mcyann

Bonsoir, Alors a force de bidouiller, j'ai reussis a faire un scan avec combofix en mode ss echec. Voici le resultat : ComboFix 10-11-07.04 - Administrateur 08/11/2010 13:47:50.6.2 - x86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.766.524 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\titi.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-10-08 au 2010-11-08 )))))))))))))))))))))))))))))))))))) . 2010-11-08 12:45 . 2010-11-08 12:45 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache 2010-11-08 12:22 . 2010-11-08 12:22 -------- d-----w- c:\windows\LastGood 2010-11-08 12:22 . 2010-08-26 11:08 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-11-08 11:54 . 2006-02-09 20:05 520192 ------w- c:\windows\system32\ati2sgag.exe 2010-11-08 11:52 . 2004-07-15 23:18 172032 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll 2010-11-08 11:52 . 2004-07-15 23:16 32768 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\Objectps.dll 2010-11-08 11:52 . 2010-11-08 11:52 303104 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll 2010-11-08 11:52 . 2010-11-08 11:52 180356 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll 2010-11-08 11:52 . 2004-07-15 23:20 733184 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll 2010-11-08 11:52 . 2004-07-15 23:20 69715 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll 2010-11-08 11:52 . 2004-07-15 23:19 266240 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll 2010-11-08 11:52 . 2004-07-15 23:18 5632 ----a-w- c:\program files\Fichiers communs\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe 2010-11-08 11:50 . 2010-11-08 11:50 27041136 ----a-w- c:\temp\R119714.EXE 2010-11-08 11:46 . 2010-11-08 11:46 6436560 ----a-w- c:\temp\R114282.EXE 2010-11-08 11:46 . 2010-11-08 11:46 1417304 ----a-w- c:\temp\R114566.EXE 2010-11-08 08:02 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-11-08 08:02 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-11-08 08:01 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys 2010-11-08 08:01 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-11-08 08:01 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-11-08 08:01 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-11-08 08:01 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-11-08 07:57 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2010-11-08 07:57 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-11-08 07:57 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-11-08 07:57 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2010-11-08 07:57 . 2010-09-10 05:50 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-11-08 07:57 . 2010-09-10 05:50 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-11-08 07:57 . 2010-09-10 05:50 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-11-08 07:57 . 2010-09-10 05:50 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-11-08 07:57 . 2010-09-10 05:50 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-11-08 07:57 . 2010-09-10 05:50 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-11-08 07:56 . 2010-09-10 05:50 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-11-08 07:56 . 2010-04-28 05:43 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-11-08 07:56 . 2010-04-28 18:13 2192000 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-11-08 07:56 . 2010-04-28 05:43 2068864 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-11-08 07:56 . 2010-04-28 05:43 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-11-08 07:56 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-11-08 07:56 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-11-08 07:56 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe 2010-11-08 07:56 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-11-08 07:56 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-11-08 07:55 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-11-08 07:55 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-11-08 07:55 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-11-08 07:55 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2010-11-08 07:44 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-11-08 07:43 . 2009-08-25 09:18 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll 2010-11-08 07:43 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2010-11-08 07:38 . 2010-07-16 12:04 221696 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-11-08 07:34 . 2010-08-16 08:44 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll 2010-11-08 07:13 . 2010-11-08 07:14 -------- d-----w- c:\windows\old2_SoftwareDistribution 2010-11-07 20:59 . 2010-11-07 20:59 -------- d-sh--w- c:\documents and settings\AFRIM\IECompatCache 2010-11-07 20:58 . 2010-11-07 20:58 -------- d-sh--w- c:\documents and settings\AFRIM\PrivacIE 2010-11-07 20:56 . 2010-11-07 20:56 -------- d-sh--w- c:\documents and settings\AFRIM\IETldCache 2010-11-07 19:31 . 2010-11-07 19:31 -------- d--h--w- c:\windows\msdownld.tmp 2010-11-07 19:28 . 2010-11-07 19:31 -------- dc-h--w- c:\windows\ie8 2010-11-07 19:04 . 2010-11-07 19:04 -------- d-----w- c:\documents and settings\AFRIM\Local Settings\Application Data\Mozilla 2010-11-07 19:04 . 2009-10-16 20:16 554360 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe 2010-11-07 16:42 . 2010-11-08 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2010-11-07 16:42 . 2010-11-07 16:42 -------- d-----w- c:\program files\BitDefender 2010-11-07 16:39 . 2010-11-08 10:47 -------- d-----w- c:\program files\Fichiers communs\BitDefender 2010-11-07 15:36 . 2010-11-08 10:49 -------- d-----w- c:\program files\Navilog1 2010-11-07 14:53 . 2010-11-07 14:53 -------- d-----w- c:\program files\Trend Micro 2010-11-07 11:52 . 2010-11-07 11:52 -------- d-----w- c:\documents and settings\AFRIM\Application Data\Malwarebytes 2010-11-07 11:52 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-07 11:52 . 2010-11-07 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-07 11:52 . 2010-11-07 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-07 11:52 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-07 11:47 . 2006-01-12 11:46 252928 ----a-r- c:\windows\system32\drivers\rt73.sys 2010-11-07 11:44 . 2010-11-08 12:47 -------- d-----w- c:\windows\system32\CatRoot2 2010-11-07 10:54 . 2008-09-10 01:15 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll 2010-11-07 10:54 . 2008-04-13 18:04 93184 -c----w- c:\windows\system32\dllcache\msxml6r.dll 2010-11-07 10:54 . 2008-04-13 18:33 10752 ------w- c:\windows\system32\smtpapi.dll 2010-11-07 10:54 . 2008-04-13 18:33 9728 ------w- c:\windows\system32\rwnh.dll 2010-11-07 10:47 . 2006-12-28 11:01 19569 ----a-w- c:\windows\006000_.tmp 2010-11-07 07:48 . 2010-11-07 07:48 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer 2010-11-07 07:08 . 2010-11-07 07:46 -------- d-----w- c:\windows\system32\wbem\Repository.001 2010-11-07 07:07 . 2008-04-13 18:34 380928 ------w- c:\windows\system32\irprops.cpl 2010-11-07 07:07 . 2009-08-06 18:24 217816 ----a-w- c:\windows\system32\wuaucpl.cpl 2010-11-07 07:01 . 2004-07-17 10:40 19528 ----a-w- c:\windows\002624_.tmp 2010-11-06 20:51 . 2003-07-22 15:47 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll 2010-11-06 20:50 . 2003-07-22 15:54 15360 -c--a-w- c:\windows\system32\dllcache\flattemp.exe 2010-11-06 20:49 . 2003-07-22 15:54 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll 2010-11-06 20:44 . 2003-02-14 16:22 24576 ----a-w- c:\windows\system32\xpsp1hfm.exe 2010-11-06 20:41 . 2008-04-13 18:33 28672 ----a-w- c:\windows\system32\nmmkcert.dll 2010-11-06 18:09 . 2008-04-13 10:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2010-11-06 18:09 . 2008-04-13 10:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2010-11-06 18:07 . 2008-04-13 17:57 58752 ----a-w- c:\windows\system32\drivers\redbook.sys 2010-11-06 18:07 . 2008-04-13 18:34 129536 ----a-w- c:\windows\system32\ksproxy.ax 2010-11-06 18:07 . 2008-04-13 18:33 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll 2010-11-06 18:07 . 2008-04-13 18:33 4096 ----a-w- c:\windows\system32\ksuser.dll 2010-11-06 18:06 . 2008-04-13 18:34 40840 ----a-w- c:\windows\system32\drivers\termdd.sys 2010-11-06 18:06 . 2008-04-13 10:32 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys 2010-11-06 18:05 . 2008-04-13 18:33 741376 ----a-w- c:\program files\Fichiers communs\Microsoft Shared\Speech\sapi.dll 2010-11-06 18:05 . 2008-04-13 18:34 146944 ----a-w- c:\windows\system\winspool.drv 2010-11-06 18:05 . 2008-04-13 10:54 11264 ----a-w- c:\windows\system32\drivers\irenum.sys 2010-11-06 18:05 . 2003-07-22 16:12 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2010-11-06 18:05 . 2003-07-22 16:12 24661 ----a-w- c:\windows\system32\spxcoins.dll 2010-11-06 18:05 . 2003-07-22 15:56 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2010-11-06 18:05 . 2003-07-22 15:56 13312 ----a-w- c:\windows\system32\irclass.dll 2010-11-06 18:05 . 2008-04-13 18:33 76800 ----a-w- c:\windows\system32\storprop.dll 2010-11-06 18:05 . 2003-07-22 15:45 415444 ----a-r- c:\windows\SET158.tmp 2010-11-06 18:05 . 2003-07-22 16:21 7046 ----a-r- c:\windows\SET144.tmp 2010-11-06 18:05 . 2003-07-22 15:56 13923 ----a-r- c:\windows\SET132.tmp 2010-11-06 18:05 . 2003-07-22 16:05 1086182 ----a-r- c:\windows\SET126.tmp 2010-11-05 17:52 . 2010-11-05 17:52 -------- d-----w- C:\$AVG 2010-11-05 10:35 . 2010-11-05 10:35 -------- d-----r- C:\VProRecovery . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-05 10:02 . 2006-01-06 18:24 90112 ----a-w- c:\windows\DUMP46fb.tmp 2010-11-05 08:47 . 2006-01-06 18:24 90112 ----a-w- c:\windows\DUMP3901.tmp 2010-11-05 06:46 . 2006-01-06 18:24 90112 ----a-w- c:\windows\DUMP39dc.tmp 2010-11-05 06:42 . 2006-01-06 18:24 90112 ----a-w- c:\windows\DUMP394f.tmp 2010-11-05 06:38 . 2006-01-06 18:24 90112 ----a-w- c:\windows\DUMP466f.tmp 2010-09-18 11:23 . 2003-07-22 15:59 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2003-07-22 15:59 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2003-07-22 15:59 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2003-07-22 15:59 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:50 . 2003-07-22 16:18 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:50 . 2003-07-22 15:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:50 . 2003-07-22 15:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:51 . 2003-07-22 15:49 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:55 . 2003-07-22 16:18 1852928 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2003-07-22 16:13 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:58 . 2003-07-22 16:12 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2003-07-22 16:12 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:12 . 2003-07-22 15:50 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2003-07-22 16:12 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:44 . 2002-11-07 16:48 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2007-09-05 12:38 . 2007-09-05 12:38 643129 ----a-w- c:\program files\unins000.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-06 98304] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "PSBO Clean"="c:\program files\Box Operator\PSBO.exe" [2006-07-20 851968] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 344064] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-3-14 954475] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check(2).lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(2).lnk backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(2).lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-06-23 18:33 57344 ----a-w- c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2006-02-09 20:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] 2005-08-31 11:06 106496 ----a-w- c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-13 18:34 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] 2004-12-06 01:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-01-27 01:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] 2005-02-23 16:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2005-06-17 07:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-06-10 10:44 249856 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-06-10 10:44 81920 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-01-06 18:47 98304 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2006-01-06 18:47 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2005-03-22 16:20 339968 ----a-w- c:\windows\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2003-11-19 17:48 32881 ----a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"= "c:\\Program Files\\Box Operator\\PSBO.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2010 19:44 135664] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - SPUPDSVC . Contenu du dossier 'Tâches planifiées' 2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:43] 2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 18:43] 2010-11-08 c:\windows\Tasks\User_Feed_Synchronization-{A65AA279-6748-49BE-A32D-E7EB8AA4B396}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] 2010-11-08 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-27 20:18] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.dell.fr/myway IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6253\SiteAdv.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-11-08 13:54 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*] "C040AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Heure de fin: 2010-11-08 13:56:38 ComboFix-quarantined-files.txt 2010-11-08 12:56 Avant-CF: 225 388 830 720 octets libres Après-CF: 225 346 228 224 octets libres - - End Of File - - 16CBF03F22E8708D96F6C54F0224BB77 Je n'ai plus de grave symptômes, l'ordi fonctionne normalement, j'ai pu faire les mises a jour, il ne rame pas trop.

