - - - - - - - -

Bonsoir. J'ai désinstallé eMule et Google Toolbar. Pour Incredimail, c'est plus dur, il me faut d'abord trouver comment faire pour récuperer mes mails. Je crois que je vais les renvoyer sur un compte mail temporaire avant de les reimporter dans Thundirbird. Pour le carnet d'addresse, il faut encore voir comment faire... De toutes facons, je ferais cela lorsque la situation sera rétablie sur le PC. Pour le moment, j'ai isolé le PC d'Internet et du réseau familial et j'utilise mon Laptop et une clef USB pour les fichiers à installer. Pour la Yahoo Toolbar, je la trouve réellement pratique et ne souhaite pas m'en passer si ce n'est pas absolument nécéssaire. J'ajoute que je l'utilise depuis plusieurs années... J'ai passé CCleaner Nettoyer et Réparer plusieurs fois jusqu'à ce qu'il n'y ait plus d'erreurs reportées. - - - - - Résultat du scan par fsbl.exe 01/04/08 23:32:23 [info]: BlackLight Engine 1.0.67 initialized 01/04/08 23:32:23 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/04/08 23:32:23 [Note]: 7019 4 01/04/08 23:32:23 [Note]: 7005 0 01/04/08 23:32:29 [Note]: 7006 0 01/04/08 23:32:29 [Note]: 7011 1620 01/04/08 23:32:29 [Note]: 7026 0 01/04/08 23:32:29 [Note]: 7026 0 01/04/08 23:32:29 [Note]: 7024 3 01/04/08 23:32:29 [info]: Hidden process: C:\WINDOWS\system32\drivers\hidr.exe 01/04/08 23:32:31 [Note]: FSRAW library version 1.7.1024 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\autoviewer.lrwe 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\autoviewer.lrwe 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\autoviewer.lrwe 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\autoviewer.lrwe 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\autoviewer.lrwe 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\autoviewer.lrwe 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\autoviewer.lrwe 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\autoviewer.lrwe 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\autoviewer.lrwe 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\autoviewer.lrwe 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\autoviewer.lrwe 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_flash.l 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\default_html.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\postcardviewer. 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\postcardviewer. 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\postcardviewer. 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\postcardviewer. 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\postcardviewer. 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\postcardviewer. 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\postcardviewer. 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\postcardviewer. 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\postcardviewer. 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\postcardviewer. 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\simpleviewer.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\simpleviewer.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\simpleviewer.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\simpleviewer.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\simpleviewer.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\simpleviewer.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\simpleviewer.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\simpleviewer.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\simpleviewer.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [info]: Hidden file: c:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\shared\webengines\simpleviewer.lr 01/04/08 23:32:41 [Note]: 10002 3 01/04/08 23:32:41 [Note]: 10002 2 01/04/08 23:32:41 [Note]: 10002 2 01/04/08 23:33:14 [Note]: 10002 2 01/04/08 23:33:14 [Note]: 10002 2 01/04/08 23:33:18 [info]: Hidden file: c:\Program Files\Movie Maker\Shared\Empty.txt 01/04/08 23:33:18 [Note]: 10002 3 01/04/08 23:33:18 [info]: Hidden file: c:\Program Files\Movie Maker\Shared\Filters.xml 01/04/08 23:33:18 [Note]: 10002 3 01/04/08 23:33:18 [info]: Hidden file: c:\Program Files\Movie Maker\Shared\news.png 01/04/08 23:33:18 [Note]: 10002 3 01/04/08 23:33:18 [info]: Hidden file: c:\Program Files\Movie Maker\Shared\paint.png 01/04/08 23:33:18 [Note]: 10002 3 