lezenete

Voilà ! Merci beaucoup, je pense que ça a marché ! Le rapport SDFix : SDFix: Version 1.198 Run by souad on 27/06/2008 at 18:13 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\NHATQU~1.EXE - Deleted C:\WINDOWS\SYSTEM32\SCVHSOT.EXE - Deleted C:\WINDOWS\SYSTEM32\TEST1.EXE - Deleted C:\WINDOWS\svchost.ini - Deleted C:\WINDOWS\system32\scvhsot.exe - Deleted C:\WINDOWS\system32\setting.ini - Deleted C:\WINDOWS\system32\SCVHSOT.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-27 18:26:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 4 Aug 2004 4,639 A.SH. --- "C:\Program Files\Windows Media Player\mplayer2.exe" Wed 4 Aug 2004 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe" Sat 2 Apr 2005 32,768 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL0004.tmp" Fri 30 May 2008 1,633,280 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL0005.tmp" Thu 9 Jun 2005 41,984 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL0620.tmp" Sun 30 Mar 2008 61,440 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL0837.tmp" Sun 30 Mar 2008 58,368 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL0956.tmp" Sun 30 Mar 2008 60,416 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL0989.tmp" Thu 9 Jun 2005 44,032 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL1548.tmp" Thu 9 Jun 2005 43,520 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL2033.tmp" Thu 9 Jun 2005 21,504 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL2199.tmp" Thu 9 Jun 2005 44,544 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL2352.tmp" Thu 9 Jun 2005 38,400 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL2369.tmp" Sat 31 May 2008 1,711,616 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL3055.tmp" Thu 9 Jun 2005 44,544 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL3195.tmp" Thu 9 Jun 2005 29,184 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL3208.tmp" Mon 16 Jun 2008 825,856 ...H. --- "C:\Documents and Settings\souad\Mes documents\~WRL3761.tmp" Tue 29 Jan 2008 25,839,664 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\60ca6af11040112be1355236afadeb90\BIT1.tmp" Sat 7 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT2.tmp" Wed 25 Jun 2008 8,723,064 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc60d8716d384e35a0e06fa6ac381a18\BIT4.tmp" Thu 9 Jun 2005 19,456 ...H. --- "C:\Documents and Settings\souad\Application Data\Microsoft\Word\~WRL0004.tmp" Thu 9 Jun 2005 22,528 ...H. --- "C:\Documents and Settings\souad\Application Data\Microsoft\Word\~WRL0499.tmp" Thu 9 Jun 2005 35,328 ...H. --- "C:\Documents and Settings\souad\Application Data\Microsoft\Word\~WRL1301.tmp" Thu 9 Jun 2005 26,112 ...H. --- "C:\Documents and Settings\souad\Application Data\Microsoft\Word\~WRL1882.tmp" Thu 9 Jun 2005 34,304 ...H. --- "C:\Documents and Settings\souad\Application Data\Microsoft\Word\~WRL2062.tmp" Finished! Le second rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:34:25, on 27/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\souad\Bureau\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0 \avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0 \Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32 \spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3- AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1 \MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1 \Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .TIF: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6AD34FFE-7878-4E8D-AE68-F86C37761AC2}: NameServer = 41.221.20.4 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5215 bytes Je reste à l'écoute pour d'éventuels autres conseils, et, encore une fois, merci beaucoup, angelique, le (ou la) bien nommé(e)!! A+

Bonjour ! A la demande d'un ami qui avait (je pensais) quelques petits problèmes avec son PC, du genre lenteur, j'ai proposé mon aide pour une petite défragmentation (mon ami est pratiquement out pour ces petites choses). Mais au démarrage du PC, j'ai compris que la lenteur devait certainement provenir de la présence de virus ou de méchantes choses de ce type-là, surtout que l'antivirus avait été désactivé. J'ai donc réactivé l'antivirus, lancé l'analyse, et parallèlement téléchargé et excéuté Hijackthis, dont voici le log. Je suis sûr que beaucoup de vilaines bêtes seront découvertes ! Merci d'avance pour toute l'aide que vous voudrez bien nous accorder. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:01:22, on 27/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Winamp\Winampa.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\souad\Bureau\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe SSVICHOSST.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Statistiques d'Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .TIF: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6AD34FFE-7878-4E8D-AE68-F86C37761AC2}: NameServer = 41.221.20.4 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5415 bytes

J'ai effectivement installé SMR pour Firefox selon la procédure indiquée. Mais cela a eu pour effet de ralentir le surf, et la page d'accueil de Firefox a mis près d'un quart d'heure pour s'afficher. Après plusieurs tentatives, j'ai comparé avec IE7, qui ne souffrait plus alors de la comparaison. J'ai désinstallé SMR proprement, et là j'ai pu naviguer normalement avec Firefox.

Hi ! C'est OK pour SMR, mais avec Zebprotect, j'ai encore un message d'erreur quand je le lance : Run-time error:'70' Permission denied

Bonjour, oGu ! Merci pour tes précieux conseils, que j'ai pratiquement tous appliqués. Néanmoins, j'ai mis de côté : Zebprotect, parce que difficile à télécharger ou corrompu lorsque j'y arrive, StripMyRights parce que trop compliqué pour moi et que je n'utilise pas trop le chat, CCleaner auquel je préfère un des modules de TuneUp Utilities, Ceci étant, les choses vont beaucoup mieux, et j'ai installé et exécuté Ewido et Malwaresbytes sur le laptop de mon fils. Rien à signaler de ce côté-là. Merci encore!!