Bonjour et merci de me repondre. Effectivement je n'ais pas de rapport de combofix. Pour le winlogon voici le rapport Antivirus Version Last Update Result AhnLab-V3 2010.11.08.00 2010.11.08 - AntiVir 7.10.13.164 2010.11.07 - Antiy-AVL 2.0.3.7 2010.11.08 - Authentium 5.2.0.5 2010.11.08 - Avast 4.8.1351.0 2010.11.07 - Avast5 5.0.594.0 2010.11.07 - AVG 9.0.0.851 2010.11.07 - BitDefender 7.2 2010.11.08 - CAT-QuickHeal 11.00 2010.11.04 - ClamAV 0.96.2.0-git 2010.11.08 - Comodo 6650 2010.11.08 - DrWeb 5.0.2.03300 2010.11.08 - Emsisoft 5.0.0.50 2010.11.08 - eTrust-Vet 36.1.7958 2010.11.05 - F-Prot 4.6.2.117 2010.11.07 - F-Secure 9.0.16160.0 2010.11.08 - Fortinet 4.2.249.0 2010.11.08 - GData 21 2010.11.08 - Ikarus T3.1.1.90.0 2010.11.08 - Jiangmin 13.0.900 2010.11.08 - K7AntiVirus 9.67.2903 2010.11.03 - Kaspersky 7.0.0.125 2010.11.08 - McAfee 5.400.0.1158 2010.11.08 - McAfee-GW-Edition 2010.1C 2010.11.08 - Microsoft 1.6301 2010.11.08 - NOD32 5599 2010.11.07 - Norman 6.06.10 2010.11.07 - nProtect 2010-11-08.02 2010.11.08 Trojan-Downloader/W32.Small.512000.B Panda 10.0.2.7 2010.11.07 - PCTools 7.0.3.5 2010.11.08 - Prevx 3.0 2010.11.08 - Rising 22.72.06.01 2010.11.08 - Sophos 4.59.0 2010.11.08 - Sunbelt 7248 2010.11.08 - SUPERAntiSpyware 4.40.0.1006 2010.11.08 - Symantec 20101.2.0.161 2010.11.08 - TheHacker 6.7.0.1.080 2010.11.08 - TrendMicro 9.120.0.1004 2010.11.08 - TrendMicro-HouseCall 9.120.0.1004 2010.11.08 - VBA32 3.12.14.1 2010.11.05 - ViRobot 2010.10.4.4074 2010.11.08 - VirusBuster 12.72.1.1 2010.11.07 - Et voici le rapport pour explorer : Antivirus Version Last Update Result AhnLab-V3 2010.11.08.00 2010.11.08 - AntiVir 7.10.13.164 2010.11.07 - Antiy-AVL 2.0.3.7 2010.11.08 - Authentium 5.2.0.5 2010.11.08 - Avast 4.8.1351.0 2010.11.07 - Avast5 5.0.594.0 2010.11.07 - AVG 9.0.0.851 2010.11.07 - BitDefender 7.2 2010.11.08 - CAT-QuickHeal 11.00 2010.11.04 - ClamAV 0.96.2.0-git 2010.11.08 - Comodo 6650 2010.11.08 - DrWeb 5.0.2.03300 2010.11.08 - Emsisoft 5.0.0.50 2010.11.08 - eSafe 7.0.17.0 2010.11.07 - eTrust-Vet 36.1.7958 2010.11.05 - F-Prot 4.6.2.117 2010.11.07 - F-Secure 9.0.16160.0 2010.11.08 - Fortinet 4.2.249.0 2010.11.08 - GData 21 2010.11.08 - Ikarus T3.1.1.90.0 2010.11.08 - Jiangmin 13.0.900 2010.11.08 - K7AntiVirus 9.67.2903 2010.11.03 - Kaspersky 7.0.0.125 2010.11.08 - McAfee 5.400.0.1158 2010.11.08 - McAfee-GW-Edition 2010.1C 2010.11.08 - Microsoft 1.6301 2010.11.08 - NOD32 5599 2010.11.07 - Norman 6.06.10 2010.11.07 - nProtect 2010-11-08.02 2010.11.08 - Panda 10.0.2.7 2010.11.07 - PCTools 7.0.3.5 2010.11.08 - Prevx 3.0 2010.11.08 - Rising 22.72.06.01 2010.11.08 - Sophos 4.59.0 2010.11.08 - Sunbelt 7248 2010.11.08 - SUPERAntiSpyware 4.40.0.1006 2010.11.08 - Symantec 20101.2.0.161 2010.11.08 - TheHacker 6.7.0.1.080 2010.11.08 - TrendMicro 9.120.0.1004 2010.11.08 - TrendMicro-HouseCall 9.120.0.1004 2010.11.08 - VBA32 3.12.14.1 2010.11.05 - ViRobot 2010.10.4.4074 2010.11.08 - VirusBuster 12.72.1.1 2010.11.07 - Bon, a priori on a donc un pb avec un cheval de troie... pourquoi malwarebyte ne l'as pas vu? il a la reputation d'être plutôt efficace....