01/04/08 23:33:18 [info]: Hidden file: c:\Program Files\Movie Maker\Shared\Profiles\Blank.txt 01/04/08 23:33:18 [Note]: 10002 3 01/04/08 23:33:18 [info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample1.jpg 01/04/08 23:33:18 [Note]: 10002 3 01/04/08 23:33:18 [info]: Hidden file: c:\Program Files\Movie Maker\Shared\Sample2.jpg 01/04/08 23:33:18 [Note]: 10002 3 01/04/08 23:33:18 [Note]: 10002 2 01/04/08 23:33:18 [Note]: 10002 2 01/04/08 23:33:36 [Note]: 10002 2 01/04/08 23:33:36 [Note]: 10002 2 01/04/08 23:33:43 [info]: Hidden file: c:\WINDOWS\system32\wintems.exe 01/04/08 23:33:43 [Note]: 10002 2 01/04/08 23:33:46 [info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys 01/04/08 23:33:46 [Note]: 10002 2 01/04/08 23:33:46 [info]: Hidden file: C:\WINDOWS\system32\drivers\hidr.exe 01/04/08 23:33:46 [Note]: 10002 2 01/04/08 23:34:09 [Note]: 2000 1012 01/04/08 23:34:09 [Note]: 2000 1012 01/04/08 23:36:34 [Note]: 7007 0 - - - - - - - - Résultat du nouveau HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:41:06, on 04/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Internet\FTP\BPFTP Server\bpftpserver-service.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Internet\FTP\BPFTP Server\bpftpserver.exe C:\Program Files\Internet\No-IP\DUC20.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Internet\RA\RaMaint.exe C:\Program Files\Internet\RA\RemotelyAnywhere.exe C:\Program Files\Internet\sambar70\bin\ntserver.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet\UltraVNC\WinVNC.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\UTILIT~1\MImpPRO\MIProHst.exe C:\Program Files\Peripheriques\Logitech\iTouch\iTouch.exe C:\Program Files\Internet\RA\RAGui.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe C:\Program Files\Audio\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Internet\RoboForm\RoboTaskBarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Utilities\WinBar\WinBar.exe C:\Program Files\Utilities\Xplorer²\xplorer2_UC.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeePro2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\INCRED~1\bin\IncMail.exe C:\HijackThis\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Internet\RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Internet\RoboForm\roboform.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [MImpPro] C:\PROGRA~1\UTILIT~1\MImpPRO\MIProHst.exe O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Peripheriques\Logitech\iTouch\iTouch.exe" O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\Internet\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\Internet\RA\RAGui.exe" O4 - HKLM\..\Run: [full_presence] "C:\Program Files\Internet\FTP\Full Présence\full_presence.exe" O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Audio\Winamp\winampa.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CuteFTP Pro TE] "C:\Program Files\Internet\FTP\CuteFTP\TE\ftpte.exe" O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [iCQ] "C:\Program Files\Internet\ICQ\ICQ.exe" silent O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Internet\RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Raccourci vers winampa.lnk = C:\Program Files\Audio\Winamp\winampa.exe O4 - Startup: WinBar.lnk = C:\Program Files\Utilities\WinBar\WinBar.exe O4 - Startup: xplorer2.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Internet\RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Internet\RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Internet\RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Internet\RoboForm\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Internet\RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Internet\RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Internet\RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Internet\RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Internet\RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Internet\RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\Internet\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\Internet\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195324487484 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195324150015 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://xyz-p:2000/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FEEF3D11-B89E-4957-A97D-3B23809FF073}: NameServer = 200.118.2.66,200.118.2.85,63.245.1.3 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BPFTPServer - Unknown owner - C:\Program Files\Internet\FTP\BPFTP Server\bpftpserver-service.