shadoko

Pb resolu ... une autorisation de tmpproxy.exe (Trend Micro) était nécessaire après examen du journal de connexion de Comodo. Sorry pour ce post devenu "inutile"

Je te remercie pour ces précieux conseils Le sujet est désormais marqué "résolu" Bonne continuation Amicalement Greg (shadoko)

Ma foi non, tout à l'air ok .... Si les rapports sont bons, y'a pas de raisons que ça merdoie ! Je vous remercie tous les 2 d'avoir passé du temps sur mon pb désormais résolu Bonne fin de WE Amicalement, Shadoko PS : je désinstalle les dossiers ComboxFix, fichiers Comboxfix.txt, etc ?

Hello, j'ai pas eu à réactiver l'AV car le pc a redémarré tout seul puis à afficher le log de Comboxfix Les logs demandés : ComboFix : ComboFix 08-12-06.06 - GREG 2008-12-07 17:50:54.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.515 [GMT 1:00] Lancé depuis: c:\documents and settings\GREG\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\GREG\Bureau\CFScript.txt * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\GREG\Application Data\EoRezo c:\documents and settings\GREG\Application Data\EoRezo\cmhost.cyp c:\documents and settings\GREG\Application Data\EoRezo\ConfMedia.cyp c:\documents and settings\GREG\Application Data\EoRezo\db\cat.cyp c:\documents and settings\GREG\Application Data\EoRezo\eoDesktop\config.xml c:\documents and settings\GREG\Application Data\EoRezo\eoDesktop\eoDesktop.html c:\documents and settings\GREG\Application Data\EoRezo\eoDesktop\userConfig.xml c:\documents and settings\GREG\Application Data\EoRezo\host.cyp c:\documents and settings\GREG\Application Data\EoRezo\user.cyp . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 )))))))))))))))))))))))))))))))))))) . 2008-12-07 16:28 . 2008-12-07 16:28 <REP> d-------- C:\rsit 2008-12-05 17:18 . 2008-12-05 17:19 <REP> d-------- c:\program files\RegClean 2008-12-04 00:09 . 2008-12-04 00:09 <REP> d-------- c:\program files\ZebHelpProcess 2 2008-12-04 00:09 . 2008-12-04 00:09 <REP> d-------- c:\program files\Fichiers communs\Borland Shared 2008-12-04 00:09 . 1999-01-20 05:01 210,032 --a------ c:\windows\system32\DBCLIENT.DLL 2008-12-04 00:09 . 1999-11-12 05:11 183,808 --a------ c:\windows\system32\BDEADMIN.CPL 2008-12-04 00:09 . 2008-12-05 16:49 13,030 --a------ C:\PDOXUSRS.NET 2008-12-01 17:33 . 2008-12-01 17:33 1,989 --ah----- C:\hpothb07.tif 2008-12-01 17:33 . 2008-12-01 17:33 1,061 --ah----- C:\hpothb07.dat 2008-11-30 19:32 . 2008-11-30 19:32 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-30 18:19 . 2008-11-30 18:19 <REP> d-------- c:\program files\metagenia 2008-11-19 17:41 . 2008-11-19 17:41 <REP> d-------- C:\VundoFix Backups 2008-11-17 17:44 . 2008-11-17 17:44 <REP> d-------- c:\program files\Toucan 2008-11-13 06:35 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-13 06:35 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 22:53 . 2008-11-12 22:55 <REP> d-------- c:\documents and settings\GREG\.ultramixer 2008-11-12 00:00 . 2008-11-12 00:00 <REP> d-------- c:\documents and settings\GREG\Application Data\Leadertech 2008-11-11 23:59 . 2008-02-01 10:43 195,096 --a------ c:\windows\system32\lvci11701193.dll 2008-11-10 17:53 . 2008-11-22 18:07 <REP> d-------- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-07 16:52 --------- d-----w c:\program files\SPAMfighter 2008-12-06 12:12 --------- d-----w c:\documents and settings\GREG\Application Data\foobar2000 2008-12-05 23:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-12-05 16:00 --------- d-----w c:\program files\Ad-Aware 2008-12-04 22:42 --------- d-----w c:\program files\Trend Micro 2008-12-04 22:15 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-11-30 18:32 --------- d-----w c:\program files\Java 2008-11-30 11:15 --------- d-----w c:\documents and settings\GREG\Application Data\Azureus 2008-11-22 22:09 --------- d-----w c:\program files\Azureus 2008-11-22 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-22 14:34 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2008-11-21 14:37 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-12 21:41 --------- d-----w c:\program files\CDBurnerXP 2008-11-11 22:59 --------- d-----w c:\program files\Fichiers communs\LogiShrd 2008-11-11 22:58 --------- d-----w c:\program files\Logitech 2008-11-11 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd 2008-11-04 10:33 --------- d-----w c:\program files\Nokia 2008-11-04 10:33 --------- d-----w c:\program files\Fichiers communs\PCSuite 2008-11-04 10:33 --------- d-----w c:\program files\Fichiers communs\Nokia 2008-11-04 10:29 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-11-02 22:17 --------- d-----w c:\documents and settings\GREG\Application Data\Canneverbe_Limited 2008-10-31 12:29 --------- d-----w c:\program files\Gabest 2008-10-31 02:50 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys 2008-10-31 02:50 205,328 ----a-w c:\windows\system32\drivers\TmXPFlt.sys 2008-10-31 02:50 1,195,448 ----a-w c:\windows\system32\drivers\VSAPINT.SYS 2008-10-31 01:23 --------- d-----w c:\program files\GIF Recuperateur 2008-10-31 01:09 --------- d-----w c:\program files\Exact Audio Copy 2008-10-29 13:18 --------- d-----w c:\program files\WinCDEmu 2008-10-29 13:18 --------- d-----w c:\documents and settings\GREG\Application Data\KompoZer 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-22 15:36 --------- d-----w c:\documents and settings\GREG\Application Data\Apple Computer 2008-10-22 15:33 --------- d-----w c:\program files\Opera 2008-10-13 22:08 --------- d-----w c:\program files\SopCast 2008-10-12 21:34 --------- d-----w c:\program files\SoundRecorder 2008-10-12 21:17 --------- d-----w c:\documents and settings\GREG\Application Data\FMZilla 2008-10-12 12:30 737,280 ----a-w c:\windows\iun6002.exe 2008-10-09 23:22 --------- d-----w c:\program files\Picasa2 2007-02-17 18:36 1 ----a-w c:\documents and settings\GREG\SI.bin 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-05-28 07:48 10,856 --sha-w c:\windows\system32\KGyGaAvL.sys 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2008-11-22_14.49.56.71 ))))))))))))))))))))))))))))))))))))))))) . + 2008-07-26 07:25:24 109,080 ----a-w c:\windows\system32\config\systemprofile\Local Settings\temp\logishrd\LVPrcInj01.dll + 2008-12-07 16:52:44 16,384 ----atw c:\windows\system32\config\systemprofile\Local Settings\temp\Perflib_Perfdata_5a0.dat - 2008-10-16 18:58:10 185,816 ----a-w c:\windows\system32\FNTCACHE.DAT + 2008-12-03 22:44:31 224,816 ----a-w c:\windows\system32\FNTCACHE.DAT - 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe + 2008-11-30 18:32:25 144,792 ----a-w c:\windows\system32\java.exe - 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe + 2008-11-30 18:32:25 144,792 ----a-w c:\windows\system32\javaw.exe - 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe + 2008-11-30 18:32:25 148,888 ----a-w c:\windows\system32\javaws.exe + 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe + 2008-11-22 14:12:24 88,590 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe - 2008-11-22 13:46:45 64,452 ----a-w c:\windows\system32\perfc009.dat + 2008-12-07 15:29:00 64,588 ----a-w c:\windows\system32\perfc009.dat - 2008-11-22 13:46:45 78,296 ----a-w c:\windows\system32\perfc00C.dat + 2008-12-07 15:29:00 78,536 ----a-w c:\windows\system32\perfc00C.dat - 2008-11-22 13:46:45 408,114 ----a-w c:\windows\system32\perfh009.dat + 2008-12-07 15:29:00 408,250 ----a-w c:\windows\system32\perfh009.dat - 2008-11-22 13:46:45 476,662 ----a-w c:\windows\system32\perfh00C.dat + 2008-12-07 15:29:00 477,080 ----a-w c:\windows\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224] "LaunchList"="e:\logiciels\Pinnacle Studio 11\LaunchList2.exe" [2007-03-21 145496] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-14 321160] "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-30 136600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] c:\documents and settings\GREG\Menu D‚marrer\Programmes\D‚marrage\ pccguide.exe.lnk - c:\program files\Trend Micro\Internet Security\pccguide.exe [2003-11-14 942142] PCClient.exe.lnk - c:\program files\Trend Micro\Internet Security\PCClient.exe [2003-11-14 651330] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194] Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-30 113664] hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 323646] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.xvid"= xvid.dll "VIDC.DVSD"= pdvcodec.dll "VIDC.MJPG"= Pvmjpg30.dll "VIDC.I420"= i420vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R2 PccPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\PccPfw.exe [2003-11-14 704571] R2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-07-14 184968] R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2003-08-22 205328] R2 Tmntsrv;Trend NT Realtime Service;"c:\program files\Trend Micro\Internet Security\Tmntsrv.exe" [2003-11-14 241734] R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2003-08-22 36368] R2 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\tmproxy.exe [2003-11-14 204870] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-09-05 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-09-05 8320] . Contenu du dossier 'Tâches planifiées' 2008-12-06 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1219861921.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.lo.st uInternet Settings,ProxyServer = proxy.free.fr:3128 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {6D561E2F-90A2-47C8-A412-8B3132CAAEB5} = 212.27.53.252,212.27.54.252 FireFox -: Profile - c:\documents and settings\GREG\Application Data\Mozilla\Firefox\Profiles\13x2zbod.Greg\ FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\nphardwaredetection.dll FF -: plugin - c:\program files\Picasa2\npPicasa2.dll FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-07 17:52:43 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(916) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\a-squared Free\a2service.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\msiexec.exe c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************** . Heure de fin: 2008-12-07 17:55:34 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-07 16:55:31 ComboFix2.txt 2008-11-22 13:50:37 Avant-CF: 5 360 373 760 octets libres Après-CF: 5,372,186,624 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 231 --- E O F --- 2008-11-13 06:02:43 HiJackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:59, on 07/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Trend Micro\Internet Security\pccguide.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Trend Micro\Internet Security\PCClient.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [LaunchList] E:\Logiciels\Pinnacle Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-18\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user') O4 - Startup: pccguide.exe.lnk = C:\Program Files\Trend Micro\Internet Security\pccguide.exe O4 - Startup: PCClient.exe.lnk = C:\Program Files\Trend Micro\Internet Security\PCClient.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{6D561E2F-90A2-47C8-A412-8B3132CAAEB5}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe -- End of file - 8801 bytes ++