Bonjour, Ma recherche a commencé avec une erreur récurrente ses dernieres semaines. windows me dit que wuclault.exe a planté et me propose d'envoyer le rapport a crosoft. Mais depuis des pb avec IE sont apparus. Je me suis dit qu'il devait y avoir une bebete la dessous. J'ai fait un scan avec malwarebyte, il a trouvé un adware "mywebsearch" et 1 "disabled.securitycenter". Je vous met le scan hijack en dessous. J'ai essayé de faire un scan avec combofix, il me dit qu'il a trouvé une activité de rootkit, doit redemarer le pc, mais aprés avoir redémarré et commencé le scan, j'ai droit a un ecran bleu et, redemarage forcé de l'ordi. J'ai installé un bitdefender sur l'ordi, mais il ne m'a rien trouvé. Voila, vous êtes ma derniere chance! Merci d'avance a bientôt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:19:11, on 07/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Fichiers communs\McAfee\SystemCore\mfevtps.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe C:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\stsystra.exe C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Fichiers communs\McAfee\SystemCore\ScriptSn.20101002102119.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PSBO Clean] C:\Program Files\Box Operator\PSBO.exe /clean O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Startup: ADSL.lnk = ? O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289131292546 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\SystemCore\mfevtps.exe O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 8684 bytes

Bon, a priori tout va bien! J'ai finit le nettoyage avec atf et malwarebyte. Plus de soucis. Merci pour tout!

bon, en bidouillant j'ai reussis a desinfecter un peu mieux la machine. Combofix a donc reussis a s'executer. Voici le rapport ComboFix 10-03-29.04 - HP_Propriétaire 30/03/2010 13:54:36.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.510.175 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Propriétaire.NOM-EB85C523610\Bureau\panpan.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\HP_PRO~1.NOM\LOCALS~1\Temp\apd.dat c:\documents and settings\HP_Propri‚taire.NOM-EB85C523610\Mes documents\base registre.reg c:\documents and settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temp\apd.dat . ---- Exécution préalable ------- . c:\documents and settings\HP_Propri‚taire.NOM-EB85C523610\Mes documents\base registre.reg . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DOT3SVCSRSERVICE -------\Legacy_EAPHOSTCOMSYSAPP -------\Legacy_EVENTLOGSWPRV -------\Legacy_MSUPDATE -------\Legacy_PROTECTEDSTORAGEWEBCLIENT -------\Legacy_WUAUSERVNAPAGENT -------\Legacy_WZCSVCEAPHOSTCOMSYSAPP -------\Service_Dot3svcsrservice -------\Service_EapHostCOMSysApp -------\Service_EventlogSwPrv -------\Service_ProtectedStorageWebClient -------\Service_wuauservnapagent -------\Service_WZCSVCEapHostCOMSysApp -------\Legacy_ndtyu -------\Service_ndtyu -------\Legacy_DOT3SVCSRSERVICE -------\Legacy_EAPHOSTCOMSYSAPP -------\Legacy_EVENTLOGSWPRV -------\Legacy_MSUPDATE -------\Legacy_PROTECTEDSTORAGEWEBCLIENT -------\Legacy_WUAUSERVNAPAGENT -------\Legacy_WZCSVCEAPHOSTCOMSYSAPP -------\Service_Dot3svcsrservice -------\Service_EapHostCOMSysApp -------\Service_EventlogSwPrv -------\Service_msupdate -------\Service_ProtectedStorageWebClient -------\Service_wuauservnapagent -------\Service_WZCSVCEapHostCOMSysApp -------\Legacy_DOT3SVCSRSERVICE -------\Legacy_EAPHOSTCOMSYSAPP -------\Legacy_EVENTLOGSWPRV -------\Legacy_MSUPDATE -------\Legacy_PROTECTEDSTORAGEWEBCLIENT -------\Legacy_WUAUSERVNAPAGENT -------\Legacy_WZCSVCEAPHOSTCOMSYSAPP -------\Service_Dot3svcsrservice -------\Service_EapHostCOMSysApp -------\Service_EventlogSwPrv -------\Service_msupdate -------\Service_ProtectedStorageWebClient -------\Service_wuauservnapagent -------\Service_WZCSVCEapHostCOMSysApp ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-28 au 2010-03-30 )))))))))))))))))))))))))))))))))))) . 2010-03-29 14:34 . 2009-12-21 19:07 916480 -c----w- c:\windows\system32\dllcache\wininet.dll 2010-03-29 14:34 . 2009-12-21 19:07 1208832 -c----w- c:\windows\system32\dllcache\urlmon.dll 2010-03-29 14:24 . 2010-03-29 14:38 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-03-29 14:19 . 2006-08-24 11:44 477696 ----a-w- c:\windows\system32\drivers\ZD1211BU.sys 2010-03-29 14:19 . 2005-07-12 12:44 15872 ----a-w- c:\windows\system32\InsDrvZD64.DLL 2010-03-29 14:19 . 2005-06-08 16:44 29184 ----a-w- c:\windows\system32\drivers\BRGSp50a64.sys 2010-03-29 14:19 . 2005-06-08 16:44 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys 2010-03-29 14:19 . 2005-03-18 13:35 31744 ----a-w- c:\windows\system32\drivers\ZDPSp50a64.sys 2010-03-29 14:19 . 2004-10-25 11:40 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys 2010-03-29 14:19 . 2004-03-23 14:38 28672 ----a-w- c:\windows\system32\InsDrvZD.dll 2010-03-29 14:19 . 2004-01-14 09:30 17151 ----a-w- c:\windows\system32\ZDPNDIS5.SYS 2010-03-29 14:19 . 2004-01-14 09:25 81920 ----a-w- c:\windows\system32\ZDPN50.DLL 2010-03-29 14:19 . 2003-03-14 10:24 24576 ----a-w- c:\windows\system32\ZyDelReg.exe 2010-03-29 14:19 . 2010-03-29 14:19 -------- d-----w- c:\program files\SMC 2010-03-26 21:53 . 2010-03-26 22:10 -------- d-----w- C:\panpan 2010-03-26 19:57 . 2010-03-26 20:34 -------- d-----w- c:\program files\trend micro 2010-03-26 19:32 . 2010-03-26 19:32 -------- d-----w- C:\_OTM 2010-03-26 18:21 . 2006-08-16 11:59 100352 -c----w- c:\windows\system32\dllcache\6to4svc.dll 2010-03-26 12:28 . 2010-03-26 12:28 -------- d-----w- c:\windows\ie8updates 2010-03-26 12:25 . 2010-03-26 12:26 -------- dc-h--w- c:\windows\ie8 2010-03-26 12:22 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-03-26 12:22 . 2009-12-21 19:06 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-03-26 12:22 . 2009-12-21 19:06 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-03-26 12:22 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-03-26 12:22 . 2009-12-21 19:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-03-26 12:22 . 2009-12-21 19:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-03-26 12:22 . 2009-12-21 19:06 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-03-26 12:02 . 2010-03-26 12:02 -------- d-----w- c:\program files\MSXML 6.0 2010-03-26 11:22 . 2009-07-31 09:03 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll 2010-03-26 11:22 . 2008-04-13 17:04 93184 -c----w- c:\windows\system32\dllcache\msxml6r.dll 2010-03-26 11:00 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-26 11:00 . 2010-03-26 11:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-26 11:00 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-26 10:56 . 2008-06-14 17:33 272768 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-03-26 10:56 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys 2010-03-26 10:56 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-03-26 10:55 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-03-26 10:55 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-03-26 10:53 . 2010-03-26 10:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-03-26 10:52 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-03-26 10:50 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2010-03-26 10:50 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2010-03-26 10:50 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-03-26 10:44 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll 2010-03-26 10:44 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2010-03-26 10:44 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-03-26 10:30 . 2006-01-12 11:46 252928 ----a-r- c:\windows\system32\drivers\rt73.sys 2010-03-26 07:43 . 2004-08-05 12:00 143422 -c--a-w- c:\windows\system32\dllcache\softkey.dll 2010-03-26 07:42 . 2004-08-05 12:00 44032 -c--a-w- c:\windows\system32\dllcache\imekrmig.exe 2010-03-26 07:41 . 2001-08-23 16:46 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll 2010-03-26 07:41 . 2001-08-23 16:46 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll 2010-03-26 07:41 . 2003-04-14 19:29 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll 2010-03-26 07:41 . 2003-04-14 19:29 217088 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll 2010-03-26 07:38 . 2004-08-05 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe 2010-03-26 07:17 . 2004-08-05 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2010-03-26 07:17 . 2004-08-05 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2010-03-25 12:47 . 2010-03-28 11:27 -------- d-----w- C:\$AVG 2010-03-23 20:10 . 2010-03-23 20:10 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google 2010-03-03 10:01 . 2010-02-12 10:03 293376 ----a-w- c:\windows\system32\browserchoice.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-29 15:40 . 2004-11-23 21:26 65662 ----a-w- c:\windows\system32\perfc00C.dat 2010-03-29 15:40 . 2004-11-23 21:26 448598 ----a-w- c:\windows\system32\perfh00C.dat 2010-03-29 14:19 . 2005-01-01 15:53 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-26 10:54 . 2010-03-26 10:54 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-03-26 10:54 . 2010-03-26 10:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-03-26 10:54 . 2010-03-26 10:54 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-03-26 10:54 . 2010-03-26 10:54 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-03-26 10:53 . 2008-10-08 07:57 -------- d-----w- c:\program files\AVG 2010-03-26 10:34 . 2008-10-06 07:49 -------- d-----w- c:\program files\Navilog1 2010-03-26 07:38 . 2004-11-23 21:19 23724 ----a-w- c:\windows\system32\emptyregdb.dat 2010-03-25 10:22 . 2008-05-09 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-03-25 10:17 . 2008-10-06 07:47 -------- d-----w- c:\program files\CCleaner 2010-03-24 20:06 . 2010-03-24 20:06 8 ----a-w- c:\documents and settings\NetworkService\Application Data\zcbmvn.dat 2010-02-17 18:35 . 2009-08-05 09:38 304160 ----a-w- C:\PA207.DAT 2010-02-08 13:13 . 2005-01-01 16:09 -------- d-----w- c:\program files\Google 2010-02-07 20:54 . 2006-11-23 18:45 -------- d-----w- c:\program files\eMule 2009-12-31 16:14 . 2004-08-05 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys 2008-09-27 08:37 . 2007-12-29 19:01 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ------- Sigcheck ------- [7] 2008-04-14 02:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\mfc40u.dll [-] 2004-08-05 12:00 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344] "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112] "nwiz"="nwiz.exe" [2005-08-02 1519616] c:\documents and settings\HP_Propri‚taire.NOM-EB85C523610\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] SMCWUSB-G2 Wireless Utility.lnk - c:\program files\SMC\SMCWUSB-G2 Wireless Utility\ZDWlan.exe [2010-3-29 491520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-03-26 10:54 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi9"=c:\docume~1\HP_PRO~1.NOM\LOCALS~1\Temp\apd.dat 2yAPFDOFNF [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauservnapagent"=2 (0x2) "msupdate"=2 (0x2) "EventlogSwPrv"=2 (0x2) "ProtectedStorageWebClient"=2 (0x2) "WZCSVCEapHostCOMSysApp"=2 (0x2) "Dot3svcsrservice"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/03/2010 12:54 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/03/2010 12:54 360584] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [26/03/2010 12:53 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [26/03/2010 12:53 285392] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [01/01/2005 17:37 2786176] R3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [29/03/2010 16:19 477696] S0 ndtyu;ndtyu; [x] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/02/2010 15:13 135664] S3 MRVW225;54M Wireless USB Adapter Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [09/10/2008 19:00 299776] S3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [04/08/2009 22:16 611584] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - ZDPSP50 . Contenu du dossier 'Tâches planifiées' 2010-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57] 2010-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 13:13] 2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 13:13] 2010-03-30 c:\windows\Tasks\User_Feed_Synchronization-{0F8A0EE1-4B24-4F6B-96B4-AC39D9123235}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-Locked - (no file) MSConfigStartUp-Regedit32 - c:\windows\system32\regedit.exe AddRemove-HijackThis - j:\no bug\securité\hijackthis\HijackThis.exe AddRemove-psupacdi - c:\documents and settings\hp_propriétaire.nom-eb85c523610\local settings\application data\psupacdi.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-30 14:07 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cdfss] "ImagePath"="\??\c:\windows\system32\config\SYSTEM~1\LOCALS~1\Temp\cdfss" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2868) c:\windows\system32\nview.dll c:\windows\system32\NVWRSFR.DLL c:\windows\system32\nvwddi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\nvsvc32.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\windows\ALCXMNTR.EXE c:\windows\system32\rundll32.exe c:\program files\OpenOffice.org 2.4\program\soffice.exe c:\program files\OpenOffice.org 2.4\program\soffice.BIN c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************** . Heure de fin: 2010-03-30 14:11:10 - La machine a redémarré ComboFix-quarantined-files.txt 2010-03-30 12:11 Avant-CF: 58 323 206 144 octets libres Après-CF: 58 288 263 168 octets libres - - End Of File - - 49BC7D41AD0960E7AE66FE6ECCA6DD53