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Audio\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\Internet\No-IP\DUC20.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - C:\Program Files\Internet\RA\RaMaint.exe O23 - Service: RemotelyAnywhere - LogMeIn, Inc. - C:\Program Files\Internet\RA\RemotelyAnywhere.exe O23 - Service: Sambar Server - Unknown owner - C:\Program Files\Internet\sambar70\bin\ntserver.exe O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\Internet\UltraVNC\WinVNC.exe -- End of file - 12103 bytes - - - - - - - - - Resultat du log de Process Exlorer Process PID CPU Description Company Name System Idle Process 0 96.88 Interrupts n/a Hardware Interrupts DPCs n/a 1.56 Deferred Procedure Calls System 4 smss.exe 488 Gestionnaire de session Windows NT Microsoft Corporation csrss.exe 556 1.56 Client Server Runtime Process Microsoft Corporation winlogon.exe 596 Application d'ouverture de session Windows NT Microsoft Corporation services.exe 640 Applications Services et Contrôleur Microsoft Corporation svchost.exe 796 Generic Host Process for Win32 Services Microsoft Corporation ImApp.exe 2524 IncrediMail Application IncrediMail, Ltd. IncMail.exe 3116 IncrediMail Tray Application IncrediMail, Ltd. svchost.exe 876 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 916 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 956 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1000 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 1120 Spooler SubSystem App Microsoft Corporation mDNSResponder.exe 1220 Bonjour Service Apple Computer, Inc. bpftpserver-service.exe 1232 bpftpserver.EXE 1280 BulletProof FTP Server (http://www.bpftpserver.com) DigitalCandle, Inc. cisvc.exe 1268 Content Index service Microsoft Corporation cidaemon.exe 3020 Indexing Service filter daemon Microsoft Corporation DUC20.exe 1368 No-IP.com DUC Vitalwerks LLC nvsvc32.exe 1484 NVIDIA Driver Helper Service, Version 91.31 NVIDIA Corporation ramaint.exe 1512 RemotelyAnywhere Maintenance Service LogMeIn, Inc. RemotelyAnywhere.exe 1544 RemotelyAnywhere LogMeIn, Inc. ntserver.exe 1576 svchost.exe 1628 Generic Host Process for Win32 Services Microsoft Corporation wdfmgr.exe 1672 Windows User Mode Driver Manager Microsoft Corporation winvnc.exe 1732 Serveur VNC pour Win32 www.ultravnc.fr CALMAIN.exe 1996 Canon Camera Access Library 8 Canon Inc. FNPLicensingService.exe 2572 Activation Licensing Service Macrovision Europe Ltd. GoogleUpdaterService.exe 2888 gusvc Google lsass.exe 652 LSA Shell (Export Version) Microsoft Corporation rundll32.exe 616 Exécuter une DLL en tant qu'application Microsoft Corporation explorer.exe 1620 Explorateur Windows Microsoft Corporation MIProHst.exe 2088 MouseImp PRO host module TV4 STUDIOS iTouch.exe 2116 iTouch Application Logitech Inc. ragui.exe 2140 RemotelyAnywhere Desktop Application LogMeIn, Inc. fpdisp5a.exe 2156 FinePrint FinePrint Software, LLC rundll32.exe 2164 Exécuter une DLL en tant qu'application Microsoft Corporation UnlockerAssistant.exe 2172 winampa.exe 2188 acrotray.exe 2196 AcroTray Adobe Systems Inc. robotaskbaricon.exe 2348 RoboForm TaskBar Icon Siber Systems ctfmon.exe 2356 CTF Loader Microsoft Corporation WinBar.exe 2532 JDM taskmgr.exe 756 Gestionnaire des tâches de Windows Microsoft Corporation xplorer2_UC.exe 2552 x2 - explorer replacement ZabKat WinRAR.exe 2768 procexp.exe 3248 Sysinternals Process Explorer Sysinternals notepad.exe 1448 Bloc-notes Microsoft Corporation - - - - - - - Je crois que tout ceci est arrivé alors que j'installais le pack suivant : Adobe Creative suite 3 Master.... J'ai utilisé un Keygen. J'ai copié ce keygen sur ma clef USB et l'ai soumis à Antivir sur mon portable => RAS Je l'ai ensuite passé à Spyware Termainator => RAS Sur les lectures que tu as recommandé, j'ai trouvé un lien (Virus Total) pour faire tester un fichier par plusieurs antivirus. Je post également le résultat. Fichier Key_Generator.EXE reçu le 2007.12.24 15:53:27 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - (Suspicious) - DNAScan ClamAV - - - DrWeb - - - eSafe - - suspicious Trojan/Worm eTrust-Vet - - - Ewido - - - FileAdvisor - - - Fortinet - - - F-Prot - - - F-Secure - - - Ikarus - - - Kaspersky - - - McAfee - - - Microsoft - - - NOD32v2 - - - Norman - - Suspicious_F.gen Panda - - - Prevx1 - - Generic.Malware Rising - - - Sophos - - Mal/Packer Sunbelt - - VIPRE.Suspicious Symantec - - - TheHacker - - - VBA32 - - - VirusBuster - - Packed/FSG Webwasher-Gateway - - Win32.Malware.gen#FSG (suspicious) Information additionnelle MD5: c7e60a5ded20ec9b7faaa1a932c51d45 - - - - - - Voila, j'espère que tu auras quelques lumières pour débusquer l'intrus. Merci d'avance. - - - - - - - - - - - -