Bonsoir, la suite ComboFix 08-11-18.A2 - GREG 2008-11-22 14:47:52.2 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.783 [GMT 1:00] Lancé depuis: c:\documents and settings\GREG\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-22 au 2008-11-22 )))))))))))))))))))))))))))))))))))) . 2008-11-19 17:41 . 2008-11-19 17:41 <REP> d-------- C:\VundoFix Backups 2008-11-17 17:44 . 2008-11-17 17:44 <REP> d-------- c:\program files\Toucan 2008-11-13 07:00 . 2008-11-13 07:01 593 --a------ c:\windows\imsins.BAK 2008-11-13 06:35 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-13 06:35 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 22:53 . 2008-11-12 22:55 <REP> d-------- c:\documents and settings\GREG\.ultramixer 2008-11-12 00:00 . 2008-11-12 00:00 <REP> d-------- c:\documents and settings\GREG\Application Data\Leadertech 2008-11-11 23:59 . 2008-02-01 10:43 195,096 --a------ c:\windows\system32\lvci11701193.dll 2008-11-10 17:53 . 2008-11-10 17:54 <REP> d-------- c:\windows\system32\Adobe 2008-11-04 11:33 . 2008-11-04 11:33 <REP> d-------- c:\program files\Fichiers communs\PCSuite 2008-11-02 23:17 . 2008-11-12 22:41 <REP> d-------- c:\program files\CDBurnerXP 2008-11-02 23:17 . 2008-11-02 23:17 <REP> d-------- c:\documents and settings\GREG\Application Data\Canneverbe_Limited 2008-10-31 13:29 . 2008-10-31 13:29 <REP> d-------- c:\program files\Gabest 2008-10-29 14:00 . 2008-10-29 14:18 <REP> d-------- c:\program files\WinCDEmu 2008-10-28 15:16 . 2008-10-29 14:18 <REP> d-------- c:\documents and settings\GREG\Application Data\KompoZer 2008-10-24 15:14 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-22 16:36 . 2008-10-22 16:36 <REP> d-------- c:\documents and settings\GREG\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-22 13:39 --------- d-----w c:\program files\SPAMfighter 2008-11-21 19:15 --------- d-----w c:\documents and settings\GREG\Application Data\foobar2000 2008-11-21 18:16 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-21 14:37 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-19 16:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-19 00:25 --------- d-----w c:\documents and settings\GREG\Application Data\Azureus 2008-11-11 22:59 --------- d-----w c:\program files\Fichiers communs\LogiShrd 2008-11-11 22:58 --------- d-----w c:\program files\Logitech 2008-11-11 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd 2008-11-04 10:33 --------- d-----w c:\program files\Nokia 2008-11-04 10:33 --------- d-----w c:\program files\Fichiers communs\Nokia 2008-11-04 10:29 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-10-31 02:50 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys 2008-10-31 02:50 205,328 ----a-w c:\windows\system32\drivers\TmXPFlt.sys 2008-10-31 02:50 1,195,448 ----a-w c:\windows\system32\drivers\VSAPINT.SYS 2008-10-31 01:23 --------- d-----w c:\program files\GIF Recuperateur 2008-10-31 01:09 --------- d-----w c:\program files\Exact Audio Copy 2008-10-25 13:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-22 15:33 --------- d-----w c:\program files\Opera 2008-10-22 14:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 14:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-13 22:08 --------- d-----w c:\program files\SopCast 2008-10-12 21:34 --------- d-----w c:\program files\SoundRecorder 2008-10-12 21:17 --------- d-----w c:\documents and settings\GREG\Application Data\FMZilla 2008-10-12 12:30 737,280 ----a-w c:\windows\iun6002.exe 2008-10-09 23:22 --------- d-----w c:\program files\Picasa2 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-29 14:16 --------- d-----w c:\documents and settings\GREG\Application Data\Malwarebytes 2008-09-29 14:16 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2008-09-29 13:03 --------- d-----w c:\documents and settings\GREG\Application Data\AdobeUM 2008-09-26 22:19 --------- d-----w c:\documents and settings\GREG\Application Data\EoRezo 2008-09-24 19:45 446,976 ----a-w c:\windows\system32\ShellMPD.dll 2008-09-24 19:45 --------- d-----w c:\program files\MSN Pictures Displayer 2008-09-24 19:42 --------- d-----w c:\documents and settings\GREG\Application Data\MSN Pictures Displayer 2008-09-24 16:37 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2007-02-17 18:36 1 ----a-w c:\documents and settings\GREG\SI.bin 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-05-28 07:48 10,856 --sha-w c:\windows\system32\KGyGaAvL.sys 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224] "LaunchList"="e:\logiciels\Pinnacle Studio 11\LaunchList2.exe" [2007-03-21 145496] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2008-07-14 321160] "!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312] "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] c:\documents and settings\GREG\Menu D‚marrer\Programmes\D‚marrage\ Logitech . Enregistrement du produit.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-02-13 493832] pccguide.exe.lnk - c:\program files\Trend Micro\Internet Security\pccguide.exe [2003-11-14 942142] PCClient.exe.lnk - c:\program files\Trend Micro\Internet Security\PCClient.exe [2003-11-14 651330] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194] Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-30 113664] hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-09 323646] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=ejgyjs.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.xvid"= xvid.dll "VIDC.DVSD"= pdvcodec.dll "VIDC.MJPG"= Pvmjpg30.dll "VIDC.I420"= i420vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= S2 PccPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\PccPfw.exe [2003-11-14 704571] S2 SPAMfighter Update Service;SPAMfighter Update Service;"c:\program files\SPAMfighter\sfus.exe" [2008-07-14 184968] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-09-05 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-09-05 8320] . Contenu du dossier 'Tâches planifiées' 2008-10-28 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1219861921.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56] . . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\GREG\Application Data\Mozilla\Firefox\Profiles\13x2zbod.Greg\ FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\nphardwaredetection.dll FF -: plugin - c:\program files\Picasa2\npPicasa2.dll FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-22 14:49:43 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-11-22 14:50:36 ComboFix-quarantined-files.txt 2008-11-22 13:50:13 Avant-CF: 5 562 359 808 octets libres Après-CF: 5,557,993,472 octets libres 160 --- E O F --- 2008-11-13 06:02:43 ++