J'ai désactivé la mise à jour automatique de RealPlayer, le lancement du lecteur de CD virtuel, NeroCheck et MemOptimizer. J'ai utilisé pour cela un module de TuneUp Utilities (StartUp Manager) où il y a juste quelques cases à décocher). J'ai laissé l'assistant d'Adobe, qui me permet de générer des fichiers PDF, mon activité principale étant dans le télétravail. Voilà ! Pour la partie "sécurisation", je suis évidemment prêt! A+

Salut oGu ! J'ai bien lu tes conseils, et la plupart m'ont conforté dans ce que je voulais faire, mais je ne savais pas si c'était la bonne solution. Pour ce qui est des programmes qui se lancent au démarrage, tes conseils m'ont donc libéré, et je me suis empressé de les suivre, sauf pour GoogleDesktopSearch, qui présente, pour moi en tout cas, des fonctionnalités que n'a pas Fileseeker. Par contre, j'ai désinstallé Ad-Aware, Google Toolbar (j'étais habitué à la voir, c'est tout!), j'ai gardé Malwarebytes' Anti-Malware. Pour la RAM, c'est juste une question d'opportunité, parce que je dois changer carrément de machine dès que je serai prêt (j'ai un P4 1.7 Mhz, qui m'a rendu de bons et loyaux services quand même!) pour opter au moins pour un bon Core 2 Duo à 2 Go de RAM, et tutti quanti! NB.: Au sujet de Google, non seulemnt j'ai lu les conditions d'utilisation, mais je me rappelle encore de ce documentaire intitulé "Faut-il avoir peur de Google?" A-t-on vraiment les moyens, individuellement parlant, de s'extirper des griffes des monstres de la pub (ou du renseignement, ce qui revient au même) ? Mais ceci est un autre débat.

Bonjour oGu ! Voilà, opération terminée ! A propos de la panne d'électricité, pas de soucis, fort heureusement. Le scan de Kaspersky s'est longuement déroulé, et le rapport détaillé fait quand même 119 Mo (excuse du peu!). RAS comme tu pourras le constater dans le petit bilan ci-dessous: Analyse du Poste de travail : terminé ------------------------------------- Fichiers Analysés : 1000653 Détectés : 0 Non traités : 0 Lancement : 14/04/2008 07:14:44 Durée : 04:58:17 Fin : 14/04/2008 12:13:01 Statistiques ------------ Objet Analysés Objets dangereux Non traités Supprimés Placés en quarantaine Archives Fichiers compactés Protégés par un mot de passe Corrompus ----- -------- ---------------- ------------ --------- --------------------- -------- ------------------ ---------------------------- --------- Paramètres ---------- Paramètre Valeur --------- ------ Niveau de protection Autre Action Confirmer à la fin de l'analyse Mode de lancement Manuel Types de fichiers Analyser tous les fichiers Analyse uniquement des nouveaux fichiers et des fichiers modifiés Oui Analyse des archives l'ensemble des Analyse des objets OLE joints l'ensemble des Ne pas analyser les archives dont la taille dépasse Non Passer le fichier si l'analyse dure plus de Non Analyse des fichiers au format de messagerie Oui Analyse des archives protégées par un mot de passe Oui Je te transmets également un dernier rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:57:17, on 14/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC- 5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273- 0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA- CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736 \swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232- 0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32 \IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05 \bin\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~2 \NTXcontext.htm O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5- 1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71- 9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29- 0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7 -f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E- 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~2\NTXtoolbar.htm (HKCU) O16 - DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - http://piclens.com/shared/plinstll.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1 \Google\GOOGLE~4\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager- 010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150 \Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 12628 bytes Je pense effectivement que du bon travail a été fait grâce à tes conseils avisés. J'attends la suite de tes recommandations. A+ Lezenete

Bonjour oGu ! J'ai relancé ce matin le scan Kaspersky, mais en mon absence, il y a eu un petit pépin: panne d'électricité! La poisse ! Je vais donc reprendre le scan à zéro, après avoir créé un point de restauration de ma machine et supprimé les anciens points de restauration.