Bonjour et merci pour la réponse. Je dois hélas partir de mon domicile maintenant et reviendrais samedi. Je ferais alors les opérations demandées. Néanmoins : - Le P2P est une source de virus, oui, et je viens d'en prendre un sévère... - Les barres d'outils sont des logiciels publicitaires ? J'utilise celle de Yahoo depuis des années et n'ai jamais rien constaté de tel... Je gère mon agenda et pas mal d'autres choses avec Yahoo et la toolbar est bien utile... Pas de problème pour désinstaller la Google Toolbar vu qu'elle est maintenant installée dans Firefox. - Incrédimail ??? Pareil, je l'utilise depuis bien longtemps et ne constate rien de grave... J'ai plein de mail que je ne souhaite pas perdre ainsi qu'un carnet d'adresse. Je peux passer a Thundirbird sur ce PC mais il faut que je regarde comment faire la migration. - J'ai CCleaner sur ma machine et m'en sert régulièrement. Dois je télécharger la version slim ? - Mes problèmes ont commencé avec l'installation d'un prog venu de eMule.... Oui, j'héberge bien un serveur FTP sur ma machine ainsi qu'un site Internet. La ligne : O4 - HKLM\..\Run: [full_presence] "C:\Program Files\Internet\FTP\Full Présence\full_presence.exe" Est un utilitaire développé pour un forum auquel je participe. Je l'ai depuis plusieurs années et il ne m'a jamais causé de problèmes. Voila, il faut vraiment que j'y aille maintenant ou je vais perde mon avion. A samedi. encore merci.

Bonsoir. Je n'ai plus aucune protection active sur mon pc de bureau... J'avais : AVAST, SpyBot avec TeaTimer & Le firewall de windows Cela fait plusieurs heures que je cherche quoi faire et n'y arrive pas. Un des experts de Zebulon peut il m'aider ? J'ai installé HijackThis et essayé de traiter mais n'ai rien trouvé. La réinstallation d'Avast ne fonctionne pas. Je l'ai désinstallé et réinstallé avec un scan complet des DD, il a trouvé des virus qu'il a supprimé mais l'exe ne s'installe pas. J'ai vu sur le forum qu'Antivir est une bonne solution mais l'install ne marche pas car aucun exe ne s'installe sur la machine. Le mode sans échec ne fonctionne plus non plus... Je joins mon rappport HijackThis ainsi que ce que j'ai déja supprimé. Merci d'avance pour toute aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:33:10, on 02/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Internet\FTP\BPFTP Server\bpftpserver-service.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Internet\FTP\BPFTP Server\bpftpserver.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Internet\No-IP\DUC20.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Internet\RA\RaMaint.exe C:\Program Files\Internet\RA\RemotelyAnywhere.exe C:\Program Files\Internet\sambar70\bin\ntserver.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet\UltraVNC\WinVNC.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\UTILIT~1\MImpPRO\MIProHst.exe C:\Program Files\Peripheriques\Logitech\iTouch\iTouch.exe C:\Program Files\Internet\RA\RAGui.exe C:\Program Files\Internet\FTP\Full Présence\full_presence.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe C:\Program Files\Audio\Winamp\winampa.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Internet\ICQ\ICQ.exe C:\Program Files\Internet\RoboForm\RoboTaskBarIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet\eMule\emule.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Utilities\WinBar\WinBar.exe C:\Program Files\Utilities\Xplorer²\xplorer2_UC.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Internet\Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\HijackThis\HijackThis.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Internet\RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Internet\RoboForm\roboform.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [sW20] C:\WINDOWS\system32\sw20.exe O4 - HKLM\..\Run: [sW24] C:\WINDOWS\system32\sw24.exe O4 - HKLM\..