Bonjour, Un petit up..... Mon amie voudrait récupérer son ordinateur, il faudrait que le finisse aujourd'hui si possible. Merci d'avance

Bonjour, Alors, j'ai un pb avec combofix. Il fait son boulot, redémarre l'ordinateur, et ensuite j'ai juste un ecran noir avec la souris.... Rien d'autre ne fonctionne. J'ai pu revenir a une version antérieur des sauvegardes (restauration a la main), et j'ai réessayer, mais j'ai eu le même pb. Que me conseilles-tu? Merci d'avance

Bonsoir et merci! Voici oldtimer : All processes killed Error: Unable to interpret <Go> in the current context! ========== FILES ========== File/Folder c:\documents and settings\hp_pro~1.nom\locals~1\temp\~nsu.tmp\au_.exe not found. File/Folder c:\windows\system32\regedit.exe not found. File/Folder c:\windows\system32\mssrv32.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 83 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: HP_Propriétaire ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 6762169 bytes ->FireFox cache emptied: 98026574 bytes ->Flash cache emptied: 33025 bytes User: HP_Propriétaire.NOM-EB85C523610 ->Temp folder emptied: 25956340 bytes ->Temporary Internet Files folder emptied: 11062183 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 29862699 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 1891651 bytes User: LocalService ->Temp folder emptied: 115348 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 83062 bytes ->Java cache emptied: 23278 bytes ->Flash cache emptied: 2955 bytes User: Rocci ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 83 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 6403518 bytes %systemroot%\System32 .tmp files removed: 3072 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2480 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 256430 bytes RecycleBin emptied: 104 bytes Total Files Cleaned = 172,00 mb OTM by OldTimer - Version 3.1.10.1 log created on 03262010_203203 Files moved on Reboot... File C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temp\~DFB5FD.tmp not found! File C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temp\~DFB60A.tmp not found! File C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temp\~DFB993.tmp not found! File C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temp\~DFB9A3.tmp not found! File C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temp\~DFBBC4.tmp not found! File C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temp\~DFBBD1.tmp not found! C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temporary Internet Files\Content.IE5\VL00KDUS\img[7].htm moved successfully. C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temporary Internet Files\Content.IE5\VL00KDUS\rectangle_300x250[1].htm moved successfully. C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temporary Internet Files\Content.IE5\RHM9GE8P\ads[2].htm moved successfully. C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temporary Internet Files\Content.IE5\RHM9GE8P\hp[1].htm moved successfully. C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temporary Internet Files\Content.IE5\RHM9GE8P\img[3].htm moved successfully. C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temporary Internet Files\Content.IE5\RHM9GE8P\le-virus-qui-tue-les-antivirus-t175188[1].htm moved successfully. C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temporary Internet Files\Content.IE5\5TUL7F4K\ban_728x90[1].htm moved successfully. C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temporary Internet Files\Content.IE5\5TUL7F4K\povh[1].htm moved successfully. C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temporary Internet Files\Content.IE5\4WVGYYOH\iframe[1].htm moved successfully. C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully. Registry entries deleted on Reboot... Voici Log : Logfile of random's system information tool 1.06 (written by random/random) Run by HP_Propriétaire at 2010-03-26 20:57:27 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 55 GB (38%) free of 145 GB Total RAM: 510 MB (18% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:57:41, on 26/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\notepad.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\ps2.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Bureau\RSIT.exe C:\Program Files\trend micro\HP_Propriétaire.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1223578484906 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Configuration automatique de réseau câblé Dot3svcsrservice (Dot3svcsrservice) - Unknown owner - C:\WINDOWS\system32\18192zi9us65an.exe (file missing) O23 - Service: Service Protocole EAP (Extensible Authentication Protocol) EapHostCOMSysApp (EapHostCOMSysApp) - Unknown owner - C:\WINDOWS\system32\17117n5z-a-vi9usb8c.exe (file missing) O23 - Service: Journal des événements EventlogSwPrv (EventlogSwPrv) - Unknown owner - C:\WINDOWS\system32\115599pambot3d2zv.exe (file missing) O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Emplacement protégé ProtectedStorageWebClient (ProtectedStorageWebClient) - Unknown owner - C:\WINDOWS\system32\12955viruszd4r.exe (file missing) O23 - Service: Mises à jour automatiques wuauservnapagent (wuauservnapagent) - Unknown owner - C:\WINDOWS\system32\18192zi9us65az.exe (file missing) O23 - Service: Configuration automatique sans fil WZCSVCEapHostCOMSysApp (WZCSVCEapHostCOMSysApp) - Unknown owner - C:\WINDOWS\system32\13054wo9m1e5zb.exe (file missing) -- End of file - 7900 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-421852651-1093862755-892129180-1008Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-421852651-1093862755-892129180-1008UA.job C:\WINDOWS\tasks\User_Feed_Synchronization-{0F8A0EE1-4B24-4F6B-96B4-AC39D9123235}.job C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-03-26 1471768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-08 279664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-08 812528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-08 279664] Locked [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656] "AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344] "PS2"=C:\WINDOWS\system32\ps2.exe [2004-10-25 90112] "nwiz"=nwiz.exe /installquiet /keeploaded /nodetect [] "AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-26 2010904] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regedit32] C:\WINDOWS\system32\regedit.exe [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Menu Démarrer\Programmes\Démarrage OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2010-03-26 12464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= scecli scecli scecli scecli [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe" "C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 ======List of files/folders created in the last 1 months====== 2010-03-26 20:57:28 ----D---- C:\Program Files\trend micro 2010-03-26 20:32:03 ----D---- C:\_OTM 2010-03-26 19:17:40 ----D---- C:\WINDOWS\Prefetch 2010-03-26 13:58:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2010-03-26 13:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2010-03-26 13:45:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2010-03-26 13:28:24 ----D---- C:\WINDOWS\ie8updates 2010-03-26 13:25:06 ----HDC---- C:\WINDOWS\ie8 2010-03-26 13:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2010-03-26 13:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2010-03-26 13:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2010-03-26 13:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2010-03-26 13:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2010-03-26 13:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-03-26 13:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$ 2010-03-26 13:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2010-03-26 13:02:38 ----D---- C:\Program Files\MSXML 6.0 2010-03-26 13:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-03-26 13:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-03-26 13:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-03-26 13:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2010-03-26 13:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-03-26 13:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-03-26 13:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2010-03-26 13:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977165-v2$ 2010-03-26 13:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2010-03-26 13:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-03-26 13:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-03-26 13:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2010-03-26 13:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2010-03-26 13:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2010-03-26 13:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-03-26 12:59:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$ 2010-03-26 12:59:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2010-03-26 12:59:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-03-26 12:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$ 2010-03-26 12:59:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2010-03-26 12:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-03-26 12:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-03-26 12:58:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-03-26 12:58:42 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2010-03-26 12:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-03-26 12:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$ 2010-03-26 12:57:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2010-03-26 12:57:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2010-03-26 12:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2010-03-26 12:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2010-03-26 12:57:19 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2010-03-26 12:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2010-03-26 12:57:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-03-26 12:56:54 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-03-26 12:56:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2010-03-26 12:56:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ 2010-03-26 12:56:21 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2010-03-26 12:56:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-03-26 12:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$ 2010-03-26 12:55:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2010-03-26 12:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2010-03-26 12:55:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2010-03-26 12:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2010-03-26 12:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2010-03-26 12:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$ 2010-03-26 12:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$ 2010-03-26 12:54:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-03-26 12:54:43 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2010-03-26 12:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2010-03-26 12:21:33 ----N---- C:\WINDOWS\system32\ieencode.dll 2010-03-26 12:00:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-26 11:54:39 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2010-03-26 11:53:43 ----D---- C:\Documents and Settings\All Users\Application Data\avg9 2010-03-26 11:37:13 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ 2010-03-26 11:28:37 ----A---- C:\WINDOWS\system32\wpa.bak 2010-03-26 08:40:25 ----A---- C:\WINDOWS\OEWABLog.txt 2010-03-26 08:39:24 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2010-03-26 08:17:25 ----A---- C:\WINDOWS\system32\spxcoins.dll 2010-03-26 08:17:25 ----A---- C:\WINDOWS\system32\irclass.dll 2010-03-26 08:16:11 ----A---- C:\WINDOWS\setuplog.txt 2010-03-25 19:43:25 ----SHD---- C:\$RECYCLE.BIN 2010-03-25 13:47:58 ----HD---- C:\$AVG 2010-03-25 12:04:41 ----A---- C:\cleannavi.txt 2010-03-25 11:31:32 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-25 11:26:03 ----A---- C:\WINDOWS\ntbtlog.txt 2010-03-25 11:07:37 ----D---- C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Application Data\Malwarebytes 2010-03-24 21:07:15 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat 2010-03-23 21:10:57 ----A---- C:\WINDOWS\kb8wx5eo5hs427wssasgd154.ini 2010-03-23 21:04:59 ----A---- C:\WINDOWS\system32\sshnas21.dll 2010-03-03 11:01:17 ----A---- C:\WINDOWS\system32\browserchoice.exe ======List of files/folders modified in the last 1 months====== 2010-03-26 20:57:28 ----RD---- C:\Program Files 2010-03-26 20:56:01 ----D---- C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Application Data\OpenOffice.org2 2010-03-26 20:55:11 ----D---- C:\WINDOWS\temp 2010-03-26 20:35:39 ----D---- C:\WINDOWS 2010-03-26 20:32:39 ----D---- C:\WINDOWS\system32 2010-03-26 19:23:14 ----HD---- C:\WINDOWS\inf 2010-03-26 19:21:29 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-26 19:20:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-03-26 19:17:13 ----D---- C:\WINDOWS\system32\wbem 2010-03-26 19:17:13 ----D---- C:\WINDOWS\system32\Setup 2010-03-26 19:17:13 ----D---- C:\WINDOWS\AppPatch 2010-03-26 19:17:12 ----RSD---- C:\WINDOWS\Fonts 2010-03-26 19:17:07 ----D---- C:\WINDOWS\system32\drivers 2010-03-26 19:15:34 ----D---- C:\WINDOWS\security 2010-03-26 14:00:12 ----D---- C:\WINDOWS\system32\CatRoot 2010-03-26 13:58:14 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-26 13:56:07 ----D---- C:\Program Files\Messenger 2010-03-26 13:56:02 ----D---- C:\WINDOWS\ime 2010-03-26 13:56:01 ----D---- C:\WINDOWS\Help 2010-03-26 13:55:47 ----D---- C:\WINDOWS\PeerNet 2010-03-26 13:55:47 ----D---- C:\Program Files\Internet Explorer 2010-03-26 13:55:46 ----D---- C:\Program Files\Movie Maker 2010-03-26 13:52:07 ----D---- C:\WINDOWS\system32\Restore 2010-03-26 13:52:07 ----D---- C:\WINDOWS\system32\npp 2010-03-26 13:52:05 ----D---- C:\WINDOWS\msagent 2010-03-26 13:52:04 ----D---- C:\WINDOWS\srchasst 2010-03-26 13:52:02 ----D---- C:\Program Files\NetMeeting 2010-03-26 13:52:00 ----D---- C:\WINDOWS\system32\Com 2010-03-26 13:51:58 ----D---- C:\Program Files\Windows NT 2010-03-26 13:51:58 ----D---- C:\Program Files\Windows Media Player 2010-03-26 13:51:57 ----D---- C:\Program Files\Outlook Express 2010-03-26 13:51:54 ----D---- C:\Program Files\Fichiers communs\System 2010-03-26 13:51:35 ----D---- C:\WINDOWS\system32\oobe 2010-03-26 13:51:33 ----D---- C:\WINDOWS\system32\usmt 2010-03-26 13:51:32 ----D---- C:\WINDOWS\system 2010-03-26 13:45:29 ----D---- C:\WINDOWS\EHome 2010-03-26 13:33:45 ----SD---- C:\WINDOWS\Tasks 2010-03-26 13:31:09 ----D---- C:\WINDOWS\system32\fr-fr 2010-03-26 13:31:08 ----D---- C:\WINDOWS\Media 2010-03-26 13:28:50 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-26 13:10:46 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-03-26 13:02:39 ----SHD---- C:\WINDOWS\Installer 2010-03-26 11:53:43 ----D---- C:\Program Files\AVG 2010-03-26 11:53:37 ----D---- C:\WINDOWS\WinSxS 2010-03-26 11:52:18 ----D---- C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Application Data\Microsoft 2010-03-26 11:34:24 ----D---- C:\Program Files\Navilog1 2010-03-26 11:33:03 ----D---- C:\WINDOWS\SoftwareDistribution 2010-03-26 11:21:54 ----D---- C:\WINDOWS\Registration 2010-03-26 09:08:59 ----D---- C:\WINDOWS\system32\1036 2010-03-26 09:08:44 ----D---- C:\WINDOWS\twain_32 2010-03-26 09:07:51 ----D---- C:\WINDOWS\system32\icsxml 2010-03-26 09:07:02 ----D---- C:\WINDOWS\system32\1033 2010-03-26 09:05:24 ----D---- C:\WINDOWS\Driver Cache 2010-03-26 08:47:36 ----SHD---- C:\System Volume Information 2010-03-26 08:46:59 ----D---- C:\WINDOWS\system32\config 2010-03-26 08:46:58 ----D---- C:\WINDOWS\nview 2010-03-26 08:40:20 ----A---- C:\WINDOWS\ODBCINST.INI 2010-03-26 08:39:54 ----D---- C:\WINDOWS\system32\ias 2010-03-26 08:39:26 ----RD---- C:\WINDOWS\Web 2010-03-26 08:39:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2010-03-26 08:39:05 ----A---- C:\WINDOWS\win.ini 2010-03-26 08:35:41 ----SH---- C:\boot.ini 2010-03-26 08:17:30 ----A---- C:\WINDOWS\system.ini 2010-03-26 08:17:14 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2010-03-25 14:19:22 ----D---- C:\Program Files\Mozilla Firefox 2010-03-25 12:17:08 ----D---- C:\Program Files\Grisoft 2010-03-25 11:22:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-03-25 11:22:34 ----D---- C:\WINDOWS\Debug 2010-03-25 11:17:57 ----D---- C:\Program Files\CCleaner 2010-03-24 16:17:36 ----D---- C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Application Data\Skype 2010-03-24 15:42:01 ----D---- C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Application Data\skypePM 2010-03-05 01:01:28 ----D---- C:\WINDOWS\network diagnostic 2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-26 333192] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-26 28424] R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-26 360584] R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-07-27 2786176] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3199328] R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-07-04 26624] R3 RT73;MSI US54SE II Wireless Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 cdfss;cdfss; \??\C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\cdfss [] S1 wcscd;wcscd; C:\WINDOWS\system32\drivers\wcscd.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744] S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MRVW225;54M Wireless USB Adapter Dirver for Windows XP; C:\WINDOWS\system32\DRIVERS\MRVW225.sys [2005-12-21 299776] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PAC207;Webcam 1200; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-29 611584] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040] R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-26 906520] R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-26 285392] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043] S2 Dot3svcsrservice;Configuration automatique de réseau câblé Dot3svcsrservice; C:\WINDOWS\system32\18192zi9us65an.exe srv [] S2 EapHostCOMSysApp;Service Protocole EAP (Extensible Authentication Protocol) EapHostCOMSysApp; C:\WINDOWS\system32\17117n5z-a-vi9usb8c.exe srv [] S2 EventlogSwPrv;Journal des événements EventlogSwPrv; C:\WINDOWS\system32\115599pambot3d2zv.exe srv [] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-08 135664] S2 ProtectedStorageWebClient;Emplacement protégé ProtectedStorageWebClient; C:\WINDOWS\system32\12955viruszd4r.exe srv [] S2 wuauservnapagent;Mises à jour automatiques wuauservnapagent; C:\WINDOWS\system32\18192zi9us65az.exe srv [] S2 WZCSVCEapHostCOMSysApp;Configuration automatique sans fil WZCSVCEapHostCOMSysApp; C:\WINDOWS\system32\13054wo9m1e5zb.exe srv [] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-28 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264] S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- Par contre je n'est pas le fichier info.txt.... Est-ce normal? Merci encore