Je t'envoie le résultat de la première partie du rapport de scan de Kaspersky, après près de 6 heures d'analyse. Vu que j'ai quelque chose comme 200 Go d'espace disque à analyser, le scan va durer. Kaspersky offre la possibilité de reprendre ultérieurement l'analyse au point où elle a été interrompue. Je ne peux t'envoyer que cette synthèse, parce que ce premier rapport fait quand même un peu plus de 54 Mo, et je ne suis pas arrivé à le poster. Analyse Kaspersky: Analyse du Poste de travail : interrompue ----------------------------------------- Fichiers Analysés : 356425 Détectés : 5 Non traités : 0 Lancement : 12/04/2008 14:41:23 Durée : 05:58:07 Fin : 12/04/2008 20:39:30 Détectés -------- Etat Objet ---- ----- non trouvé : virus Heur.Invader (modification) Le fichier: C:\System Volume Information\_restore{4F3115E7-D937-4A49-B645-3FD9EBE02920}\RP197\A0051270.exe supprimé : virus Heur.Invader (modification) Le fichier: C:\System Volume Information\_restore{4F3115E7-D937-4A49-B645-3FD9EBE02920}\RP202\A0053826.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe non trouvé : virus Heur.Invader (modification) Le fichier: C:\System Volume Information\_restore{4F3115E7-D937-4A49-B645-3FD9EBE02920}\RP203\A0054133.exe//PE_Patch.UPX/327882R2FWJFW\catchme.cfexe non trouvé : virus Heur.Invader (modification) Le fichier: C:\System Volume Information\_restore{4F3115E7-D937-4A49-B645-3FD9EBE02920}\RP203\A0054134.exe//data.rar/SDFix\catchme.exe non trouvé : virus Heur.Invader (modification) Le fichier: C:\System Volume Information\_restore{4F3115E7-D937-4A49-B645-3FD9EBE02920}\RP203\A0054138.exe ...... Statistiques ------------ Objet Analysés Objets dangereux Non traités Supprimés Placés en quarantaine Archives Fichiers compactés Protégés par un mot de passe Corrompus ----- -------- ---------------- ------------ --------- --------------------- -------- ------------------ ---------------------------- --------- Tous les objets 355920 5 5 0 0 4026 1123 167 14 Mémoire système 3149 0 0 0 0 1 34 0 0 Objets de démarrage 561 0 0 0 0 0 20 0 0 Dossier de sauvegarde du système 14711 5 5 0 0 164 112 0 0 Boîte aux lettres 764 0 0 0 0 344 0 0 0 Tous les disques durs 336735 0 0 0 0 3517 957 167 14 Tous les disques amovibles 0 0 0 0 0 0 0 0 0 Paramètres ---------- Paramètre Valeur --------- ------ Niveau de protection Autre Action Confirmer à la fin de l'analyse Mode de lancement Manuel Types de fichiers Analyser tous les fichiers Analyse uniquement des nouveaux fichiers et des fichiers modifiés Non Analyse des archives l'ensemble des Analyse des objets OLE joints l'ensemble des Ne pas analyser les archives dont la taille dépasse Non Passer le fichier si l'analyse dure plus de Non Analyse des fichiers au format de messagerie Non Analyse des archives protégées par un mot de passe Non Utiliser la technologie iChecker Oui Utiliser la technologie iSwift Oui Enregistre les informations sur les objets dangereux dans les statistiques de l'application OuiStatistiques ------------ Objet Analysés Objets dangereux Non traités Supprimés Placés en quarantaine Archives Fichiers compactés Protégés par un mot de passe Corrompus ----- -------- ---------------- ------------ --------- --------------------- -------- ------------------ ---------------------------- --------- Tous les objets 355920 5 5 0 0 4026 1123 167 14 Mémoire système 3149 0 0 0 0 1 34 0 0 Objets de démarrage 561 0 0 0 0 0 20 0 0 Dossier de sauvegarde du système 14711 5 5 0 0 164 112 0 0 Boîte aux lettres 764 0 0 0 0 344 0 0 0 Tous les disques durs 336735 0 0 0 0 3517 957 167 14 Tous les disques amovibles 0 0 0 0 0 0 0 0 0 Paramètres ---------- Paramètre Valeur --------- ------ Niveau de protection Autre Action Confirmer à la fin de l'analyse Mode de lancement Manuel Types de fichiers Analyser tous les fichiers Analyse uniquement des nouveaux fichiers et des fichiers modifiés Non Analyse des archives l'ensemble des Analyse des objets OLE joints l'ensemble des Ne pas analyser les archives dont la taille dépasse Non Passer le fichier si l'analyse dure plus de Non Analyse des fichiers au format de messagerie Non Analyse des archives protégées par un mot de passe Non Utiliser la technologie iChecker Oui Utiliser la technologie iSwift Oui Enregistre les informations sur les objets dangereux dans les statistiques de l'application Oui ______________________________ A+

Bonjour, oGu ! Je suis de retour! Voici le premier log de Malwarebytes' Anti-Malware après analyse Malwarebytes' Anti-Malware 1.11 Version de la base de données: 614 Type de recherche: Examen complet (C:\|F:\|G:\|H:\|) Eléments examinés: 197904 Temps écoulé: 2 hour(s), 24 minute(s), 36 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\SYSTEM32\perfs.exe (Trojan.Downloader) -> No action taken. et ici le second après suppression Malwarebytes' Anti-Malware 1.11 Version de la base de données: 614 Type de recherche: Examen complet (C:\|F:\|G:\|H:\|) Eléments examinés: 197904 Temps écoulé: 2 hour(s), 24 minute(s), 36 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\SYSTEM32\perfs.exe (Trojan.Downloader) -> Quarantined and deleted successfully. Voilà. Le temps que je lance mon Kasperky, que j'obtienne les résultats et je te transmetrai le dernier rapport. A+