Salut, voici les logs demandés : log.txt : Logfile of random's system information tool 1.04 (written by random/random) Run by GREG at 2008-12-07 16:28:47 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 5 GB (26%) free of 20 GB Total RAM: 1023 MB (46% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:28, on 07/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Trend Micro\Internet Security\pccguide.exe C:\Program Files\Trend Micro\Internet Security\PCClient.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\GREG\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\GREG.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [LaunchList] E:\Logiciels\Pinnacle Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-18\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user') O4 - Startup: pccguide.exe.lnk = C:\Program Files\Trend Micro\Internet Security\pccguide.exe O4 - Startup: PCClient.exe.lnk = C:\Program Files\Trend Micro\Internet Security\PCClient.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{6D561E2F-90A2-47C8-A412-8B3132CAAEB5}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe -- End of file - 8876 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1219861921.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-30 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-12 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-30 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-30 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SPAMfighter Agent"=C:\Program Files\SPAMfighter\SFAgent.exe [2008-07-14 321160] "!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312] "LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-30 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2005-08-12 180224] "LaunchList"=E:\Logiciels\Pinnacle Studio 11\LaunchList2.exe [2007-03-21 145496] "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Documents and Settings\GREG\Menu Démarrer\Programmes\Démarrage pccguide.exe.lnk - C:\Program Files\Trend Micro\Internet Security\pccguide.exe PCClient.exe.lnk - C:\Program Files\Trend Micro\Internet Security\PCClient.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-06-07 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "ForceClassicControlPanel"= "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2008-12-07 16:28:47 ----D---- C:\rsit 2008-12-05 17:18:42 ----D---- C:\Program Files\RegClean 2008-12-05 16:50:51 ----A---- C:\WINDOWS\ntbtlog.txt 2008-12-04 00:09:20 ----A---- C:\WINDOWS\system32\DBCLIENT.DLL 2008-12-04 00:09:18 ----D---- C:\Program Files\Fichiers communs\Borland Shared 2008-12-04 00:09:06 ----D---- C:\Program Files\ZebHelpProcess 2 2008-11-30 19:32:34 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-30 18:19:48 ----D---- C:\Program Files\metagenia 2008-11-22 14:59:53 ----SHD---- C:\RECYCLER 2008-11-22 14:50:38 ----D---- C:\WINDOWS\temp 2008-11-22 14:50:37 ----A---- C:\ComboFix.txt 2008-11-22 14:47:02 ----D---- C:\Qoobox 2008-11-22 14:47:02 ----D---- C:\ComboFix 2008-11-19 17:41:18 ----D---- C:\VundoFix Backups 2008-11-19 17:41:18 ----A---- C:\VundoFix.txt 2008-11-17 17:44:36 ----D---- C:\Program Files\Toucan 2008-11-12 00:00:29 ----D---- C:\Documents and Settings\GREG\Application Data\Leadertech 2008-11-11 23:59:35 ----A---- C:\WINDOWS\system32\lvci11701193.dll 2008-11-10 17:53:56 ----D---- C:\WINDOWS\system32\Adobe ======List of files/folders modified in the last 1 months====== 2008-12-07 16:28:13 ----D---- C:\Program Files\Mozilla Firefox 2008-12-07 16:25:53 ----D---- C:\WINDOWS\system32 2008-12-07 16:25:48 ----D---- C:\Program Files\SPAMfighter 2008-12-07 07:24:04 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-12-06 13:12:13 ----D---- C:\Documents and Settings\GREG\Application Data\foobar2000 2008-12-06 00:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-12-05 23:45:01 ----D---- C:\Documents and Settings\GREG\Application Data\Adobe 2008-12-05 20:16:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-12-05 18:13:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-12-05 17:18:42 ----D---- C:\Program Files 2008-12-05 17:00:56 ----D---- C:\Program Files\Ad-Aware 2008-12-05 16:50:51 ----D---- C:\WINDOWS 2008-12-04 23:42:12 ----D---- C:\Program Files\Trend Micro 2008-12-04 23:41:03 ----D---- C:\HJT 2008-12-04 23:15:56 ----D---- C:\WINDOWS\system32\drivers 2008-12-04 23:15:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-02 21:46:36 ----D---- C:\WINDOWS\Fonts 2008-11-30 19:32:38 ----SHD---- C:\WINDOWS\Installer 2008-11-30 19:32:38 ----SHD---- C:\Config.Msi 2008-11-30 19:32:25 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-30 19:32:25 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-30 19:32:25 ----A---- C:\WINDOWS\system32\java.exe 2008-11-30 19:32:23 ----D---- C:\Program Files\Java 2008-11-30 12:15:25 ----D---- C:\Documents and Settings\GREG\Application Data\Azureus 2008-11-24 17:46:05 ----D---- C:\WINDOWS\Prefetch 2008-11-22 23:09:52 ----D---- C:\Program Files\Azureus 2008-11-22 18:34:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-22 15:34:22 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-22 15:34:19 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-11-22 15:00:02 ----D---- C:\WINDOWS\Debug 2008-11-22 14:49:40 ----N---- C:\WINDOWS\system.ini 2008-11-22 14:48:55 ----D---- C:\WINDOWS\AppPatch 2008-11-22 14:48:55 ----D---- C:\Program Files\Fichiers communs 2008-11-21 15:37:53 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-19 17:54:22 ----A---- C:\WINDOWS\WININIT.INI 2008-11-19 16:49:47 ----A---- C:\WINDOWS\msnfix.txt 2008-11-18 16:07:15 ----D---- C:\WINDOWS\inf 2008-11-18 16:07:15 ----D---- C:\WINDOWS\Help 2008-11-13 07:01:33 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-13 07:01:31 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-13 07:00:31 ----D---- C:\WINDOWS\WinSxS 2008-11-12 23:07:40 ----A---- C:\WINDOWS\TBX_PRO.ini 2008-11-12 22:41:15 ----D---- C:\Program Files\CDBurnerXP 2008-11-11 23:59:52 ----D---- C:\Program Files\Fichiers communs\LogiShrd 2008-11-11 23:59:35 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-11-11 23:59:10 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-11 23:58:59 ----D---- C:\Program Files\Logitech 2008-11-11 23:58:41 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd 2008-11-09 21:23:37 ----A---- C:\WINDOWS\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys [] R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys [] R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\System32\Drivers\tmtdi.sys [2003-11-14 14976] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244] R2 tm_cfw;Common Firewall Driver; C:\WINDOWS\System32\Drivers\tm_cfw.sys [2007-01-29 771712] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R2 Tmfilter;Tmfilter; C:\WINDOWS\system32\drivers\TmXPFlt.sys [2008-10-31 205328] R2 Tmpreflt;Tmpreflt; C:\WINDOWS\system32\drivers\Tmpreflt.sys [2008-10-31 36368] R2 Vsapint;Vsapint; C:\WINDOWS\system32\drivers\Vsapint.sys [2008-10-31 1195448] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-02 229376] R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-27 93824] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-07 1580544] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752] R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-05-22 12288] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-05-22 5810] R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2008-02-01 489624] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-07-27 83712] R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\HardwareDetection\driverhardwarev2.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456] S3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys [] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2007-06-14 224376] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-07 409600] R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-12 168432] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-30 152984] R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096] R2 PccPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\PccPfw.exe [2003-11-14 704571] R2 SPAMfighter Update Service;SPAMfighter Update Service; C:\Program Files\SPAMfighter\sfus.exe [2008-07-14 184968] R2 Tmntsrv;Trend NT Realtime Service; C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe [2003-11-14 241734] R2 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\tmproxy.exe [2003-11-14 204870] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-01-30 68096] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-05-14 86016] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- Info.txt info.txt logfile of random's system information tool 1.04 2008-12-07 16:28:56 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3nity Sound Recorder-->"C:\Program Files\SoundRecorder\unins000.exe" AC-3 ACM Decompressor-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01} Adobe Acrobat 6.0.1 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001} Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603} Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604} Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605} Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606} Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Interactive Forms Update SP1-->MsiExec.exe /I{AC76BA86-0000-F676-9FA0-000000000603} Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Alcatech BPM Studio Professional v4.9.1-->C:\PROGRA~1\ALCATech\BPM-ST~1\UNWISE.EXE C:\PROGRA~1\ALCATech\BPM-ST~1\INSTALL.LOG All2DVD-->C:\Program Files\Satsuki All2DVD\Uninstall.exe Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe a-squared Free 3.0-->"C:\Program Files\a-squared Free\unins000.exe" Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe Azureus-->C:\Program Files\Azureus\Uninstall.exe Bill2's Process Manager (Désinstallation uniquement)-->C:\Program Files\Bill2's Process Manager\uninstall.exe CAB Tool-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\CABTOOL.INF,DefaultUninstall CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" Coffret de pilotes Logitech Legacy USB Camera-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\11.10.2016\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_11.10" /clone_wait /hide_progress Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DivxToDVD 0.5.2-->"C:\Program Files\vso\DivxToDVD\unins000.exe" DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37} FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe" foobar2000 v0.9.5.1-->"C:\Program Files\foobar2000\uninstall.exe" Free-info-->"C:\Program Files\Free-info\unins000.exe" Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} GrabIt 1.6.2 Beta (build 940)-->"C:\Program Files\GrabIt\unins000.exe" HardwareDetection-->"C:\Program Files\HardwareDetection\Uninstall.exe" "C:\Program Files\HardwareDetection\install.log" -u Helix YUV Codecs (remove only)-->"C:\WINDOWS\system32\uninstHelixYUV.exe" HelpNDoc Version 1.11 Personal Edition-->"C:\Program Files\IBE Software\HelpNDoc\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP OfficeJet/PSC Scrubber-->C:\WINDOWS\IsUninst.exe -f"c:\program files\HPAiOScrubber\Uninst.isu" hp psc 2100 series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2} HTML Help Workshop-->C:\Program Files\HTML Help Workshop\setup.exe Uninstall Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29} Inkscape 0.45.1-->"C:\Program Files\Inkscape\uninst.exe" J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} jv16 PowerTools 1.3-->"C:\Program Files\jv16 PowerTools\unins000.exe" Language pack for Ad-Aware SE-->C:\PROGRA~1\Ad-Aware\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Ad-Aware\Plugins\Langs\INSTALL.LOG Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Money-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120 Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} mIRC-->"G:\SnowXtreM\mirc.exe" -uninstall Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" MixMeister BPM Analyzer 1.0-->"C:\Program Files\MixMeister BPM Analyzer\unins000.exe" Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Pictures Displayer 4.6-->"C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe" /U MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nero 7.2.0.3-->"C:\Program Files\Nero\unins000.exe" Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1} Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943} Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_fre.exe Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6} Nokia Software Updater-->MsiExec.exe /X{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB} Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Package de pilotes Windows - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf Package de pilotes Windows - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf Package de pilotes Windows - Nokia Modem (05/22/2008 3.-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf Package de pilotes Windows - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf Package de pilotes Windows - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf Package de pilotes Windows - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C} pdfsam 0.6 sr 2-->C:\Program Files\pdfsam\uninst.exe Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B} Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1} Photo et imagerie HP 2.0 - hp psc 2100 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot PhotoBox 3.2.5-->"C:\Program Files\PhotoBox\uninstall.exe" Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" proDAD Vitascene 1.0-->"E:\Logiciels\Vitascene\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe QuickTime Alternative 1.69-->"C:\Program Files\QuickTime Alternative\unins000.exe" Real Alternative 1.48-->"C:\Program Files\Real Alternative\unins000.exe" Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly RepareOE-->C:\Program Files\RepareOE\uninstall.exe Rep-Listing-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{887EF08A-011E-477C-B6CB-01E540538ADB}\setup.exe" -l0x40c -removeonly Satsuki Decoder Pack-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} SeriAll 2.0-->E:\Logiciels\Renomme\SeriAll\unins000.exe Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe Sopcast Toolbar-->C:\PROGRA~1\SopCast\UNWISE.EXE C:\PROGRA~1\SopCast\INSTALL.LOG SoundSoap PE-->MsiExec.exe /I{CBF78A5F-7950-4CF1-A063-C4C7B2B82CE6} SPAMfighter-->"C:\Program Files\SPAMfighter\uninstall.exe" Remove Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" Studio 11 Ultimate-->C:\Program Files\InstallShield Installation Information\{CC874CBB-BD87-4126-9465-AE73BB62D6E0}\setup.exe -runfromtemp -l0x040c -removeonly Studio 11-->C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x040c UNINSTALL -removeonly SUPER © Version 2007.bld.23 (July 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 TrackMania Nations ESWC 1.7.9-->"G:\Jeux\TrackMania Nations ESWC\unins000.exe" Trend Micro Internet Security-->MsiExec.exe /X{3943C4CF-AC42-4E00-8824-25159B8478F1} UltraMixer 2.3.5.1-->"F:\Logiciels\UltraMixer\unins000.exe" VirtualDubMOD 1.5.10.2 b2540 Fr-->E:\Logiciels\VDM\UnInstall_VDMOD.exe VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe" Web Stream Recorder Pro 1.22-->C:\Program Files\Sytexis Software\Web Stream Recorder Pro\uninstall.exe Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinHTTrack Website Copier 3.41-2-->"C:\Program Files\WinHTTrack\unins000.exe" WinPcap 3.1 beta3-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log" XviD Video Codec 18082002-1 (Koepi's build with EPSZ ME)-->"C:\Program Files\XviD\UninstXviD.exe" ZebHelpProcess 2.33-->"C:\Program Files\ZebHelpProcess 2\unins000.exe" ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 "TEMP"=%USERPROFILE%\Local Settings\Temp "TMP"=%USERPROFILE%\Local Settings\Temp "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH -----------------EOF----------------- Dans l'attente, merci ++

Bonsoir, Je vous remercie pour cette réponse et attends alors une aide plus spécifique Cordialement, Shadoko

Bonsoir, En mode sans échec, tous fichiers et dossiers visibles, cette dll n'est pas présente dans les 2 zones précisées ci-dessus (même en faisant une recherche sur C:\) Par contre, dans la base de registre, HKLM\SOFTWARE\Microsoft\Windows NT\Windows, la clé AppInit_DLLs existe et la donnée ejgyjs.dll y est présente ! J'ai suivi la manip présentée ici Anti Appinit Dlls et après suppression de cette valeur (ejgyjs.dll) et redémarrage de l'ordi, il s'avère que la clé ApplInit_Dll reste vide. Bon ben je ne sais quoi dire ++

Bonsoir, voici les 2 rapports obtenus : MBAM (pas de détections suspectes, aucun redémarrage de l'ordi) : Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1460 Windows 5.1.2600 Service Pack 3 04/12/2008 23:38:10 mbam-log-2008-12-04 (23-38-10).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 114809 Temps écoulé: 21 minute(s), 16 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) HJT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:43, on 04/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\PCClient.EXE C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [LaunchList] E:\Logiciels\Pinnacle Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-18\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user') O4 - Startup: pccguide.exe.lnk = C:\Program Files\Trend Micro\Internet Security\pccguide.exe O4 - Startup: PCClient.exe.lnk = C:\Program Files\Trend Micro\Internet Security\PCClient.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{6D561E2F-90A2-47C8-A412-8B3132CAAEB5}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ejgyjs.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe -- End of file - 9052 bytes Euh what's up doc ?

Bonsoir, Suite à un rapport Hijackthis, que pensez-vous de la ligne O20 ? Est-ce problématique ou tout est normal la dedans ? Merci d'éclairer ma lanterne Copie du log : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 00:13, on 04/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\PCClient.EXE C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\HJT\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [LaunchList] E:\Logiciels\Pinnacle Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-18\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user') O4 - Startup: pccguide.exe.lnk = C:\Program Files\Trend Micro\Internet Security\pccguide.exe O4 - Startup: PCClient.exe.lnk = C:\Program Files\Trend Micro\Internet Security\PCClient.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{6D561E2F-90A2-47C8-A412-8B3132CAAEB5}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ejgyjs.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe -- End of file - 9744 bytes

oki c'est fait Bonne journée et encore merci .

Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 07:34, on 14/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\PCClient.EXE C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [LaunchList] E:\Logiciels\Pinnacle Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user') O4 - Startup: pccguide.exe.lnk = C:\Program Files\Trend Micro\Internet Security\pccguide.exe O4 - Startup: PCClient.exe.lnk = C:\Program Files\Trend Micro\Internet Security\PCClient.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{6D561E2F-90A2-47C8-A412-8B3132CAAEB5}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ejgyjs.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe -- End of file - 9598 bytes y'a qque chose d'anormal la dedans ? (sachant que MBAM avait détecté un troj) : Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1266 Windows 5.1.2600 Service Pack 3 14/10/2008 00:08:22 mbam-log-2008-10-14 (00-08-22).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 97811 Temps écoulé: 19 minute(s), 12 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Trojan.HumourCanine) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files\Conduit\Community Alerts\Alert.dll (Trojan.HumourCanine) -> Quarantined and deleted successfully. C:\Program Files\SopCast\SopcastToolbarHelper.exe (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.