Bonjour, J'ai recuperé le pc d'un amie qui était trés infecté. A l'aide de malwarebyte, j'ai reussi a nettoyer le disque dur partir d'un autre ordinateur. Mais je n'ai du nettoyer que la partie emmergé de l'iceberg, car il n'y a pas moyen de lancer un outils comme malwarebyte sur l'ordi ou de mettre a jour l'antivirus installé (avg). il doit donc y avoir un truc qui bloque les solutions de securité. Voici un rapport Hijackthis de cette becane : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:12:20, on 26/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\ps2.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\HP_PRO~1.NOM\LOCALS~1\Temp\~nsu.tmp\Au_.exe C:\DOCUME~1\HP_PRO~1.NOM\LOCALS~1\Temp\nss22.tmp\ns23.tmp C:\Documents and Settings\HP_Propriétaire.NOM-EB85C523610\Bureau\HP_Propriétaire.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vizzeo.fr/renseignement R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1223578484906 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Configuration automatique de réseau câblé Dot3svcsrservice (Dot3svcsrservice) - Unknown owner - C:\WINDOWS\system32\18192zi9us65an.exe (file missing) O23 - Service: Service Protocole EAP (Extensible Authentication Protocol) EapHostCOMSysApp (EapHostCOMSysApp) - Unknown owner - C:\WINDOWS\system32\17117n5z-a-vi9usb8c.exe (file missing) O23 - Service: Journal des événements EventlogSwPrv (EventlogSwPrv) - Unknown owner - C:\WINDOWS\system32\115599pambot3d2zv.exe (file missing) O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Emplacement protégé ProtectedStorageWebClient (ProtectedStorageWebClient) - Unknown owner - C:\WINDOWS\system32\12955viruszd4r.exe (file missing) O23 - Service: Mises à jour automatiques wuauservnapagent (wuauservnapagent) - Unknown owner - C:\WINDOWS\system32\18192zi9us65az.exe (file missing) O23 - Service: Configuration automatique sans fil WZCSVCEapHostCOMSysApp (WZCSVCEapHostCOMSysApp) - Unknown owner - C:\WINDOWS\system32\13054wo9m1e5zb.exe (file missing) -- End of file - 7910 bytes Merci d'avance pour votre aide, moi je patauge!

Bonjour, Ok, c'est fait. En jetant un coup d'œil sur les post de ces derniers jour, il y a pas mal de personnes qui ont les mêmes soucis que j'ai eu. je sais pas si c'est la même source d'infection, mais c'est quand même bizarre. merci encore pour ton aide. Excellente fin d'année.

Bonjour, Voici le rapport hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:22, on 24/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java2\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Logicool\Logicool WebCam Software\LWS.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logicool\Logicool Vid\vid.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dailymotion.com/fr R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.divx.com/divx/webplayerdemo/fr?y...&yo=ietyie7 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java2\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java2\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [LogicoolQCamRibbon] "C:\Program Files\Logicool\Logicool WebCam Software\LWS.exe" /hide O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Logicool Vid] "C:\Program Files\Logicool\Logicool Vid\vid.exe" -bootmode O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java2\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 6819 bytes Plus de pb avec les redirections, c'est parfait! Milles mercis, passe de bonnes fêtes!

Bonsoir, A priori ca a l'air d'aller mieux. Plus de redirections. Si ca se confirme, merci beaucoup et passe de bonnes fêtes.