Bonjour ! Voici le premier rapport Ewido, je posterai le reste au fur et à mesure __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.247realmedia Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@247realmedia[1].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@2o7[1].txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@ad.yieldmanager[2].txt Risk: Medium Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@adrevolver[2].txt Risk: Medium Name: TrackingCookie.Adtech Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@adtech[1].txt Risk: Medium Name: TrackingCookie.Advertising Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@advertising[1].txt Risk: Medium Name: TrackingCookie.Advertising Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@advertising[2].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@aolfr.122.2o7[1].txt Risk: Medium Name: TrackingCookie.Falkag Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@as-eu.falkag[2].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@atdmt[1].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@atdmt[2].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@atdmt[4].txt Risk: Medium Name: TrackingCookie.Bluestreak Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@bluestreak[1].txt Risk: Medium Name: TrackingCookie.Bluestreak Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@bluestreak[2].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@bs.serving-sys[2].txt Risk: Medium Name: TrackingCookie.Burstnet Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@burstnet[2].txt Risk: Medium Name: TrackingCookie.Burstnet Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@burstnet[3].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@doubleclick[1].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@doubleclick[2].txt Risk: Medium Name: TrackingCookie.Fastclick Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@fastclick[2].txt Risk: Medium Name: TrackingCookie.Fastclick Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@fastclick[3].txt Risk: Medium Name: TrackingCookie.Comclick Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@fl01.ct2.comclick[1].txt Risk: Medium Name: TrackingCookie.Comclick Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@fl01.ct2.comclick[3].txt Risk: Medium Name: TrackingCookie.Webtrends Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@m.webtrends[2].txt Risk: Medium Name: TrackingCookie.Webtrends Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@m.webtrends[3].txt Risk: Medium Name: TrackingCookie.Webtrends Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@m.webtrends[4].txt Risk: Medium Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@media.adrevolver[1].txt Risk: Medium Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@media.adrevolver[2].txt Risk: Medium Name: TrackingCookie.Mediaplex Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@mediaplex[1].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@microsoftoffice.112.2o7[1].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@msnportal.112.2o7[1].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@msnservices.112.2o7[1].txt Risk: Medium Name: TrackingCookie.Real Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@realguide.real[2].txt Risk: Medium Name: TrackingCookie.Realmedia Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@realmedia[1].txt Risk: Medium Name: TrackingCookie.Realmedia Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@realmedia[2].txt Risk: Medium Name: TrackingCookie.Real Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@real[1].txt Risk: Medium Name: TrackingCookie.Real Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@real[3].txt Risk: Medium Name: TrackingCookie.Revsci Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@revsci[2].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@serving-sys[2].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@serving-sys[3].txt Risk: Medium Name: TrackingCookie.Skype Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@site.skype[1].txt Risk: Medium Name: TrackingCookie.Skype Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@skype[1].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@smartadserver[2].txt Risk: Medium Name: TrackingCookie.Smartadserver Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@smartadserver[3].txt Risk: Medium Name: TrackingCookie.Netflame Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@ssl-hints.netflame[1].txt Risk: Medium Name: TrackingCookie.Netflame Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@ssl-hints.netflame[2].txt Risk: Medium Name: TrackingCookie.Statcounter Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@statcounter[1].txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@tradedoubler[1].txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@tribalfusion[1].txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@tribalfusion[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@weborama[1].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@weborama[2].txt Risk: Medium Name: TrackingCookie.Weborama Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@weborama[4].txt Risk: Medium Name: TrackingCookie.Zedo Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@zedo[2].txt Risk: Medium Name: TrackingCookie.Zedo Path: C:\Documents and Settings\Tayeb Kial\Cookies\tayeb_kial@zedo[3].txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.23:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.24:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.25:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.26:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.40:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adviva Path: :mozilla.41:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.42:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.43:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.44:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Atdmt Path: :mozilla.54:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.59:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.60:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.61:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.62:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.63:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.64:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.65:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.79:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.80:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.81:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.100:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.101:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.102:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.103:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.104:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.105:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Bluestreak Path: :mozilla.110:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.112:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.113:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Euroclick Path: :mozilla.114:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.120:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.121:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.122:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.123:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.124:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.126:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.127:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.128:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.129:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adtech Path: :mozilla.134:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.145:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.146:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.147:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.148:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.149:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.150:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.151:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.152:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adrevolver Path: :mozilla.153:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.156:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.157:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.158:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.159:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.160:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.161:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.162:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.163:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.164:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.165:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.166:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.170:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.171:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.172:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.173:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Estat Path: :mozilla.236:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.237:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.238:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Comclick Path: :mozilla.239:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.240:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.241:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Fastclick Path: :mozilla.242:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.262:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.263:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.264:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.265:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.271:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.272:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.273:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.276:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.277:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.278:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.279:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.280:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Casalemedia Path: :mozilla.281:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Total-media Path: :mozilla.282:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.294:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.295:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.296:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.297:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Overture Path: :mozilla.298:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Mediaplex Path: :mozilla.307:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.312:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.313:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.314:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.315:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.316:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.317:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.318:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.319:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.357:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.358:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.359:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.360:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.361:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.366:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.247realmedia Path: :mozilla.379:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.415:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.483:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.484:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.485:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Yadro Path: :mozilla.489:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.510:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.511:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.512:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.513:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.537:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.538:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.539:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.540:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.554:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.555:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.556:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.557:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.560:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.561:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.562:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.563:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Clickhype Path: :mozilla.597:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrends Path: :mozilla.651:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrendslive Path: :mozilla.681:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Netflame Path: :mozilla.692:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Netflame Path: :mozilla.693:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.696:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.697:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.698:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.699:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Valuead Path: :mozilla.709:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Valuead Path: :mozilla.710:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Valuead Path: :mozilla.711:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Valuead Path: :mozilla.712:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.735:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.739:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.740:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.741:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.742:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.743:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.744:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.745:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.746:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.752:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.753:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.754:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.755:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.756:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.757:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.758:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.761:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.762:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.763:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Revsci Path: :mozilla.764:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.774:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.775:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.776:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.777:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Questionmarket Path: :mozilla.883:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Questionmarket Path: :mozilla.884:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Trafficmp Path: :mozilla.936:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Trafficmp Path: :mozilla.937:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Trafficmp Path: :mozilla.938:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Trafficmp Path: :mozilla.939:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Trafficmp Path: :mozilla.940:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Tacoda Path: :mozilla.948:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Tacoda Path: :mozilla.949:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Tacoda Path: :mozilla.950:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: TrackingCookie.Planetactive Path: :mozilla.959:C:\Documents and Settings\Tayeb Kial\Application Data\Mozilla\Firefox\Profiles\jpeoqvld.default\cookies.txt Risk: Medium Name: Trojan.KeyLogger.478 Path: F:\Downloads\Astuces\xp_simulation_setup\Tutorial.exe Risk: High Name: Backdoor.IRCBot Path: F:\Downloads\Bureautique\ADOBE Photoshop CS3 Extended FR [en FRANCAIS + KEYGEN ACTIVATION] 100%OK by ROSKA\ADOBE PhotoShop CS3 Extended [Keygen+Activation]\PhotoShop.CS3.Extended.Keygen+Activation.exe Risk: High Name: Downloader.VB.zf Path: G:\Récupération torrents\PES(Pro Evulution Soccer 2008) - Crack no cd.ok!!!!.rar/Crack\pes2008.exe Risk: High Name: Downloader.VB Path: H:\Partage eMule\Incoming_2\Softwares\kaspersky 7 keys (buenas hastaa 11-03-10).rar/KIS.2006\kis.6.0.1.411.fixed.upped.by.magic\Crack.exe Risk: High Name: Backdoor.Tagent.e Path: H:\Partage eMule\Incoming_2\Softwares\Windows.XP.2003.Product.Key.Viewer.Generator.Changer.ShareConnector.rar/MSKey4in1.exe Risk: High Name: Backdoor.Tagent.e Path: H:\Partage eMule\Incoming_2\Softwares\[PC APP - ITA] Microsoft Windows Office Xp 2003 keygens PID changer utils.rar/MSKey4in1.exe Risk: High Name: TrackingCookie.Adtech Path: :mozilla.28:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.61:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.62:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.63:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.66:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Atdmt Path: :mozilla.108:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Estat Path: :mozilla.110:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.276:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.277:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Mediaplex Path: :mozilla.323:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Questionmarket Path: :mozilla.511:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Questionmarket Path: :mozilla.512:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Information Path: :mozilla.513:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrends Path: :mozilla.599:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.629:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.630:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Googleadservices Path: :mozilla.775:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium Name: TrackingCookie.Netflame Path: :mozilla.968:H:\Récupération avant formatage_janvier_2008\Mes_documents\Mozilla\Firefox\Profiles\2ew2qpca.default\cookies.txt Risk: Medium