Merci pour tout Bonne continuation too

Bonsoir Voici le rapport demandé : Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1266 Windows 5.1.2600 Service Pack 3 13/10/2008 22:23:48 mbam-log-2008-10-13 (22-23-48).txt Type de recherche: Examen rapide Eléments examinés: 43461 Temps écoulé: 1 minute(s), 36 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. Alors docteur c'est grave ?

Bonjour, merci pour la rapidité de la réponse Ci-joint le log de navilog1 : Clean Navipromo version 3.6.6 commencé le 13/10/2008 à 14:15:39,00 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Jack" Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Mode suppression par méthode manuelle Nom du fichier saisi : eagaaig Nettoyage executé en mode normal sans redémarrage !! Les résultats ne seront pas optimisés !! *** Recherche, création sauvegardes et suppression *** * Suppression dans "C:\WINDOWS\system32" * * Suppression dans "C:\Documents and Settings\Jack\locals~1\applic~1" * eagaaig.dat trouvé ! Copie eagaaig.dat réalisée avec succès ! eagaaig.dat supprimé ! eagaaig_nav.dat trouvé ! Copie eagaaig_nav.dat réalisée avec succès ! eagaaig_nav.dat supprimé ! eagaaig_navps.dat trouvé ! Copie eagaaig_navps.dat réalisée avec succès ! eagaaig_navps.dat supprimé ! *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** ...\WebMediaPlayer ...suppression... ...\WebMediaPlayer supprimé ! *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** ...\WebMediaPlayer ...suppression... ...\WebMediaPlayer supprimé ! *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Jack\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Jack\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Jack\menudm~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Jack\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\Jack\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat Montorgueil absent ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 13/10/2008 à 14:21:04,10 ***

Bonsoir, Un ami est "infecté" par Smitfraud C (analyse via spybot). Après téléchargement de Smitfraud Fix (option 1 puis en mode sans echec Option 2), Smitfraud C persiste (re analyse de spybot). Voici son log "HijackThis" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:06:48, on 12/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Trend Micro\Internet Security\pccguide.exe C:\Program Files\Trend Micro\Internet Security\PCClient.exe C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe E:\Picture Package Menu\SonyTray.exe E:\Picture Package Applications\Residence.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\mspaint.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [eagaaig] "c:\documents and settings\jack\local settings\application data\eagaaig.exe" eagaaig O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe -- End of file - 7182 bytes D'avance merci pour l'aide que vous pourrez apporter Bonne fin de soirée

Bon ben visiblement "tutti va bene" Encore merci pour tout Doc ...Good Job Je vais marquer de ce pas le sujet comme résolu --------- The End ----------

Bonjour Charles I., Comme demandé, voilà le log de Combofix : ComboFix 07-06-18.2 - C:\Documents and Settings\GREG\Bureau\ComboFix.exe "GREG" - 2007-06-20 6:49:35 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\wanpacket.dll C:\WINDOWS\system32\wpcap.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NM -------\LEGACY_NPF -------\nm -------\NPF ((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 ))))))))))))))))))))))))))))))) 2007-06-20 06:49 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-19 20:47 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-06-17 14:54 <REP> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-15 23:06 853 --a------ C:\reboot.cmd 2007-06-15 23:06 68,096 --a------ C:\diff.exe 2007-06-15 23:06 103,424 --a------ C:\grep.exe 2007-06-15 22:55 <REP> d-------- C:\VundoFix Backups 2007-06-14 23:03 <REP> d-------- C:\Program Files\a-squared Free 2007-06-14 22:20 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-14 21:57 <REP> d-------- C:\DOCUME~1\GREG\APPLIC~1\Lavasoft 2007-06-14 21:53 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-06-14 21:50 <REP> d-------- C:\Program Files\Lavasoft 2007-06-14 21:50 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-06-14 21:48 <REP> d-------- C:\Program Files\CCleaner 2007-06-14 21:27 <REP> d-------- C:\HJT 2007-06-14 20:43 3,408 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-14 19:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-06-14 19:06 <REP> d-------- C:\WINDOWS\system32\Panda Software 2007-06-14 18:37 <REP> d-------- C:\Program Files\Kaspersky Lab 2007-06-14 18:11 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-06-14 00:18 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-06-14 00:17 <REP> d-------- C:\DOCUME~1\GREG\.housecall6.6 2007-06-13 18:40 <REP> d-------- C:\Program Files\SmartSound Software 2007-06-13 18:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc 2007-06-13 18:34 <REP> d-------- C:\Program Files\BIAS 2007-06-13 18:33 <REP> d-------- C:\DOCUME~1\GREG\APPLIC~1\proDAD 2007-06-13 18:29 73,728 --a------ C:\WINDOWS\system32\MMAviAx.dll 2007-06-13 18:29 41,984 --a------ C:\WINDOWS\system32\cacheX.dll 2007-06-13 18:29 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll 2007-06-13 18:29 32,768 --a------ C:\WINDOWS\system32\MLPagAx.dll 2007-06-13 18:29 233,472 --a------ C:\WINDOWS\system32\DiskIO.dll 2007-06-13 18:29 184,320 --a------ C:\WINDOWS\system32\RALMain.dll 2007-06-13 18:29 114,759 --a------ C:\WINDOWS\system32\Aviprax.dll 2007-06-13 18:28 57,856 --a------ C:\WINDOWS\system32\masd32.dll 2007-06-13 18:28 27,648 --a------ C:\WINDOWS\system32\ma32.dll 2007-06-13 18:28 196,096 --a------ C:\WINDOWS\system32\macd32.dll 2007-06-13 18:28 138,752 --a------ C:\WINDOWS\system32\mase32.dll 2007-06-13 18:28 136,192 --a------ C:\WINDOWS\system32\mamc32.dll 2007-06-13 18:27 41,219 --a------ C:\WINDOWS\RSETPATH.exe 2007-06-13 18:27 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups 2007-06-13 18:26 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll 2007-06-13 18:24 <REP> d-------- C:\DOCUME~1\GREG\APPLIC~1\InstallShield 2007-06-06 18:11 <REP> d-------- C:\Program Files\Fichiers communs\Skype 2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-21 23:03 <REP> d-------- C:\Program Files\Ripp-it_AM 2007-05-21 20:04 10,856 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-19 20:08:01 -------- d-----w C:\DOCUME~1\GREG\APPLIC~1\Skype 2007-06-19 19:51:01 76,376 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-06-19 19:51:01 470,040 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-06-17 13:09:41 -------- d-----w C:\Program Files\UberIcon 2007-06-17 13:09:29 -------- d-----w C:\Program Files\SPAMfighter 2007-06-17 13:07:48 -------- d-----w C:\Program Files\Messenger 2007-06-17 13:05:25 -------- d-----w C:\Program Files\D-Tools 2007-06-14 19:57:42 -------- d-----w C:\Program Files\Ad-Aware 2007-06-14 17:06:30 1,911 ----a-w C:\WINDOWS\mozver.dat 2007-06-14 17:03:28 -------- d-----w C:\Program Files\Free-info 2007-06-13 16:31:49 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-13 16:28:09 95 ----a-w C:\AUTOEXEC.BAT 2007-06-13 08:07:56 -------- d-----w C:\DOCUME~1\GREG\APPLIC~1\Azureus 2007-06-13 08:06:14 -------- d-----w C:\Program Files\DivX 2007-06-12 16:57:26 -------- d-----w C:\Program Files\eMule 2007-06-09 17:21:29 -------- d-----w C:\DOCUME~1\GREG\APPLIC~1\foobar2000 2007-05-21 21:16:26 -------- d-----w C:\Program Files\AviSynth 2.5 2007-05-19 20:39:22 -------- d-----w C:\Program Files\WinPcap 2007-05-19 20:39:09 -------- d-----w C:\Program Files\Sytexis Software 2007-05-16 15:28:28 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-12 12:08:32 -------- d-----w C:\Program Files\PhotoBox 2007-05-10 17:16:36 -------- d-----w C:\Program Files\e-anim701 2007-05-03 13:17:41 -------- d-----w C:\DOCUME~1\GREG\APPLIC~1\AdobeUM 2007-04-30 12:46:27 -------- d-----w C:\Program Files\Pochette Express 2 2007-04-29 17:17:44 -------- d-----w C:\Program Files\GIF Recuperateur 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 01:47] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 02:03] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security\pccguide.exe" [2003-11-14 19:58] "PCClient.exe"="C:\Program Files\Trend Micro\Internet Security\PCClient.exe" [2004-05-14 22:04] "TM Outbreak Agent"="C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" [2003-11-14 19:56] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13] "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-03-24 22:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 21:52] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "LaunchList"="E:\Logiciels\Pinnacle Studio 11\LaunchList2.exe" [2007-03-21 15:41] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRemoteRecursiveEvents"=1 (0x1) "ForceClassicControlPanel"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] Contents of the 'Scheduled Tasks' folder 2007-05-08 20:48:09 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1170020908.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-20 06:52:00 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-20 6:53:07 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-20 06:52 --- E O F --- Alors , C'est du tout bon ? @+