re-- Voila le rapport de combofix : ComboFix 09-12-22.09 - Roger 23/12/2009 19:53:00.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1279.823 [GMT 1:00] Lancé depuis: c:\documents and settings\Roger\Mes documents\Téléchargements\ComboFix.exe AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Antivirus Plus v10 *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\_004128_.tmp.dll c:\windows\system32\_004129_.tmp.dll c:\windows\system32\_004130_.tmp.dll c:\windows\system32\_004131_.tmp.dll c:\windows\system32\_004138_.tmp.dll c:\windows\system32\_004139_.tmp.dll c:\windows\system32\_004140_.tmp.dll c:\windows\system32\_004142_.tmp.dll c:\windows\system32\_004143_.tmp.dll c:\windows\system32\_004146_.tmp.dll c:\windows\system32\_004147_.tmp.dll c:\windows\system32\_004148_.tmp.dll c:\windows\system32\_004149_.tmp.dll c:\windows\system32\_004150_.tmp.dll c:\windows\system32\_004151_.tmp.dll c:\windows\system32\_004153_.tmp.dll c:\windows\system32\_004154_.tmp.dll c:\windows\system32\_004155_.tmp.dll c:\windows\system32\_004157_.tmp.dll c:\windows\system32\_004158_.tmp.dll c:\windows\system32\_004159_.tmp.dll c:\windows\system32\_004160_.tmp.dll c:\windows\system32\_004161_.tmp.dll c:\windows\system32\_004162_.tmp.dll c:\windows\system32\_004163_.tmp.dll c:\windows\system32\_004166_.tmp.dll c:\windows\system32\_004167_.tmp.dll c:\windows\system32\_004168_.tmp.dll c:\windows\system32\_004169_.tmp.dll c:\windows\system32\_004170_.tmp.dll c:\windows\system32\_004171_.tmp.dll c:\windows\system32\_004172_.tmp.dll c:\windows\system32\_004173_.tmp.dll c:\windows\system32\_004176_.tmp.dll c:\windows\system32\_004177_.tmp.dll c:\windows\system32\_004179_.tmp.dll c:\windows\system32\_004180_.tmp.dll c:\windows\system32\_004181_.tmp.dll c:\windows\system32\_004182_.tmp.dll c:\windows\system32\_004184_.tmp.dll c:\windows\system32\_004185_.tmp.dll c:\windows\system32\_004187_.tmp.dll c:\windows\system32\_004189_.tmp.dll c:\windows\system32\_004190_.tmp.dll c:\windows\system32\_004191_.tmp.dll c:\windows\system32\_004192_.tmp.dll c:\windows\system32\_004193_.tmp.dll c:\windows\system32\_004194_.tmp.dll c:\windows\system32\_004196_.tmp.dll c:\windows\system32\_004197_.tmp.dll c:\windows\system32\_004198_.tmp.dll c:\windows\system32\_004199_.tmp.dll c:\windows\system32\_004200_.tmp.dll c:\windows\system32\_004201_.tmp.dll c:\windows\system32\_004202_.tmp.dll c:\windows\system32\_004203_.tmp.dll c:\windows\system32\_004204_.tmp.dll c:\windows\system32\_004205_.tmp.dll c:\windows\system32\_004207_.tmp.dll c:\windows\system32\_004209_.tmp.dll c:\windows\system32\_004210_.tmp.dll c:\windows\system32\_004211_.tmp.dll c:\windows\system32\_004212_.tmp.dll c:\windows\system32\_004213_.tmp.dll c:\windows\system32\_004218_.tmp.dll c:\windows\system32\_004220_.tmp.dll . original MBR restored successfully ! . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SSHNAS ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-23 au 2009-12-23 )))))))))))))))))))))))))))))))))))) . 2009-12-23 17:02 . 2009-12-23 17:03 -------- d-----w- C:\rsit 2009-12-22 10:07 . 2009-12-22 10:07 -------- d-----w- c:\program files\Java2 2009-12-22 10:06 . 2009-12-22 10:06 152576 ----a-w- c:\documents and settings\Roger\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-22 10:05 . 2009-12-22 10:05 79488 ----a-w- c:\documents and settings\Roger\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-22 09:06 . 2009-12-22 09:06 -------- d-----w- c:\program files\Trend Micro 2009-12-22 06:58 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys 2009-12-21 19:35 . 2009-12-22 10:07 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-21 19:11 . 2009-12-22 07:44 -------- d-----w- c:\program files\Navilog1 2009-12-21 19:08 . 2009-12-23 19:02 -------- d-----w- c:\windows\system32\CatRoot2 2009-12-21 18:58 . 2006-01-12 11:46 252928 ----a-r- c:\windows\system32\drivers\rt73.sys 2009-12-21 14:04 . 2009-12-21 14:04 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-21 14:03 . 2009-12-21 14:03 -------- d-----w- c:\documents and settings\Roger\Application Data\Malwarebytes 2009-12-21 14:03 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-21 14:03 . 2009-12-21 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-21 14:03 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-21 14:03 . 2009-12-22 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-15 10:30 . 2009-12-21 19:43 -------- d-----w- c:\program files\Enigma Software Group 2009-12-14 12:21 . 2009-12-16 10:34 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing 2009-12-14 12:21 . 2009-12-14 12:21 -------- d-----w- c:\documents and settings\HelpAssistant\UserData 2009-12-14 12:21 . 2009-12-14 12:21 -------- d-----w- c:\documents and settings\HelpAssistant\PrivacIE 2009-12-14 11:44 . 2009-12-14 14:43 -------- d-----w- c:\documents and settings\HelpAssistant\IETldCache 2009-12-14 11:44 . 2009-12-14 14:43 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache 2009-12-14 11:41 . 2009-12-14 11:41 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts 2009-12-07 20:24 . 2009-12-09 09:51 -------- d-----w- c:\program files\BitTorrent 2009-11-25 16:07 . 2009-11-28 14:46 -------- d-----w- C:\Need4Video files 2009-11-24 23:35 . 2009-11-24 23:35 -------- d-----w- c:\program files\Need4 Software Launcher 2009-11-24 23:35 . 2009-11-24 23:35 -------- d-----w- c:\program files\Need4 Video Converter 6 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-23 19:02 . 2009-09-30 12:05 -------- d-----w- c:\program files\Fichiers communs\Akamai 2009-12-23 19:00 . 2008-07-03 07:38 81984 ----a-w- c:\windows\system32\bdod.bin 2009-12-21 15:15 . 2008-07-03 08:02 -------- d-----w- c:\program files\CCleaner 2009-12-15 16:57 . 2004-08-05 12:00 81506 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-15 16:57 . 2004-08-05 12:00 502070 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-15 16:50 . 2008-07-03 07:33 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-15 16:50 . 2009-04-05 15:55 -------- d-----w- c:\program files\Samsung 2009-12-15 11:08 . 2008-12-23 20:55 -------- d-----w- c:\documents and settings\Roger\Application Data\uTorrent 2009-12-14 21:40 . 2008-08-09 01:38 -------- d-----w- c:\documents and settings\Roger\Application Data\LimeWire 2009-12-13 13:22 . 2009-08-03 16:11 -------- d-----w- c:\program files\Fichiers communs\logishrd 2009-11-24 11:24 . 2008-07-03 09:53 -------- d-----w- c:\documents and settings\Roger\Application Data\OpenOffice.org2 2009-11-24 11:22 . 2008-07-03 10:01 1 ----a-w- c:\documents and settings\Roger\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys 2009-11-17 22:26 . 2008-08-09 01:36 -------- d-----w- c:\program files\LimeWire 2009-11-09 07:36 . 2009-11-09 07:36 265797 ----a-w- c:\windows\system32\pdvcodec.dll 2009-10-29 07:42 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 06:03 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 06:03 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 14:58 . 2009-01-06 18:22 263552 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:52 . 2004-08-05 12:00 267776 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:52 . 2004-08-05 12:00 69632 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:52 . 2004-08-05 12:00 113152 ----a-w- c:\windows\system32\rastls.dll 2009-09-30 16:46 . 2009-09-30 16:46 96 ---ha-w- c:\windows\system32\HsInfo.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Logicool Vid"="c:\program files\Logicool\Logicool Vid\vid.exe" [2009-06-02 5451536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2008-07-03 290816] "BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632] "LogicoolQCamRibbon"="c:\program files\Logicool\Logicool WebCam Software\LWS.exe" [2009-05-08 2778896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SeaPort"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "gupdate1c9c45088955c8c"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"= "c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Logicool\\Logicool Vid\\Vid.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "2479:TCP"= 2479:TCP:Services "5522:TCP"= 5522:TCP:Services "3389:TCP"= 3389:TCP:Remote Desktop "3246:TCP"= 3246:TCP:Services R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [05/08/2004 13:00 14336] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16/03/2009 20:38 54752] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [05/04/2009 16:59 36608] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [21/12/2009 15:03 38224] S3 MRVW225;54M Wireless USB Adapter Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [03/07/2008 09:48 299776] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 gupdate1c9c45088955c8c;Service Google Update (gupdate1c9c45088955c8c);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://www.dailymotion.com/fr uInternet Connection Wizard,ShellNext = hxxp://go.divx.com/divx/webplayerdemo/fr?yrv=1&yoc=divx&ydt=divxdotcom&ybt=DFW&ybv=6.8&yo=ietyie7 FF - ProfilePath - c:\documents and settings\Roger\Application Data\Mozilla\Firefox\Profiles\bknp7rxc.default\ FF - plugin: c:\program files\Java2\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: c:\program files\Java2\jre6\bin\new_plugin\npjp2.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Notify-dimsntfy - (no file) MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe AddRemove-HijackThis - e:\no bug\securité\hijackthis\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-23 20:03 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1928) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Java2\jre6\bin\jqs.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe c:\program files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe c:\program files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\wscntfy.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MICROS~3\rapimgr.exe c:\program files\Softwin\BitDefender10\vsserv.exe c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2009-12-23 20:08:48 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-23 19:08 Avant-CF: 17 460 858 880 octets libres Après-CF: 17 368 252 416 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect - - End Of File - - 9A74740D92A579B1D1A026C9A98CC295