\Run: [MImpPro] C:\PROGRA~1\UTILIT~1\MImpPRO\MIProHst.exe O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Peripheriques\Logitech\iTouch\iTouch.exe" O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\Internet\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\Internet\RA\RAGui.exe" O4 - HKLM\..\Run: [full_presence] "C:\Program Files\Internet\FTP\Full Présence\full_presence.exe" O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Utilities\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Audio\Winamp\winampa.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [CuteFTP Pro TE] "C:\Program Files\Internet\FTP\CuteFTP\TE\ftpte.exe" O4 - HKCU\..\Run: [incrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c O4 - HKCU\..\Run: [iCQ] "C:\Program Files\Internet\ICQ\ICQ.exe" silent O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Internet\RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\Internet\eMule\emule.exe -AutoStart O4 - S-1-5-18 Startup: Raccourci vers winampa.lnk = C:\Program Files\Audio\Winamp\winampa.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: WinBar.lnk = C:\Program Files\Utilities\WinBar\WinBar.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: xplorer2.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: Raccourci vers winampa.lnk = C:\Program Files\Audio\Winamp\winampa.exe (User 'Default user') O4 - .DEFAULT Startup: WinBar.lnk = C:\Program Files\Utilities\WinBar\WinBar.exe (User 'Default user') O4 - .DEFAULT Startup: xplorer2.lnk = ? (User 'Default user') O4 - Startup: Raccourci vers winampa.lnk = C:\Program Files\Audio\Winamp\winampa.exe O4 - Startup: WinBar.lnk = C:\Program Files\Utilities\WinBar\WinBar.exe O4 - Startup: xplorer2.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Internet\RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Internet\RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Internet\RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Internet\RoboForm\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Internet\RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Internet\RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Internet\RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Internet\RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Internet\RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Internet\RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\Internet\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\Internet\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195324487484 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1195324150015 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://xyz-p:2000/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FEEF3D11-B89E-4957-A97D-3B23809FF073}: NameServer = 200.118.2.66,200.118.2.85,63.245.1.3 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BPFTPServer - Unknown owner - C:\Program Files\Internet\FTP\BPFTP Server\bpftpserver-service.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Audio\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\Internet\No-IP\DUC20.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - C:\Program Files\Internet\RA\RaMaint.exe O23 - Service: RemotelyAnywhere - LogMeIn, Inc. - C:\Program Files\Internet\RA\RemotelyAnywhere.exe O23 - Service: Sambar Server - Unknown owner - C:\Program Files\Internet\sambar70\bin\ntserver.exe O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\Internet\UltraVNC\WinVNC.exe -- End of file - 13067 bytes = = = = = = Ce que j'ai déjà supprimé : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php = = = = = =

Las !!!! Ce matin, une belle alerte VPN m'attendait également Il doit tout de même bien y avoir un moyen

Bonsoir. J'ai le même problème que Bouli quoiqu'à un niveau moindre (quelques alertes de ci de là, groupées mais pas tous les jours). En lisant les posts, je me suis interressé à la doc de ZA et ai regardé de plus près comment j'étais configuré. Surprise VPN était autorisé sur ma machine : Firewall => Main => Advanced => Allow VPN protocol Un peu plus loin, la doc précise : Allows the use of VPN protocols (ESP, AH, GRE, SKIP) even when high security is applied. When this control is not selected, these protocols are allowed only at medium security. Re test de ma config, j'étais en sécurité moyenne sur internet. Firewall => Main => Internet Zone Security Voila, j'espère que ceci sera suffisant/util.