Salut Charles I. Après toutes ces manips : Very Good News !!! Mais j'ai eu un méga doute à cause d'une analyse via Spybot (je te laisse jeter un oeil ci-après) Rapport SpyBot avant corrections de pb(s) : --- Search result list --- Smitfraud-C.Toolbar888: Réglages (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-220523388-73586283-839522115-1004\Software\Microsoft\aldd Smitfraud-C.Toolbar888: Réglages (Clé du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PWS.LDPinchIE: Réglages (Clé du registre, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\poof PWS.LDPinchIE: Réglages (Clé du registre, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\poof Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done) Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done) Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done) Advertising.com: Cookie traceur (Firefox: default) (Cookie, nothing done) DoubleClick: Cookie traceur (Firefox: default) (Cookie, nothing done) MediaPlex: Cookie traceur (Firefox: default) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2007-06-14 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2007-05-23 advcheck.dll (1.5.3.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2007-01-02 Tools.dll (2.0.1.0) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2007-06-13 Includes\Cookies.sbi (*) 2007-05-30 Includes\Dialer.sbi (*) 2007-06-13 Includes\DialerC.sbi (*) 2007-06-13 Includes\Hijackers.sbi (*) 2007-06-13 Includes\HijackersC.sbi (*) 2006-10-27 Includes\Keyloggers.sbi (*) 2007-06-13 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2007-05-30 Includes\Malware.sbi (*) 2007-06-13 Includes\MalwareC.sbi (*) 2007-03-21 Includes\PUPS.sbi (*) 2007-06-13 Includes\PUPSC.sbi (*) 2007-06-13 Includes\Revision.sbi (*) 2007-05-30 Includes\Security.sbi (*) 2007-06-13 Includes\SecurityC.sbi (*) 2007-06-06 Includes\Spybots.sbi (*) 2007-06-13 Includes\SpybotsC.sbi (*) 2005-02-17 Includes\Tracks.uti 2007-05-16 Includes\Trojans.sbi (*) 2007-06-13 Includes\TrojansC.sbi (*) 2007-06-06 Plugins\TCPIPAddress.dll Pas glop Je clique sur Corriger les problèmes puis je refais une analyse et là : Rapport SpyBot après corrections de pb(s) : Félicitations!: Aucun mouchard n'a été trouvé. () --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2007-06-14 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2007-05-23 advcheck.dll (1.5.3.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2007-01-02 Tools.dll (2.0.1.0) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2007-06-13 Includes\Cookies.sbi (*) 2007-05-30 Includes\Dialer.sbi (*) 2007-06-13 Includes\DialerC.sbi (*) 2007-06-13 Includes\Hijackers.sbi (*) 2007-06-13 Includes\HijackersC.sbi (*) 2006-10-27 Includes\Keyloggers.sbi (*) 2007-06-13 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2007-05-30 Includes\Malware.sbi (*) 2007-06-13 Includes\MalwareC.sbi (*) 2007-03-21 Includes\PUPS.sbi (*) 2007-06-13 Includes\PUPSC.sbi (*) 2007-06-13 Includes\Revision.sbi (*) 2007-05-30 Includes\Security.sbi (*) 2007-06-13 Includes\SecurityC.sbi (*) 2007-06-06 Includes\Spybots.sbi (*) 2007-06-13 Includes\SpybotsC.sbi (*) 2005-02-17 Includes\Tracks.uti 2007-05-16 Includes\Trojans.sbi (*) 2007-06-13 Includes\TrojansC.sbi (*) 2007-06-06 Plugins\TCPIPAddress.dll Je redémarre l'ordi et je refais une analyse : même rapport que précédemment Alors Doc, je suis guéri ? Puis-je réactiver la restauration système ? Puis-je marqué ce post comme "Résolu" ? Je te remercie pour le temps que tu as consacré à mon Pb (et au temps que tu passes pour d'autres). Quand je vois l'heure à laquelle tu postes des réponses je ne peux m'empêcher de te demander : mais quand dors-tu ? Encore merci pour tout. PS : je peux enlever les dossiers C:\VundoFix Backups, C:\_OTMoveIt ... et je dois ne oublier d'autres . Bref faire un peu de ménage quoi ?

Non il s'est installé avec en même temps qu'un autre logiciel (nécessaire au fonctionnement de ce dernier).. mais je ne me souviens plus lequel

B'soir, et voilà le résultat du scan de npf.sys : ------------------------------ Complete scanning result of "npf.sys", received in VirusTotal at 06.18.2007, 22:33:09 (CET). Antivirus Version Update Result AhnLab-V3 2007.6.16.0 06.18.2007 no virus found AntiVir 7.4.0.32 06.18.2007 no virus found Authentium 4.93.8 06.18.2007 no virus found Avast 4.7.997.0 06.18.2007 no virus found AVG 7.5.0.467 06.18.2007 no virus found BitDefender 7.2 06.18.2007 no virus found CAT-QuickHeal 9.00 06.18.2007 no virus found ClamAV devel-20070416 06.18.2007 no virus found DrWeb 4.33 06.18.2007 no virus found eSafe 7.0.15.0 06.17.2007 no virus found eTrust-Vet 30.7.3726 06.18.2007 no virus found Ewido 4.0 06.18.2007 no virus found FileAdvisor 1 06.18.2007 No threat detected Fortinet 2.85.0.0 06.18.2007 no virus found F-Prot 4.3.2.48 06.18.2007 no virus found F-Secure 6.70.13030.0 06.18.2007 no virus found Ikarus T3.1.1.8 06.18.2007 no virus found Kaspersky 4.0.2.24 06.18.2007 no virus found McAfee 5055 06.18.2007 no virus found Microsoft 1.2607 06.18.2007 no virus found NOD32v2 2337 06.18.2007 no virus found Norman 5.80.02 06.18.2007 no virus found Panda 9.0.0.4 06.18.2007 no virus found Prevx1 V2 06.18.2007 no virus found Sophos 4.18.0 06.12.2007 no virus found Sunbelt 2.2.907.0 06.16.2007 no virus found Symantec 10 06.18.2007 no virus found TheHacker 6.1.6.134 06.18.2007 no virus found VBA32 3.12.0.2 06.15.2007 no virus found VirusBuster 4.3.23:9 06.18.2007 no virus found Webwasher-Gateway 6.0.1 06.18.2007 no virus found Aditional Information File size: 32896 bytes MD5: 74a1d72a79a58436159c924cc34f1c1d SHA1: 8aa2a92d288a958cbe08f7e2ec875b155ce70335 Bit9 info: http://fileadvisor.bit9.com/services/extin...59c924cc34f1c1d

Salut Charles I. (je varie ) , je rentre du boulot (dure journée ) et là "Good News" ("tu es en voie de Guérison ...) Voilà le rapport Hijack This "Start UpList Log" StartupList report, 18/06/2007, 18:16:30 StartupList version: 1.52.2 Started from : C:\HJT\HiJackThis_v2.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\PCClient.EXE C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\HJT\HiJackThis_v2.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\GREG\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe officejet 6100.lnk = ? Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe pccguide.exe = "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" PCClient.exe = "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" TM Outbreak Agent = "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run DAEMON Tools-1033 = "C:\Program Files\D-Tools\daemon.exe" -lang 1033 LogitechCommunicationsManager = "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" LogitechQuickCamRibbon = "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide SPAMfighter Agent = "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run UberIcon = "C:\Program Files\UberIcon\UberIcon Manager.exe" MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized LaunchList = E:\Logiciels\Pinnacle Studio 11\LaunchList2.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\system32\helios.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: NO!) .pif: HIDDEN! (arrow overlay: NO!) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910} -------------------------------------------------- Enumerating Task Scheduler jobs: FRU Task #Hewlett-Packard#hp psc 2100 series#1170020908.job -------------------------------------------------- Enumerating Download Program Files: [CKAVWebScan Object] InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll CODEBASE = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services a-squared Free Service: C:\Program Files\a-squared Free\a2service.exe (autostart) Ad-Aware 2007 Service: "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" (autostart) Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system) ADI UAA Function Driver for High Definition Audio Service: system32\drivers\ADIHdAud.sys (manual start) Adobe LM Service: "C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start) AE Audio Service: system32\drivers\AEAudio.sys (manual start) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Service d'état ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart) ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart) ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start) Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start) AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system) AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart) AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Décodeur sous-titre fermé: system32\DRIVERS\CCDECODE.sys (manual start) Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de disque: system32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (disabled) driverhardwarev2: \??\C:\Program Files\HardwareDetection\driverhardwarev2.sys (manual start) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\DRIVERS\fltMgr.sys (system) Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system) Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start) Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start) Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote de classe HID Microsoft: system32\DRIVERS\hidusb.sys (manual start) IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start) Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start) USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start) Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (disabled) Pilote de processeur Intel: system32\DRIVERS\intelppm.sys (system) Pilote du pare-feu Windows IPv6: system32\DRIVERS\Ip6Fw.sys (manual start) Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: system32\DRIVERS\ipsec.sys (system) Service énumérateur IR: system32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Logitech AEC Driver: system32\DRIVERS\LVcKap.sys (manual start) Logitech Machine Vision Engine Loader: system32\DRIVERS\LVMVDrv.sys (manual start) Logitech LVPr2Mon Driver: system32\drivers\LVPr2Mon.sys (manual start) Logitech LVPrcMon Driver: \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys (manual start) Logitech Process Monitor: c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe (autostart) LVSrvLauncher: C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe (autostart) Logitech USB Monitor Filter: system32\drivers\LVUSBSta.sys (manual start) Pinnacle Marvin Bus: system32\DRIVERS\MarvinBus.sys (manual start) Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (disabled) Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system) Pilote HID de souris: system32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (disabled) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) ATK0110 ACPI UTILITY: system32\DRIVERS\ASACPI.sys (manual start) Codec NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start) Connection TV/vidéo Microsoft: system32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: system32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: system32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: system32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: system32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote du Moniteur réseau: system32\DRIVERS\NMnt.sys (manual start) NetGroup Packet Filter Driver: system32\drivers\npf.sys (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start) Office Source Engine: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" (manual start) Pilote de port parallèle: system32\DRIVERS\parport.sys (manual start) Trend Micro Personal Firewall: C:\Program Files\Trend Micro\Internet Security\PccPfw.exe (autostart) Pilote de bus PCI: system32\DRIVERS\pci.sys (system) PCIIde: system32\DRIVERS\pciide.sys (system) PCLEPCI: \??\C:\WINDOWS\system32\drivers\pclepci.sys (system) Logitech QuickCam Express(PID_0928): system32\DRIVERS\LV561AV.SYS (manual start) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start) Services IPSEC: %SystemRoot%\system32\lsass.exe (manual start) Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: system32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: system32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Pilote de redirecteur de périphérique Terminal Server: system32\DRIVERS\rdpdr.sys (manual start) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (disabled) Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Accès à distance au Registre: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Remote Packet Capture Protocol v.0 (experimental): "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" (manual start) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (disabled) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver: system32\DRIVERS\Rtenicxp.sys (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: system32\DRIVERS\secdrv.sys (autostart) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) SenFilt Service: system32\drivers\Senfilt.sys (manual start) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: system32\DRIVERS\serenum.sys (manual start) Pilote de port série: system32\DRIVERS\serial.sys (system) Lecteur de disquettes haute densité: system32\DRIVERS\sfloppy.sys (manual start) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détrameur décalage BDA: system32\DRIVERS\SLIP.sys (manual start) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: \SystemRoot\system32\DRIVERS\sr.sys (disabled) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) St320hg: system32\DRIVERS\st320hg.sys (system) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{D3C76F92-C37C-4367-99FE-F1765B0C68A9} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (disabled) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled) tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart) Tmfilter: system32\drivers\TmXPFlt.sys (autostart) Trend NT Realtime Service: "C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe" (autostart) Tmpreflt: system32\drivers\Tmpreflt.sys (autostart) Trend Micro Proxy Service: C:\Program Files\Trend Micro\Internet Security\tmproxy.exe (autostart) Trend Micro TDI Driver: \SystemRoot\System32\Drivers\tmtdi.sys (system) Common Firewall Driver: \SystemRoot\System32\Drivers\tm_cfw.sys (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote de mise à jour microcode: system32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Onduleur: %SystemRoot%\System32\ups.exe (disabled) Pilote USB audio (WDM): system32\drivers\usbaudio.sys (manual start) Pilote parent générique USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start) Classe d'imprimantes USB Microsoft: system32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: system32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start) Périphérique vidéo USB (WDM): System32\Drivers\usbvideo.sys (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Vsapint: system32\drivers\Vsapint.sys (autostart) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: system32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service Windows Media Connect: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start) Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Extensions du pilote WMI: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (disabled) Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Codec Teletext standard: system32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: *Registry key not found* WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 38 594 bytes Report generated in 0,172 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only --------------------- Test des ports : Ports TCP ouverts : Aucun port détecté Pour info, je n'utilise pas Nlite @pluche