Et voila le rapport log : Logfile of random's system information tool 1.06 (written by random/random) Run by Roger at 2009-12-23 18:02:12 Microsoft Windows XP Édition familiale Service Pack 2 System drive C: has 17 GB (44%) free of 38 GB Total RAM: 1279 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:03:17, on 23/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java2\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Logicool\Logicool WebCam Software\LWS.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logicool\Logicool Vid\vid.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Roger\Mes documents\Téléchargements\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Roger.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dailymotion.com/fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dailymotion.com/fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dailymotion.com/fr R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.divx.com/divx/webplayerdemo/fr?y...&yo=ietyie7 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java2\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java2\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [LogicoolQCamRibbon] "C:\Program Files\Logicool\Logicool WebCam Software\LWS.exe" /hide O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Logicool Vid] "C:\Program Files\Logicool\Logicool Vid\vid.exe" -bootmode O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java2\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 6962 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\User_Feed_Synchronization-{F4A23A8F-B987-4027-8570-8D426C98AD23}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java2\jre6\bin\jp2ssv.dll [2009-12-22 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java2\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-22 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] Locked [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "BDMCon"=C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe [2008-07-03 290816] "BDAgent"=C:\Program Files\Softwin\BitDefender10\bdagent.exe [2007-03-26 69632] "LogicoolQCamRibbon"=C:\Program Files\Logicool\Logicool WebCam Software\LWS.exe [2009-05-08 2778896] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] "Logicool Vid"=C:\Program Files\Logicool\Logicool Vid\vid.exe [2009-06-02 5451536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SeaPort"=2 "JavaQuickStarterService"=2 "gupdate1c9c45088955c8c"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="sockspy.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= scecli scecli scecli [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server" "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Logicool\Logicool Vid\Vid.exe"="C:\Program Files\Logicool\Logicool Vid\Vid.exe:*:Enabled:Logicool Vid" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" ======List of files/folders created in the last 1 months====== 2009-12-23 18:02:12 ----D---- C:\rsit 2009-12-22 11:08:11 ----A---- C:\WINDOWS\system32\javaws.exe 2009-12-22 11:08:11 ----A---- C:\WINDOWS\system32\javaw.exe 2009-12-22 11:08:10 ----A---- C:\WINDOWS\system32\java.exe 2009-12-22 11:07:30 ----D---- C:\Program Files\Java2 2009-12-22 10:06:18 ----D---- C:\Program Files\Trend Micro 2009-12-22 07:58:27 ----D---- C:\Program Files\GRISOFT 2009-12-21 20:35:15 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-12-21 20:11:59 ----A---- C:\cleannavi.txt 2009-12-21 20:11:40 ----D---- C:\Program Files\Navilog1 2009-12-21 20:08:09 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-21 15:03:51 ----D---- C:\Documents and Settings\Roger\Application Data\Malwarebytes 2009-12-21 15:03:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-12-21 15:03:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-15 11:30:12 ----D---- C:\Program Files\Enigma Software Group 2009-12-07 21:24:05 ----D---- C:\Program Files\BitTorrent 2009-11-25 17:07:20 ----D---- C:\Need4Video files 2009-11-25 00:35:44 ----D---- C:\Program Files\Need4 Software Launcher 2009-11-25 00:35:27 ----D---- C:\Program Files\Need4 Video Converter 6 2009-11-24 21:22:51 ----N---- C:\WINDOWS\system32\spmsg.dll ======List of files/folders modified in the last 1 months====== 2009-12-23 18:03:03 ----D---- C:\WINDOWS\Temp 2009-12-23 18:01:56 ----D---- C:\WINDOWS\Prefetch 2009-12-23 18:00:53 ----A---- C:\WINDOWS\win.ini 2009-12-23 17:55:58 ----D---- C:\Program Files\Mozilla Firefox 2009-12-23 17:45:51 ----D---- C:\Program Files\Fichiers communs\Akamai 2009-12-23 13:25:11 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-22 13:40:36 ----D---- C:\WINDOWS\WBEM 2009-12-22 13:40:36 ----D---- C:\WINDOWS\system32\drivers 2009-12-22 12:12:02 ----D---- C:\WINDOWS\system32 2009-12-22 11:09:08 ----SHD---- C:\WINDOWS\Installer 2009-12-22 11:09:02 ----SHD---- C:\Config.Msi 2009-12-22 11:07:30 ----RD---- C:\Program Files 2009-12-22 10:50:21 ----SH---- C:\boot.ini 2009-12-22 10:50:20 ----A---- C:\WINDOWS\system.ini 2009-12-22 10:20:00 ----D---- C:\Program Files\Fichiers communs 2009-12-22 10:08:24 ----HD---- C:\WINDOWS\inf 2009-12-21 21:03:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2009-12-21 20:18:49 ----D---- C:\WINDOWS 2009-12-21 20:09:06 ----D---- C:\WINDOWS\system32\CatRoot 2009-12-21 19:33:25 ----HDC---- C:\WINDOWS\ie7 2009-12-21 16:54:33 ----D---- C:\WINDOWS\repair 2009-12-21 16:52:25 ----SD---- C:\WINDOWS\Tasks 2009-12-21 16:15:11 ----D---- C:\Program Files\CCleaner 2009-12-21 15:36:21 ----D---- C:\Program Files\Internet Explorer 2009-12-18 12:44:03 ----A---- C:\WINDOWS\NeroDigital.ini 2009-12-16 11:06:31 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers 2009-12-15 17:57:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-15 17:50:40 ----HD---- C:\Program Files\InstallShield Installation Information 2009-12-15 17:50:31 ----D---- C:\Program Files\Samsung 2009-12-15 17:38:42 ----D---- C:\WINDOWS\Debug 2009-12-15 17:38:38 ----D---- C:\WINDOWS\Minidump 2009-12-15 12:31:20 ----D---- C:\Netts 2009-12-15 12:08:32 ----D---- C:\Documents and Settings\Roger\Application Data\uTorrent 2009-12-14 22:40:29 ----D---- C:\Documents and Settings\Roger\Application Data\LimeWire 2009-12-14 00:28:23 ----D---- C:\Documents and Settings 2009-12-13 14:22:36 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-13 14:22:32 ----D---- C:\Program Files\Fichiers communs\logishrd 2009-12-13 12:07:56 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-12-09 19:16:52 ----D---- C:\WINDOWS\ie8updates 2009-12-09 19:16:21 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-09 19:11:26 ----D---- C:\WINDOWS\WinSxS 2009-12-08 19:49:28 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe 2009-11-24 12:24:59 ----D---- C:\Documents and Settings\Roger\Application Data\OpenOffice.org2 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968] R1 bdpredir;bdpredir; \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys [] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320] R2 BDRSDRV;BDRSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys [] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816] R3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 327168] R3 BDFSDRV;BDFSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys [] R3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2008-12-23 94208] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2009-04-30 24984] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-23 47360] R3 RT73;MSI US54SE II Wireless Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-05-28 500568] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056] S3 bdfdll;bdfdll; C:\WINDOWS\system32\drivers\bdfdll.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS [] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 MRVW225;54M Wireless USB Adapter Dirver for Windows XP; C:\WINDOWS\system32\DRIVERS\MRVW225.sys [2005-12-21 299776] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2009-04-30 2687512] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336] R2 bdss;BitDefender Scan Server; C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe [2007-01-19 81920] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java2\jre6\bin\jqs.exe [2009-12-22 153376] R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe [2008-08-09 278528] R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 150040] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\Softwin\BitDefender10\vsserv.exe [2008-07-03 462848] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R2 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe [2006-11-09 86016] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112] S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des -service [] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336] S4 gupdate1c9c45088955c8c;Service Google Update (gupdate1c9c45088955c8c); C:\Program Files\Google\Update\GoogleUpdate.exe /svc [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] -----------------EOF----------------- Et voila le rapport info : info.txt logfile of random's system information tool 1.06 2009-12-23 18:03:25 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B} Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Akamai NetSession Interface-->C:\Program Files\Fichiers communs\Akamai\uninstall.exe Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe BitDefender Antivirus v10-->MsiExec.exe /I{9609871C-BE91-48A7-ADC0-628DF4706397} BlindWrite 6-->"C:\Program Files\VSO\BlindWrite6\unins000.exe" CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1} Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HijackThis 2.0.2-->"E:\no bug\securité\hijackthis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} LimeWire 5.2.10-->"C:\Program Files\LimeWire\uninstall.exe" Logicool Vid-->MsiExec.exe /I{7811787C-BB20-4878-BA62-6AD0D503467F} Logicool Webcam Software-->MsiExec.exe /I{9BF07516-4C12-4244-92B0-BAB1026D47E0} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Manuel de l'appareil Windows Mobile®-->C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour pour Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Mozilla Firefox (3.5.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA} Navilog1 3.2.1-->"C:\Program Files\Navilog1\unins000.exe" Nero 7 Essentials-->MsiExec.exe /X{66EBD70F-A42C-475F-AEDF-277378151036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} OpenOffice.org 2.4-->MsiExec.exe /I{1E0FF527-971B-4BBF-83D1-987E8DEE437D} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC} Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353} Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: Bitdefender Antivirus FW: BitDefender Antivirus Plus v10 (disabled) ======System event log====== Computer Name: ROGER-4EACF7979 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service BitDefender Virus Shield. Record Number: 56724 Source Name: Service Control Manager Time Written: 20091213203739.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: ROGER-4EACF7979 Event Code: 7036 Message: Le service BitDefender Scan Server est entré dans l'état : en cours d'exécution. Record Number: 56723 Source Name: Service Control Manager Time Written: 20091213203738.000000+060 Event Type: Informations User: Computer Name: ROGER-4EACF7979 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service BitDefender Scan Server. Record Number: 56722 Source Name: Service Control Manager Time Written: 20091213203719.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: ROGER-4EACF7979 Event Code: 7036 Message: Le service BitDefender Scan Server est entré dans l'état : arrêté. Record Number: 56721 Source Name: Service Control Manager Time Written: 20091213203715.000000+060 Event Type: Informations User: Computer Name: ROGER-4EACF7979 Event Code: 7035 Message: Un contrôle Arrêter a correctement été envoyé au service BitDefender Scan Server. Record Number: 56720 Source Name: Service Control Manager Time Written: 20091213203712.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: ROGER-4EACF7979 Event Code: 1000 Message: Les compteurs de performances pour le service ASP.NET (ASP.NET) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 185 Source Name: LoadPerf Time Written: 20090808190706.000000+120 Event Type: Informations User: Computer Name: ROGER-4EACF7979 Event Code: 1001 Message: Les compteurs de performances pour le service ASP.NET (ASP.NET) ont été supprimés. Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système et les dernières entrées du registre d'aide. Record Number: 184 Source Name: LoadPerf Time Written: 20090808190705.000000+120 Event Type: Informations User: Computer Name: ROGER-4EACF7979 Event Code: 1000 Message: Les compteurs de performances pour le service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 183 Source Name: LoadPerf Time Written: 20090808190705.000000+120 Event Type: Informations User: Computer Name: ROGER-4EACF7979 Event Code: 1000 Message: Les compteurs de performances pour le service aspnet_state (ASP.NET State Service) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 182 Source Name: LoadPerf Time Written: 20090808190703.000000+120 Event Type: Informations User: Computer Name: ROGER-4EACF7979 Event Code: 1001 Message: Les compteurs de performances pour le service aspnet_state (ASP.NET State Service) ont été supprimés. Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système et les dernières entrées du registre d'aide. Record Number: 181 Source Name: LoadPerf Time Written: 20090808190703.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\DivX Shared\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel "PROCESSOR_REVISION"=0204 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------

Bonsoir, Je te fais ca dans dix minutes, mais je tiens a rappeler (si ca peut t'aider dans la recherche) que les redirections de liens ne se font que a partir d'une recherche dans google. Si je tape une adresse (par ex celle de zebulon, pas de soucis) si je fais une recherche a partir de bing, pas de soucis. Mais les adresse vers lesquelles je suis redirigés sont clairement des sites web piegés, puisque j'ai ensuite des infections dans les fichiers internet temporaire. Voila, voila, je te poste la rapport dés qu'il a finit. Merci