OK! Le voici: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:27:56, on 10/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~2\NTXcontext.htm O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~2\NTXtoolbar.htm (HKCU) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - http://piclens.com/shared/plinstll.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 13008 bytes

Bonjour! Bien compris. Procédure suivie pas-à-pas. Ci-dessous les deux rapports: Rapport oGu.txt C:\WINDOWS\system32\tmp1_158648709408.bk C:\WINDOWS\system32\tmp1_18560785096.bk C:\WINDOWS\system32\tmp1_251357271340.bk C:\WINDOWS\system32\tmp1_257329516519.bk C:\WINDOWS\system32\tmp1_265531845483.bk C:\WINDOWS\system32\tmp1_277769657030.bk C:\WINDOWS\system32\tmp1_38736132542.bk C:\WINDOWS\system32\tmp1_416378586644.bk C:\WINDOWS\system32\tmp1_444903616507.bk C:\WINDOWS\system32\tmp1_452219660416.bk C:\WINDOWS\system32\tmp1_455225306570.bk C:\WINDOWS\system32\tmp1_484085489860.bk C:\WINDOWS\system32\tmp1_517942249061.bk C:\WINDOWS\system32\tmp1_527954726991.bk C:\WINDOWS\system32\tmp1_556555671038.bk C:\WINDOWS\system32\tmp1_567735252850.bk C:\WINDOWS\system32\tmp1_650144597213.bk C:\WINDOWS\system32\tmp1_727313414163.bk C:\WINDOWS\system32\tmp1_758957713654.bk C:\WINDOWS\system32\tmp1_789625386682.bk C:\WINDOWS\system32\tmp1_823002157963.bk C:\WINDOWS\system32\tmp1_826697618337.bk C:\WINDOWS\system32\tmp1_827197443268.bk C:\WINDOWS\system32\tmp1_880414592092.bk C:\WINDOWS\system32\tmp1_886509499833.bk C:\WINDOWS\system32\tmp2_183069300476.bk C:\WINDOWS\system32\tmp2_530046898202.bk C:\WINDOWS\system32\tmp2_581475326597.bk C:\WINDOWS\system32\tmp2_64901562660.bk C:\WINDOWS\system32\tmp2_712344498361.bk C:\WINDOWS\system32\tmp2_74715919044.bk C:\WINDOWS\system32\tmp2_75174790695.bk C:\WINDOWS\system32\tmp2_7526184808.bk C:\WINDOWS\system32\tmp2_831985152242.bk C:\WINDOWS\system32\tmp2_890858415409.bk C:\WINDOWS\system32\tmp3_147923110791.bk C:\WINDOWS\system32\tmp3_161037891969.bk C:\WINDOWS\system32\tmp3_211559864177.bk C:\WINDOWS\system32\tmp3_220893554394.bk C:\WINDOWS\system32\tmp3_2863448837.bk C:\WINDOWS\system32\tmp3_343606885409.bk C:\WINDOWS\system32\tmp3_35414951043.bk C:\WINDOWS\system32\tmp3_381828139309.bk C:\WINDOWS\system32\tmp3_413293480800.bk C:\WINDOWS\system32\tmp3_418030237760.bk C:\WINDOWS\system32\tmp3_42163424771.bk C:\WINDOWS\system32\tmp3_447235186402.bk C:\WINDOWS\system32\tmp3_553304242943.bk C:\WINDOWS\system32\tmp3_57792421819.bk C:\WINDOWS\system32\tmp3_585687699731.bk C:\WINDOWS\system32\tmp3_614660251222.bk C:\WINDOWS\system32\tmp3_687282149715.bk C:\WINDOWS\system32\tmp3_696335162971.bk C:\WINDOWS\system32\tmp3_73681229456.bk C:\WINDOWS\system32\tmp3_743886804086.bk C:\WINDOWS\system32\tmp3_83756710997.bk C:\WINDOWS\system32\tmp3_865727642400.bk C:\WINDOWS\system32\tmp3_8757184816.bk C:\WINDOWS\system32\tmp3_88328192549.bk C:\WINDOWS\system32\tmp4_103859860857.bk C:\WINDOWS\system32\tmp4_108846594869.bk C:\WINDOWS\system32\tmp4_109125242515.bk C:\WINDOWS\system32\tmp4_128302506874.bk C:\WINDOWS\system32\tmp4_141106833382.bk C:\WINDOWS\system32\tmp4_276647776965.bk C:\WINDOWS\system32\tmp4_36198223327.bk C:\WINDOWS\system32\tmp4_369230770811.bk C:\WINDOWS\system32\tmp4_38089963981.bk C:\WINDOWS\system32\tmp4_416272183013.bk C:\WINDOWS\system32\tmp4_435658807936.bk C:\WINDOWS\system32\tmp4_504291745939.bk C:\WINDOWS\system32\tmp4_526869354221.bk C:\WINDOWS\system32\tmp4_569820795011.bk C:\WINDOWS\system32\tmp4_624338598015.bk C:\WINDOWS\system32\tmp4_661189713955.bk C:\WINDOWS\system32\tmp4_663969617470.bk C:\WINDOWS\system32\tmp4_687213566482.bk C:\WINDOWS\system32\tmp4_711531732826.bk C:\WINDOWS\system32\tmp4_749889781804.bk C:\WINDOWS\system32\tmp4_754580135974.bk C:\WINDOWS\system32\tmp4_817327406294.bk C:\WINDOWS\system32\tmp4_844429348075.bk C:\WINDOWS\system32\tmp4_876286564653.bk =============== Rapport analyse Virustotal Fichier x.exe reçu le 2008.03.21 17:25:17 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.3.20.2 2008.03.21 - AntiVir 7.6.0.75 2008.03.20 - Authentium 4.93.8 2008.03.20 - Avast 4.7.1098.0 2008.03.21 - AVG 7.5.0.516 2008.03.21 - BitDefender 7.2 2008.03.21 - CAT-QuickHeal 9.50 2008.03.20 - ClamAV 0.92.1 2008.03.21 - DrWeb 4.44.0.09170 2008.03.21 - eSafe 7.0.15.0 2008.03.18 - eTrust-Vet 31.3.5631 2008.03.21 - Ewido 4.0 2008.03.21 - F-Prot 4.4.2.54 2008.03.20 - F-Secure 6.70.13260.0 2008.03.21 - FileAdvisor 1 2008.03.21 - Fortinet 3.14.0.0 2008.03.21 - Ikarus T3.1.1.20 2008.03.21 - Kaspersky 7.0.0.125 2008.03.21 - McAfee 5257 2008.03.21 - Microsoft 1.3301 2008.03.21 - NOD32v2 2966 2008.03.21 - Norman 5.80.02 2008.03.20 - Panda 9.0.0.4 2008.03.20 - Prevx1 V2 2008.03.21 - Rising 20.36.42.00 2008.03.21 - Sophos 4.27.0 2008.03.21 - Sunbelt 3.0.978.0 2008.03.18 - Symantec 10 2008.03.21 - TheHacker 6.2.92.250 2008.03.19 - VBA32 3.12.6.3 2008.03.21 - VirusBuster 4.3.26:9 2008.03.20 - Webwasher-Gateway 6.6.2 2008.03.21 - Information additionnelle File size: 30615 bytes MD5: d46454f584619e3f4580082132306750 SHA1: da597fa8f962ab16aae97fcd81fc871a1df4e672 PEiD: Armadillo v1.71 Je dispose de Kaspersky Internet Security 7.0.1.325, avec MAJ automatique, qui a une fonction anti-rootkit. Je ne connais ni RootKit Revealer, ni XoftWare. Je suis évidemment d'accord pour recevoir tes précieux conseils, et je t'en remercie vivement.