Salut Charles Ingalls, D'abord merci pour la réponse rapide apportée à mon pb (j'avais vu la réponse avant de partir au Mariage hier midi ). Donc, j'ai fait ce que tu as demandé et voici les divers rapports : En mode normal : Rapport OTMoveIT : C:\WINDOWS\System32\cktmghqu.ini moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\pdjddqba.dll C:\WINDOWS\System32\pdjddqba.dll NOT unregistered. C:\WINDOWS\System32\pdjddqba.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\System32\uqhgmtkc.dll C:\WINDOWS\System32\uqhgmtkc.dll NOT unregistered. C:\WINDOWS\System32\uqhgmtkc.dll moved successfully. Created on 06/17/2007 12:51:28 En mode Sans Echec Rapport AVG AS : --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 14:29:21 17/06/2007 + Résultat de l'analyse: Rien à signaler. Fin du rapport En mode normal : Rapport HiJack This: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 14:41:16, on 17/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Trend Micro\Internet Security\pccguide.exe C:\Program Files\Trend Micro\Internet Security\PCClient.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\HJT\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = XP Ultimate Edition 3.0 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LaunchList] E:\Logiciels\Pinnacle Studio 11\LaunchList2.exe O4 - HKUS\S-1-5-19\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,I (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,I (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6D561E2F-90A2-47C8-A412-8B3132CAAEB5}: NameServer = 212.27.32.5,213.228.0.168 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe -- End of file - 11123 bytes Rapport ActiveScan : : mon Anti Virus + AVG-AV désactivés Incident Status Location Spyware:spyware/virtumonde Not disinfected Windows Registry Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\GREG\Application Data\Mozilla\Firefox\Profiles\qa2fj23d.default\cookies.txt[.xiti.com/] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\GREG\Mes documents\SmitfraudFix.zip[smitfraudFix/Process.exe] Virus:Trj/Shutdown.Z Disinfected C:\Documents and Settings\GREG\Mes documents\SmitfraudFix.zip[smitfraudFix/restart.exe] Spyware:Spyware/Virtumonde Not disinfected C:\HJT\backups\backup-20070617-125020-166.dll Virus:Trj/Shutdown.Z Disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe Spyware:Spyware/Virtumonde Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\System32\pdjddqba.dll Spyware:Spyware/Virtumonde Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\System32\uqhgmtkc.dll **** Fin des Rapports **** PC : "Voilà docteur, suis-je en voie de guérison ?" Merci

Salut Charles Ingals, merci de bien vouloir prendre le temps pour se pencher sur un pb qui est rencontré par bcp d'internautes à l'éradication complexe .. Donc j'ai dl Vundofix et après scan, pas de fichiers à pb Pour info, je suis de mariage demain donc, pour la suite des hostilités, ça peut attendre la fin du Week End sans problème Allez assez bavarder, voilà les logs (pinaise ça fait de la lecture) : ----------------- VundoFix V6.5.0 Checking Java version... Java version is 1.5.0.11 Scan started at 22:55:42 15/06/2007 Listing files found while scanning.... No infected files were found. Beginning removal... ----------------------------- Le rapport HiJack (suite à Vundo Fix) : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 22:58:08, on 15/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\PCClient.EXE C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\HJT\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = XP Ultimate Edition 3.0 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B6FE45F-D67B-44D5-9427-B00E437CF605} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\pdjddqba.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\uqhgmtkc.dll",realset O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LaunchList] E:\Logiciels\Pinnacle Studio 11\LaunchList2.exe O4 - HKUS\S-1-5-19\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6D561E2F-90A2-47C8-A412-8B3132CAAEB5}: NameServer = 212.27.32.5,213.228.0.168 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing) O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe ----------- Le rapport Diaghelp (option 1) : DiagHelp version v1.1.1 - http://www.malekal.com excute le 15/06/2007 à 23:06:25,23 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\tmcomm.sys -->14/06/2007 00:17:58 C:\WINDOWS\System32/drivers\NSDriver.sys -->04/06/2007 15:18:48 C:\WINDOWS\System32/drivers\AWRTRD.sys -->04/06/2007 15:17:02 C:\WINDOWS\System32/drivers\AWRTPD.sys -->04/06/2007 15:14:56 C:\WINDOWS\System32/drivers\AvgAsCln.sys -->30/05/2007 14:10:42 C:\WINDOWS\System32/drivers\ntfs.sys -->09/02/2007 13:10:35 C:\WINDOWS\System32/drivers\LVPr2Mon.sys -->06/02/2007 17:45:04 C:\WINDOWS\System32\tmp.txt -->15/06/2007 22:48:26 C:\WINDOWS\System32\tmp.reg -->15/06/2007 22:48:26 C:\WINDOWS\System32\cktmghqu.ini -->15/06/2007 22:20:30 C:\WINDOWS\System32\PerfStringBackup.INI -->15/06/2007 19:55:27 C:\WINDOWS\System32\perfh00C.dat -->15/06/2007 19:55:27 C:\WINDOWS\System32\perfh009.dat -->15/06/2007 19:55:27 C:\WINDOWS\System32\perfc00C.dat -->15/06/2007 19:55:27 C:\WINDOWS\System32\perfc009.dat -->15/06/2007 19:55:27 C:\WINDOWS\System32\FNTCACHE.DAT -->14/06/2007 20:45:55 C:\WINDOWS\System32\asfiles.txt -->14/06/2007 19:13:32 C:\WINDOWS\System32\Uninstall.ico -->14/06/2007 19:09:08 C:\WINDOWS\System32\Help.ico -->14/06/2007 19:09:08 C:\WINDOWS\System32\pavas.ico -->14/06/2007 19:09:07 C:\WINDOWS\System32\pdjddqba.dll -->14/06/2007 00:09:40 C:\WINDOWS\System32\uqhgmtkc.dll -->14/06/2007 00:06:40 C:\WINDOWS\System32\wpa.dbl -->12/06/2007 18:54:10 C:\WINDOWS\System32\mrt.exe -->06/06/2007 08:38:41 C:\WINDOWS\System32\jupdate-1.6.0_01-b06.log -->31/05/2007 21:16:18 C:\WINDOWS\System32\KGyGaAvL.sys -->28/05/2007 09:48:01 C:\WINDOWS\System32\inetcomm.dll -->16/05/2007 17:28:28 C:\WINDOWS\System32\mshtml.dll -->04/05/2007 14:59:57 C:\WINDOWS\System32\schannel.dll -->25/04/2007 16:22:35 C:\WINDOWS\System32\msi.dll -->18/04/2007 18:14:18 C:\WINDOWS\System32\wininet.dll -->18/04/2007 14:44:43 C:\WINDOWS\System32\urlmon.dll -->18/04/2007 14:44:43 C:\WINDOWS\WindowsUpdate.log -->15/06/2007 22:49:14 C:\WINDOWS\wiadebug.log -->15/06/2007 20:31:31 C:\WINDOWS.log -->15/06/2007 19:51:32 C:\WINDOWS\wiaservc.log -->15/06/2007 19:51:22 C:\WINDOWS\bootstat.dat -->15/06/2007 19:51:09 C:\WINDOWS\SchedLgU.Txt -->15/06/2007 07:11:41 C:\WINDOWS\win.ini -->14/06/2007 19:13:23 C:\WINDOWS\mozver.dat -->14/06/2007 19:06:30 C:\WINDOWS\klif.spi -->14/06/2007 18:46:13 C:\WINDOWS\MovingPicture.ini -->13/06/2007 18:45:52 C:\WINDOWS\NeroDigital.ini -->13/06/2007 15:29:34 C:\WINDOWS\VFO.INI -->13/06/2007 10:05:59 C:\WINDOWS\Twunk001.MTX -->11/06/2007 18:51:20 C:\WINDOWS\Twain001.Mtx -->11/06/2007 18:51:20 C:\WINDOWS\MotionDVSTUDIO.INI -->20/05/2007 13:23:25 Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 086D-C889 Répertoire de C:\WINDOWS\system 10/09/1999 14:06 4 672 wowpost.exe 1 fichier(s) 4 672 octets 0 Rép(s) 11 907 276 800 octets libres Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 086D-C889 Répertoire de C:\WINDOWS\system32 04/08/2004 01:54 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 11 907 276 800 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 086D-C889 Répertoire de C:\WINDOWS\Downloaded Program Files 14/06/2007 19:26 <REP> . 14/06/2007 19:26 <REP> .. 24/08/2006 08:28 141 424 asinst.dll 22/08/2006 09:06 537 asinst.inf 28/01/2007 17:03 65 desktop.ini 08/08/2006 11:45 576 kavwebscan.inf 4 fichier(s) 142 602 octets Total des fichiers listés : 4 fichier(s) 142 602 octets 2 Rép(s) 11 907 276 800 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "E:\\Logiciels\\Pinnacle Studio 11\\programs\\RM.exe"="E:\\Logiciels\\Pinnacle Studio 11\\programs\\RM.exe:*:Enabled:Render Manager" "E:\\Logiciels\\Pinnacle Studio 11\\programs\\Studio.exe"="E:\\Logiciels\\Pinnacle Studio 11\\programs\\Studio.exe:*:Enabled:Studio" "E:\\Logiciels\\Pinnacle Studio 11\\programs\\PMSRegisterFile.exe"="E:\\Logiciels\\Pinnacle Studio 11\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile" "E:\\Logiciels\\Pinnacle Studio 11\\programs\\umi.exe"="E:\\Logiciels\\Pinnacle Studio 11\\programs\\umi.exe:*:Enabled:umi" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-15 23:06:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden files ... scan completed successfully hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 200 - explorer.exe 480 - hpgs2wnd.exe 588 - hpoevm08.exe 664 - CLI.exe 680 - smax4pnp.exe 748 - daemon.exe 780 - Communications_ 796 - QuickCam10.exe 804 - SFAgent.exe 816 - msmsgs.exe 852 - avgas.exe 860 - UberIcon Manage 868 - csrss.exe 880 - Skype.exe 960 - winlogon.exe 1004 - services.exe 1016 - lsass.exe 1228 - ati2evxx.exe 1244 - svchost.exe 1336 - svchost.exe 1424 - svchost.exe 1496 - LVComSX.exe 1692 - acrotray.exe 1704 - hpobnz08.exe 1728 - hposol08.exe 1792 - spoolsv.exe 1828 - LVPrcSrv.exe 1992 - ati2evxx.exe 2156 - aawservice.exe 2196 - guard.exe 2432 - COCIManager.exe 2516 - hposts08.exe 2892 - alg.exe 3336 - skypePM.exe 3928 - CLI.exe 3976 - CLI.exe 4756 - tmproxy.exe 4800 - PCCPFW.exe 4968 - Tmntsrv.exe 4996 - firefox.exe 5256 - PCClient.exe 5292 - pccguide.exe 5376 - cmd.exe 5532 - TMOAgent.exe Total number of processes = 45 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll F7ADC000 - \WINDOWS\system32\KDCOM.DLL F79EC000 - \WINDOWS\system32\BOOTVID.dll F74AC000 - ACPI.sys F7ADE000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F749B000 - pci.sys F75DC000 - isapnp.sys F7BA4000 - pciide.sys F785C000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F75EC000 - MountMgr.sys F747C000 - ftdisk.sys F7AE0000 - dmload.sys F7456000 - dmio.sys F7864000 - PartMgr.sys F75FC000 - VolSnap.sys F7441000 - st320hg.sys F7429000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F7411000 - atapi.sys F760C000 - disk.sys F761C000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F73F1000 - fltMgr.sys F762C000 - PxHelp20.sys F73DA000 - KSecDD.sys F734D000 - Ntfs.sys F7320000 - NDIS.sys F7306000 - Mup.sys F77CC000 - \SystemRoot\system32\DRIVERS\intelppm.sys F68D3000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F68BF000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F7944000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F689C000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F794C000 - \SystemRoot\system32\DRIVERS\usbehci.sys F6877000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F6862000 - \SystemRoot\system32\DRIVERS\Rtenicxp.sys F77DC000 - \SystemRoot\system32\DRIVERS\imapi.sys F77EC000 - \SystemRoot\System32\Drivers\AFS2K.SYS F77FC000 - \SystemRoot\system32\DRIVERS\cdrom.sys F780C000 - \SystemRoot\system32\DRIVERS\redbook.sys F683F000 - \SystemRoot\system32\DRIVERS\ks.sys F682E000 - \SystemRoot\system32\DRIVERS\serial.sys F7AAC000 - \SystemRoot\system32\DRIVERS\serenum.sys F7AF8000 - \SystemRoot\system32\DRIVERS\ASACPI.sys F681A000 - \SystemRoot\system32\DRIVERS\parport.sys F781C000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F7954000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7D31000 - \SystemRoot\system32\DRIVERS\audstub.sys F770C000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F7ABC000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F6803000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F771C000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F772C000 - \SystemRoot\system32\DRIVERS\raspptp.sys F796C000 - \SystemRoot\system32\DRIVERS\TDI.SYS F6752000 - \SystemRoot\system32\DRIVERS\psched.sys F773C000 - \SystemRoot\system32\DRIVERS\msgpc.sys F7974000 - \SystemRoot\system32\DRIVERS\ptilink.sys F797C000 - \SystemRoot\system32\DRIVERS\raspti.sys F6722000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F774C000 - \SystemRoot\system32\DRIVERS\termdd.sys F7984000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7B18000 - \SystemRoot\system32\DRIVERS\swenum.sys F66EE000 - \SystemRoot\system32\DRIVERS\update.sys F72DE000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F66C0000 - \SystemRoot\system32\DRIVERS\MarvinBus.sys F775C000 - \SystemRoot\System32\Drivers\NDProxy.SYS F778C000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7B28000 - \SystemRoot\system32\DRIVERS\USBD.SYS EE613000 - \SystemRoot\system32\drivers\ADIHdAud.sys EE5F1000 - \SystemRoot\system32\drivers\portcls.sys F77AC000 - \SystemRoot\system32\drivers\drmk.sys EE5DA000 - \SystemRoot\system32\drivers\AEAudio.sys EE57A000 - \SystemRoot\system32\drivers\Senfilt.sys F7B6E000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7C6B000 - \SystemRoot\System32\Drivers\Null.SYS F7B70000 - \SystemRoot\System32\Drivers\Beep.SYS F7C6D000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F79DC000 - \SystemRoot\System32\drivers\vga.sys F7B72000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7B74000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F79E4000 - \SystemRoot\System32\Drivers\Msfs.SYS F7874000 - \SystemRoot\System32\Drivers\Npfs.SYS F66A4000 - \SystemRoot\system32\DRIVERS\rasacd.sys EE51F000 - \SystemRoot\system32\DRIVERS\ipsec.sys EE4C7000 - \SystemRoot\system32\DRIVERS\tcpip.sys EE49F000 - \SystemRoot\system32\DRIVERS\netbt.sys EE47E000 - \SystemRoot\system32\DRIVERS\ipnat.sys EE45C000 - \SystemRoot\System32\drivers\afd.sys F784C000 - \SystemRoot\system32\DRIVERS\netbios.sys F769C000 - \SystemRoot\system32\DRIVERS\wanarp.sys EE670000 - \SystemRoot\System32\Drivers\tmtdi.sys EE431000 - \SystemRoot\system32\DRIVERS\rdbss.sys EE664000 - \??\C:\WINDOWS\system32\drivers\pclepci.sys EE3C2000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F76AC000 - \SystemRoot\System32\Drivers\Fips.SYS F7C7F000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F6A70000 - \SystemRoot\system32\DRIVERS\hidusb.sys F76CC000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F78CC000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F76DC000 - \SystemRoot\System32\Drivers\Cdfs.SYS F78DC000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F76EC000 - \SystemRoot\system32\drivers\LVUSBSta.sys EE0A5000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS F6A68000 - \SystemRoot\system32\DRIVERS\mouhid.sys F76FC000 - \SystemRoot\system32\drivers\usbaudio.sys EE08D000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7B78000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F7AB4000 - \SystemRoot\System32\drivers\Dxapi.sys F78F4000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7D07000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\ati2dvag.dll BFA18000 - \SystemRoot\System32\ati2cqag.dll BFA5E000 - \SystemRoot\System32\atikvmag.dll BFAA0000 - \SystemRoot\System32\ati3duag.dll BFD41000 - \SystemRoot\System32\ativvaxx.dll EE372000 - \SystemRoot\system32\drivers\Tmpreflt.sys EBE4D000 - \SystemRoot\system32\drivers\Vsapint.sys EBE0E000 - \SystemRoot\system32\drivers\TmXPFlt.sys EBF65000 - \SystemRoot\system32\DRIVERS\ndisuio.sys EBB29000 - \SystemRoot\system32\drivers\wdmaud.sys F77BC000 - \SystemRoot\system32\drivers\sysaudio.sys F7B0C000 - \SystemRoot\System32\Drivers\ParVdm.SYS EB312000 - \SystemRoot\System32\Drivers\Aspi32.SYS EB0BD000 - \SystemRoot\system32\DRIVERS\srv.sys EB4CD000 - \SystemRoot\system32\DRIVERS\secdrv.sys EB7E5000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys EB959000 - \SystemRoot\System32\Drivers\tm_cfw.sys F78FC000 - \SystemRoot\system32\drivers\LVPr2Mon.sys EB035000 - \SystemRoot\system32\DRIVERS\usbscan.sys F78B4000 - \SystemRoot\system32\DRIVERS\usbprint.sys F79B4000 - \SystemRoot\system32\DRIVERS\HPZius12.sys F6F2A000 - \SystemRoot\system32\DRIVERS\HPZid412.sys EB001000 - \SystemRoot\system32\DRIVERS\HPZipr12.sys BAF35000 - \SystemRoot\system32\drivers\kmixer.sys F7C7A000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 136 Liste des programmes installes a-squared Free 3.0 AC-3 ACM Decompressor Ad-Aware 2007 Adobe Acrobat 6.0 Professional - English, Français, Deutsch Adobe Photoshop CS Adobe Shockwave Player All2DVD Analyseur et SDK MSXML 4.0 SP2 Archiveur WinRAR ATI - Utilitaire de désinstallation du logiciel ATI Catalyst Control Center ATI Display Driver ATI HYDRAVISION ATI Parental Control & Encoder Audacity 1.2.6 AVG Anti-Spyware 7.5 Azureus CAB Tool Call of Duty® 2 Call of Duty® 2 CCleaner (remove only) Correctif pour Windows XP (KB935448) CrazyTalk for Skype DAEMON Tools e-anim701 EAX4 Unified Redist eMule FileZilla (remove only) foobar2000 v0.9.1 Free-info Gif Récupérateur 1.1 Google Earth GrabIt 1.6.2 Beta (build 940) HardwareDetection HD Tach version 3 Helix YUV Codecs (remove only) HelpNDoc Version 1.9 Personal Edition High Definition Audio Driver Package - KB888111 HijackThis 2.0.0 HP OfficeJet/PSC Scrubber hp psc 2100 series HTML Help Workshop Image Resizer Powertoy for Windows XP J2SE Runtime Environment 5.0 Update 11 Java SE Runtime Environment 6 Update 1 jv16 PowerTools 1.3 Kaspersky Online Scanner Language pack for Ad-Aware SE Logitech Audio Echo Cancellation Component Logitech QuickCam Logitech Video Enumerator Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft Flight Simulator X Microsoft Flight Simulator X Microsoft Money Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2005 Redistributable Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928090) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB929969) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931768) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933566) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour pour Windows XP (KB907265) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB912945) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA MotionDV STUDIO 5.3E LE for DV Mozilla Firefox (2.0.0.4) MSN Messenger 7.5 MSXML 4.0 SP2 (KB927978) MVision Nero 7.2.0.3 Panda ActiveScan Panda TotalScan pdfsam 0.6 sr 2 Photo et imagerie HP 1.0 - HP PSC - HP OfficeJet Photo et imagerie HP 1.0 - HP PSC - HP OfficeJet Photo et imagerie HP 1.0 - HP PSC - HP OfficeJet Pilote PhotoBox Picasa 2 Pochette Express 2 proDAD Vitascene 1.0 Programme de gestion Camera de Logitech® QuickPar 0.9 QuickTime Alternative 1.69 Real Alternative 1.48 Realtek High Definition Audio Driver Rep-Listing Satsuki Decoder Pack Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update pour Microsoft .NET Framework 2.0 (KB917283) Skype™ 3.2 SmartSound Quicktracks Plugin SmartSound Quicktracks Plugin SoundSoap PE SPAMfighter Spybot - Search & Destroy 1.4 Studio 11 Studio 11 Studio 11 Ultimate Thermal Analysis Tool Trend Micro Internet Security VirtualDubMOD 1.5.10.2 b2540 Fr Web Stream Recorder Pro 1.22 Windows Genuine Advantage Validation Tool Windows Media Connect Windows Media Format SDK Hotfix - KB891122 WinHTTrack Website Copier 3.41-2 WinPcap 3.1 beta3 XviD Video Codec 18082002-1 (Koepi's build with EPSZ ME) Yahoo! Desktop Login Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 086D-C889 Répertoire de C:\Program Files 14/06/2007 23:03 <REP> . 14/06/2007 23:03 <REP> .. 14/06/2007 21:57 <REP> Ad-Aware 30/01/2007 20:49 <REP> Adobe 30/03/2007 21:06 <REP> adslTV 28/01/2007 22:37 <REP> Analog Devices 15/06/2007 07:01 <REP> a-squared Free 28/01/2007 17:29 <REP> ATI Technologies 10/03/2007 15:15 <REP> Audacity 21/05/2007 23:16 <REP> AviSynth 2.5 01/02/2007 21:26 <REP> Azureus 13/06/2007 18:34 <REP> BIAS 14/06/2007 21:48 <REP> CCleaner 13/05/2006 00:03 <REP> Compare It! 28/01/2007 17:01 <REP> ComPlus Applications 29/01/2007 21:31 <REP> DAMN NFO Viewer 13/06/2007 10:06 <REP> DivX 14/06/2007 19:20 <REP> D-Tools 10/05/2007 19:16 <REP> e-anim701 12/06/2007 18:57 <REP> eMule 13/05/2006 00:09 <REP> Everest 14/06/2007 21:53 <REP> Fichiers communs 29/01/2007 23:11 <REP> FileZilla 29/01/2007 00:11 <REP> foobar2000 14/06/2007 19:03 <REP> Free-info 29/04/2007 19:17 <REP> GIF Recuperateur 11/03/2007 21:42 <REP> Google 28/01/2007 19:16 <REP> GrabIt 14/06/2007 22:20 <REP> Grisoft 28/01/2007 22:28 <REP> HardwareDetection 28/01/2007 23:46 <REP> Hewlett-Packard 28/01/2007 23:40 <REP> HPAiOScrubber 16/02/2007 18:08 <REP> HTML Help Workshop 16/02/2007 18:09 <REP> IBE Software 13/05/2006 00:17 <REP> IE Privacy Keeper 03/02/2007 00:35 <REP> Intel Corporation 14/06/2007 19:22 <REP> Internet Explorer 31/05/2007 21:16 <REP> Java 28/01/2007 17:14 <REP> JDoe Tools 14/03/2007 22:24 <REP> jv16 PowerTools 14/06/2007 18:37 <REP> Kaspersky Lab 29/01/2007 00:51 <REP> K-Lite Codec Pack 14/06/2007 21:50 <REP> Lavasoft 27/03/2007 18:50 <REP> Logitech 14/05/2006 19:24 <REP> Maxthon 28/01/2007 17:06 <REP> Media Player Classic 14/06/2007 19:22 <REP> Messenger 28/01/2007 17:08 <REP> microsoft frontpage 29/01/2007 23:52 <REP> Microsoft Money 2005 30/01/2007 08:10 <REP> Microsoft Office 28/01/2007 23:36 <REP> Microsoft.NET 28/01/2007 17:08 <REP> movie maker 14/06/2007 20:57 <REP> Mozilla Firefox 28/01/2007 17:08 <REP> msn gaming zone 28/01/2007 17:08 <REP> MSN Messenger 29/01/2007 19:23 <REP> MSXML 4.0 12/05/2006 23:29 <REP> Nero 28/01/2007 17:02 <REP> NetMeeting 14/06/2007 19:23 <REP> Outlook Express 05/02/2007 00:07 <REP> Panasonic 12/03/2007 20:29 <REP> pdfsam 12/05/2007 14:08 <REP> PhotoBox 11/03/2007 21:42 <REP> Picasa2 04/02/2007 23:04 <REP> Pinnacle 30/04/2007 14:46 <REP> Pochette Express 2 28/01/2007 20:44 <REP> QuickPar 28/01/2007 17:06 <REP> QuickTime Alternative 28/01/2007 17:07 <REP> Real Alternative 04/02/2007 18:19 <REP> Reallusion 28/01/2007 22:36 <REP> Realtek 13/05/2006 01:04 <REP> RegSeeker 01/04/2007 12:57 <REP> Replisting 21/05/2007 23:14 <REP> Ripp-it_AM 29/01/2007 21:26 <REP> Satsuki All2DVD 29/01/2007 21:21 <REP> Satsuki Decoder Pack 28/01/2007 17:03 <REP> Services en ligne 24/02/2007 01:18 <REP> Simpli Software 29/01/2007 01:15 <REP> Skype 13/06/2007 18:40 <REP> SmartSound Software 03/02/2005 22:10 <REP> Soft4Ever 14/06/2007 19:24 <REP> SPAMfighter 14/06/2007 19:35 <REP> Spybot - Search & Destroy 19/05/2007 22:39 <REP> Sytexis Software 29/01/2007 21:33 <REP> Trend Micro 14/06/2007 19:25 <REP> UberIcon 28/01/2007 17:05 <REP> Windows Media Connect 2 28/01/2007 17:10 <REP> Windows Media Player 28/01/2007 17:08 <REP> Windows NT 25/03/2007 19:03 <REP> WinHTTrack 19/05/2007 22:39 <REP> WinPcap 28/01/2007 17:08 <REP> WinRAR 28/01/2007 17:08 <REP> xerox 29/01/2007 00:58 <REP> XviD 0 fichier(s) 0 octets 93 Rép(s) 11 907 059 712 octets libres Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 086D-C889 Répertoire de C:\Program Files\fichiers communs 14/06/2007 21:53 <REP> . 14/06/2007 21:53 <REP> .. 30/01/2007 20:49 <REP> Adobe 30/01/2007 20:51 <REP> Adobe Systems Shared 28/01/2007 17:07 <REP> Ahead 02/04/2007 18:52 <REP> Ankiro 02/04/2007 18:51 <REP> Application 28/01/2007 17:30 <REP> ATI Technologies 28/01/2007 23:36 <REP> DESIGNER 28/01/2007 18:40 <REP> Hewlett-Packard 28/01/2007 21:32 <REP> InstallShield 29/01/2007 21:53 <REP> Java 27/03/2007 18:55 <REP> LogiShrd 29/01/2007 20:51 <REP> Logitech 25/05/2007 18:22 <REP> Microsoft Shared 28/01/2007 17:02 <REP> MSSoap 28/01/2007 17:57 <REP> ODBC 05/02/2007 00:07 <REP> Panasonic 28/01/2007 17:02 <REP> Services 06/06/2007 18:11 <REP> Skype 28/01/2007 17:57 <REP> SpeechEngines 13/06/2007 10:14 <REP> System 14/06/2007 21:53 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 23 Rép(s) 11 907 063 808 octets libres Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 086D-C889 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 28/01/2007 23:36 <REP> . 28/01/2007 23:36 <REP> .. 28/01/2007 23:36 <REP> 1033 28/01/2007 23:36 <REP> 1036 11/07/2003 11:15 1 292 872 MSONSEXT.DLL 15/07/2003 07:52 35 896 MSOSV.DLL 11/07/2003 03:25 80 448 PKMWS.DLL 3 fichier(s) 1 409 216 octets 4 Rép(s) 11 907 063 808 octets libres Le volume dans le lecteur C s'appelle SYSTEME Le numéro de série du volume est 086D-C889 Répertoire de C:\ 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 11 907 063 808 octets libres c:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\7B5560BB781B40259A06350E9B643B6E\CT4SkypePlugin10_Multi_Lite.exe c:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\7B5560BB781B40259A06350E9B643B6E\RLLauncher.exe c:\Documents and Settings\GREG\.housecall6.6\getMac.exe c:\Documents and Settings\GREG\.housecall6.6\patch.exe c:\Documents and Settings\GREG\.housecall6.6\tsc.exe c:\Documents and Settings\GREG\Application Data\Microsoft\Installer\{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}\Icon0E6AB9FC.exe c:\Documents and Settings\GREG\Application Data\Microsoft\Installer\{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}\Icon0E6AB9FC1.exe c:\Documents and Settings\GREG\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe c:\Documents and Settings\GREG\Application Data\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe c:\Documents and Settings\GREG\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe c:\Documents and Settings\GREG\Application Data\Microsoft\Installer\{CBF78A5F-7950-4CF1-A063-C4C7B2B82CE6}\ARPPRODUCTICON.exe c:\Documents and Settings\GREG\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe c:\Documents and Settings\GREG\Bureau\VundoFix.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\diff.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\find2.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\grep.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\streams.exe c:\Documents and Settings\GREG\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\GREG\Mes documents\Firefox Setup 2.0.0.3.exe c:\Documents and Settings\GREG\Mes documents\jre-1_5_0_11-windows-i586-p.exe c:\Documents and Settings\GREG\Mes documents\jre-6u1-windows-i586-p-iftw.exe c:\Documents and Settings\GREG\Mes documents\setup-adsltv.exe c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\MMSEF.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll ****** Fin du rapport DiagHelp --------------------- Le rapport Hijack (suite à toutes les manip) Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 23:11:22, on 15/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\PCClient.EXE C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\HJT\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = XP Ultimate Edition 3.0 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B6FE45F-D67B-44D5-9427-B00E437CF605} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\pdjddqba.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\uqhgmtkc.dll",realset O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LaunchList] E:\Logiciels\Pinnacle Studio 11\LaunchList2.exe O4 - HKUS\S-1-5-19\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6D561E2F-90A2-47C8-A412-8B3132CAAEB5}: NameServer = 212.27.32.5,213.228.0.168 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing) O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe -- End of file - 11657 bytes