Voilà ! J'ai repris la procédure avec le ComboFix corrigé et le script que tu m'as fourni. Toute l'opération s'est bien déroulée, sauf que mon ordi n'a pas redémarré. J'ai donc redémarré manuellement. Je te transmets le ComboFix.txt ComboFix 08-04-08.4 - Tayeb Kial 2008-04-08 19:13:07.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.182 [GMT 1:00] Endroit: C:\Documents and Settings\Tayeb Kial\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Tayeb Kial\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\SYSTEM32\tmp1_114997137551.bk C:\WINDOWS\SYSTEM32\tmp1_178302103124.bk C:\WINDOWS\SYSTEM32\tmp1_187507355969.bk C:\WINDOWS\SYSTEM32\tmp1_18937758603.bk C:\WINDOWS\SYSTEM32\tmp1_211318448596.bk C:\WINDOWS\SYSTEM32\tmp1_25683111992.bk C:\WINDOWS\SYSTEM32\tmp1_257058784084.bk C:\WINDOWS\SYSTEM32\tmp1_28748618282.bk C:\WINDOWS\SYSTEM32\tmp1_288507141139.bk C:\WINDOWS\SYSTEM32\tmp1_30509727084.bk C:\WINDOWS\SYSTEM32\tmp1_336442584256.bk C:\WINDOWS\SYSTEM32\tmp1_411430568496.bk C:\WINDOWS\SYSTEM32\tmp1_427952305632.bk C:\WINDOWS\SYSTEM32\tmp1_447092424358.bk C:\WINDOWS\SYSTEM32\tmp1_59398535479.bk C:\WINDOWS\SYSTEM32\tmp1_630924362952.bk C:\WINDOWS\SYSTEM32\tmp1_648367137115.bk C:\WINDOWS\SYSTEM32\tmp1_675286187107.bk C:\WINDOWS\SYSTEM32\tmp1_70012369644.bk C:\WINDOWS\SYSTEM32\tmp1_721337705317.bk C:\WINDOWS\SYSTEM32\tmp1_793205599317.bk C:\WINDOWS\SYSTEM32\tmp1_885018786007.bk C:\WINDOWS\SYSTEM32\tmp1_95965134138.bk C:\WINDOWS\SYSTEM32\tmp3_110794294058.bk C:\WINDOWS\SYSTEM32\tmp3_118881220264.bk C:\WINDOWS\SYSTEM32\tmp3_131020193602.bk C:\WINDOWS\SYSTEM32\tmp3_137787682836.bk C:\WINDOWS\SYSTEM32\tmp3_149374606393.bk C:\WINDOWS\SYSTEM32\tmp3_233545185404.bk C:\WINDOWS\SYSTEM32\tmp3_303101315291.bk C:\WINDOWS\SYSTEM32\tmp3_36742170870.bk C:\WINDOWS\SYSTEM32\tmp3_396402278405.bk C:\WINDOWS\SYSTEM32\tmp3_447626540201.bk C:\WINDOWS\SYSTEM32\tmp3_463267665855.bk C:\WINDOWS\SYSTEM32\tmp3_49367054688.bk C:\WINDOWS\SYSTEM32\tmp3_532564549123.bk C:\WINDOWS\SYSTEM32\tmp3_59737617725.bk C:\WINDOWS\SYSTEM32\tmp3_59937537474.bk C:\WINDOWS\SYSTEM32\tmp3_683749511499.bk C:\WINDOWS\SYSTEM32\tmp3_70965841955.bk C:\WINDOWS\SYSTEM32\tmp3_761505311931.bk C:\WINDOWS\SYSTEM32\tmp3_764277312808.bk C:\WINDOWS\SYSTEM32\tmp3_79672423026.bk C:\WINDOWS\SYSTEM32\tmp3_801150426918.bk C:\WINDOWS\SYSTEM32\tmp3_808144884914.bk C:\WINDOWS\SYSTEM32\tmp3_834703804984.bk C:\WINDOWS\SYSTEM32\tmp3_860155714422.bk C:\WINDOWS\SYSTEM32\tmp4_146070161670.bk C:\WINDOWS\SYSTEM32\tmp4_155577209506.bk C:\WINDOWS\SYSTEM32\tmp4_156781293923.bk C:\WINDOWS\SYSTEM32\tmp4_17270290914.bk C:\WINDOWS\SYSTEM32\tmp4_249061599661.bk C:\WINDOWS\SYSTEM32\tmp4_276870672018.bk C:\WINDOWS\SYSTEM32\tmp4_30267137476.bk C:\WINDOWS\SYSTEM32\tmp4_350914650704.bk C:\WINDOWS\SYSTEM32\tmp4_372947415371.bk C:\WINDOWS\SYSTEM32\tmp4_509526875468.bk C:\WINDOWS\SYSTEM32\tmp4_564246214939.bk C:\WINDOWS\SYSTEM32\tmp4_583944874536.bk C:\WINDOWS\SYSTEM32\tmp4_637320581041.bk C:\WINDOWS\SYSTEM32\tmp4_65621496225.bk C:\WINDOWS\SYSTEM32\tmp4_735658523992.bk C:\WINDOWS\SYSTEM32\tmp4_745256247378.bk C:\WINDOWS\SYSTEM32\tmp4_80257417953.bk C:\WINDOWS\SYSTEM32\tmp4_806260631631.bk C:\WINDOWS\SYSTEM32\tmp4_82194941810.bk C:\WINDOWS\SYSTEM32\tmp4_824088805909.bk C:\WINDOWS\SYSTEM32\tmp4_824188621205.bk C:\WINDOWS\SYSTEM32\tmp4_826115281247.bk C:\WINDOWS\SYSTEM32\tmp4_95658718601.bk . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\SYSTEM32\tmp1_114997137551.bk C:\WINDOWS\SYSTEM32\tmp1_178302103124.bk C:\WINDOWS\SYSTEM32\tmp1_187507355969.bk C:\WINDOWS\SYSTEM32\tmp1_18937758603.bk C:\WINDOWS\SYSTEM32\tmp1_211318448596.bk C:\WINDOWS\SYSTEM32\tmp1_25683111992.bk C:\WINDOWS\SYSTEM32\tmp1_257058784084.bk C:\WINDOWS\SYSTEM32\tmp1_28748618282.bk C:\WINDOWS\SYSTEM32\tmp1_288507141139.bk C:\WINDOWS\SYSTEM32\tmp1_30509727084.bk C:\WINDOWS\SYSTEM32\tmp1_336442584256.bk C:\WINDOWS\SYSTEM32\tmp1_411430568496.bk C:\WINDOWS\SYSTEM32\tmp1_427952305632.bk C:\WINDOWS\SYSTEM32\tmp1_447092424358.bk C:\WINDOWS\SYSTEM32\tmp1_59398535479.bk C:\WINDOWS\SYSTEM32\tmp1_630924362952.bk C:\WINDOWS\SYSTEM32\tmp1_648367137115.bk C:\WINDOWS\SYSTEM32\tmp1_675286187107.bk C:\WINDOWS\SYSTEM32\tmp1_70012369644.bk C:\WINDOWS\SYSTEM32\tmp1_721337705317.bk C:\WINDOWS\SYSTEM32\tmp1_793205599317.bk C:\WINDOWS\SYSTEM32\tmp1_885018786007.bk C:\WINDOWS\SYSTEM32\tmp1_95965134138.bk C:\WINDOWS\SYSTEM32\tmp3_110794294058.bk C:\WINDOWS\SYSTEM32\tmp3_118881220264.bk C:\WINDOWS\SYSTEM32\tmp3_131020193602.bk C:\WINDOWS\SYSTEM32\tmp3_137787682836.bk C:\WINDOWS\SYSTEM32\tmp3_149374606393.bk C:\WINDOWS\SYSTEM32\tmp3_233545185404.bk C:\WINDOWS\SYSTEM32\tmp3_303101315291.bk C:\WINDOWS\SYSTEM32\tmp3_36742170870.bk C:\WINDOWS\SYSTEM32\tmp3_396402278405.bk C:\WINDOWS\SYSTEM32\tmp3_447626540201.bk C:\WINDOWS\SYSTEM32\tmp3_463267665855.bk C:\WINDOWS\SYSTEM32\tmp3_49367054688.bk C:\WINDOWS\SYSTEM32\tmp3_532564549123.bk C:\WINDOWS\SYSTEM32\tmp3_59737617725.bk C:\WINDOWS\SYSTEM32\tmp3_59937537474.bk C:\WINDOWS\SYSTEM32\tmp3_683749511499.bk C:\WINDOWS\SYSTEM32\tmp3_70965841955.bk C:\WINDOWS\SYSTEM32\tmp3_761505311931.bk C:\WINDOWS\SYSTEM32\tmp3_764277312808.bk C:\WINDOWS\SYSTEM32\tmp3_79672423026.bk C:\WINDOWS\SYSTEM32\tmp3_801150426918.bk C:\WINDOWS\SYSTEM32\tmp3_808144884914.bk C:\WINDOWS\SYSTEM32\tmp3_834703804984.bk C:\WINDOWS\SYSTEM32\tmp3_860155714422.bk C:\WINDOWS\SYSTEM32\tmp4_146070161670.bk C:\WINDOWS\SYSTEM32\tmp4_155577209506.bk C:\WINDOWS\SYSTEM32\tmp4_156781293923.bk C:\WINDOWS\SYSTEM32\tmp4_17270290914.bk C:\WINDOWS\SYSTEM32\tmp4_249061599661.bk C:\WINDOWS\SYSTEM32\tmp4_276870672018.bk C:\WINDOWS\SYSTEM32\tmp4_30267137476.bk C:\WINDOWS\SYSTEM32\tmp4_350914650704.bk C:\WINDOWS\SYSTEM32\tmp4_372947415371.bk C:\WINDOWS\SYSTEM32\tmp4_509526875468.bk C:\WINDOWS\SYSTEM32\tmp4_564246214939.bk C:\WINDOWS\SYSTEM32\tmp4_583944874536.bk C:\WINDOWS\SYSTEM32\tmp4_637320581041.bk C:\WINDOWS\SYSTEM32\tmp4_65621496225.bk C:\WINDOWS\SYSTEM32\tmp4_735658523992.bk C:\WINDOWS\SYSTEM32\tmp4_745256247378.bk C:\WINDOWS\SYSTEM32\tmp4_80257417953.bk C:\WINDOWS\SYSTEM32\tmp4_806260631631.bk C:\WINDOWS\SYSTEM32\tmp4_82194941810.bk C:\WINDOWS\SYSTEM32\tmp4_824088805909.bk C:\WINDOWS\SYSTEM32\tmp4_824188621205.bk C:\WINDOWS\SYSTEM32\tmp4_826115281247.bk C:\WINDOWS\SYSTEM32\tmp4_95658718601.bk . ---- Previous Run ------- . C:\WINDOWS\start.exe C:\WINDOWS\system32\andt.sys C:\WINDOWS\system32\Cache C:\WINDOWS\system32\drmgs.sys C:\WINDOWS\system32\Indt2.sys C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\tmp0_10973640611.bk C:\WINDOWS\system32\tmp0_11352513100.bk C:\WINDOWS\system32\tmp0_129996874164.bk C:\WINDOWS\system32\tmp0_161805520065.bk C:\WINDOWS\system32\tmp0_221025442424.bk