Bonsoir à tous, Spybot m'a informé de la présence de ce Smitfraud. J'ai fait quelques recherches sur le net. J'ai fait un Vundo fix, un Smitfraud fix .... et tjs pareil. J'ai pu lire aussi que "smitfraud-C toolbar 888 détecté par Spybot n'est pas une infection de type Smitfraud". Donc qu'est-ce qui merdoit chez moi ? Voici le log HijackThis : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:55:30, on 15/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Trend Micro\Internet Security\pccguide.exe C:\Program Files\Trend Micro\Internet Security\PCClient.exe C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe C:\Program Files\Trend Micro\Internet Security\tmproxy.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Trend Micro\Internet Security\PccPfw.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\HJT\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.google.fr/ie"]http://www.google.fr/ie[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.fr"]http://www.google.fr[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.fr"]http://www.google.fr[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.google.fr"]http://www.google.fr[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://www.google.fr"]http://www.google.fr[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.fr"]http://www.google.fr[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.fr"]http://www.google.fr[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.fr/ie"]http://www.google.fr/ie[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = XP Ultimate Edition 3.0 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0B6FE45F-D67B-44D5-9427-B00E437CF605} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\pdjddqba.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\uqhgmtkc.dll",realset O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [LaunchList] E:\Logiciels\Pinnacle Studio 11\LaunchList2.exe O4 - HKUS\S-1-5-19\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: officejet 6100.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [url="http://webscanner.kaspersky.fr/kavwebscan_unicode.cab"]http://webscanner.kaspersky.fr/kavwebscan_unicode.cab[/url] O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url="http://acs.pandasoftware.com/activescan/as5free/asinst.cab"]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{6D561E2F-90A2-47C8-A412-8B3132CAAEB5}: NameServer = 212.27.32.5,213.228.0.168 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: winexz32 - winexz32.dll (file missing) O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe -- End of file - 11643 bytes et le log de Spybot : Smitfraud-C.Toolbar888: Réglages (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-220523388-73586283-839522115-1004\Software\Microsoft\aldd Smitfraud-C.Toolbar888: Réglages (Clé du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR MediaPlex: Cookie traceur (Firefox: default) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2007-06-14 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2007-05-23 advcheck.dll (1.5.3.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2007-01-02 Tools.dll (2.0.1.0) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2007-06-13 Includes\Cookies.sbi (*) 2007-05-30 Includes\Dialer.sbi (*) 2007-06-13 Includes\DialerC.sbi (*) 2007-06-13 Includes\Hijackers.sbi (*) 2007-06-13 Includes\HijackersC.sbi (*) 2006-10-27 Includes\Keyloggers.sbi (*) 2007-06-13 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2007-05-30 Includes\Malware.sbi (*) 2007-06-13 Includes\MalwareC.sbi (*) 2007-03-21 Includes\PUPS.sbi (*) 2007-06-13 Includes\PUPSC.sbi (*) 2007-06-13 Includes\Revision.sbi (*) 2007-05-30 Includes\Security.sbi (*) 2007-06-13 Includes\SecurityC.sbi (*) 2007-06-06 Includes\Spybots.sbi (*) 2007-06-13 Includes\SpybotsC.sbi (*) 2005-02-17 Includes\Tracks.uti 2007-05-16 Includes\Trojans.sbi (*) 2007-06-13 Includes\TrojansC.sbi (*) 2007-06-06 Plugins\TCPIPAddress.dll D'avance merci pour l'aide apportée à mon PC :P