C:\WINDOWS\system32\tmp0_22533707995.bk C:\WINDOWS\system32\tmp0_23692830454.bk C:\WINDOWS\system32\tmp0_268623535633.bk C:\WINDOWS\system32\tmp0_2914573932.bk C:\WINDOWS\system32\tmp0_295200803334.bk C:\WINDOWS\system32\tmp0_301843580262.bk C:\WINDOWS\system32\tmp0_321736296869.bk C:\WINDOWS\system32\tmp0_327422799158.bk C:\WINDOWS\system32\tmp0_356059733281.bk C:\WINDOWS\system32\tmp0_371951732792.bk C:\WINDOWS\system32\tmp0_405433430904.bk C:\WINDOWS\system32\tmp0_44077855294.bk C:\WINDOWS\system32\tmp0_458102770766.bk C:\WINDOWS\system32\tmp0_469046527836.bk C:\WINDOWS\system32\tmp0_4839455530.bk C:\WINDOWS\system32\tmp0_523480432092.bk C:\WINDOWS\system32\tmp0_52752278242.bk C:\WINDOWS\system32\tmp0_531070211205.bk C:\WINDOWS\system32\tmp0_539171357137.bk C:\WINDOWS\system32\tmp0_549665878553.bk C:\WINDOWS\system32\tmp0_63910052749.bk C:\WINDOWS\system32\tmp0_64402695585.bk C:\WINDOWS\system32\tmp0_6478738111.bk C:\WINDOWS\system32\tmp0_65619124200.bk C:\WINDOWS\system32\tmp0_660595805436.bk C:\WINDOWS\system32\tmp0_672166541307.bk C:\WINDOWS\system32\tmp0_685277437081.bk C:\WINDOWS\system32\tmp0_70447711193.bk C:\WINDOWS\system32\tmp0_711859150679.bk C:\WINDOWS\system32\tmp0_717903699782.bk C:\WINDOWS\system32\tmp0_723888221693.bk C:\WINDOWS\system32\tmp0_754638612059.bk C:\WINDOWS\system32\tmp0_757904434374.bk C:\WINDOWS\system32\tmp0_764245278493.bk C:\WINDOWS\system32\tmp0_769608317540.bk C:\WINDOWS\system32\tmp0_770203223313.bk C:\WINDOWS\system32\tmp0_774678637101.bk C:\WINDOWS\system32\tmp0_793288184284.bk C:\WINDOWS\system32\tmp0_813495449785.bk C:\WINDOWS\system32\tmp0_817646413713.bk C:\WINDOWS\system32\tmp0_826276764906.bk C:\WINDOWS\system32\tmp0_827571791623.bk C:\WINDOWS\system32\tmp0_864411765694.bk C:\WINDOWS\system32\tmp0_875196721190.bk C:\WINDOWS\system32\tmp0_95710411995.bk C:\WINDOWS\Web\default.htt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Legacy_PERFMONS -------\Legacy_ROUTING -------\Service_Iprip -------\Service_perfmons -------\Service_Routing ((((((((((((((((((((((((((((( Fichiers créés 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))))))) . 2008-04-07 16:13 . 2008-04-07 16:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-07 16:13 . 2008-04-07 16:13 1,409 --a------ C:\WINDOWS\QTFont.for 2008-04-06 13:36 . 2008-04-06 13:36 <REP> d-------- C:\Program Files\Trend Micro 2008-04-05 19:52 . 2008-04-05 19:52 <REP> d-------- C:\WINDOWS\ERUNT 2008-04-05 18:47 . 2008-01-08 15:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-04-05 18:47 . 2008-01-08 15:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-04-05 18:47 . 2008-01-08 15:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-04-05 18:47 . 2008-01-08 15:48 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-04-05 18:47 . 2008-01-08 15:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-04-05 18:47 . 2008-01-08 15:48 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-04-05 18:47 . 2008-01-08 15:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-04-05 18:40 . 2008-04-05 18:49 3,258 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2008-04-03 20:50 . 2008-04-03 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-04-03 20:49 . 2008-04-03 20:49 <REP> d-------- C:\Program Files\Articulate 2008-03-27 20:41 . 2008-03-27 20:41 <REP> d-------- C:\Program Files\PicLensIE 2008-03-27 20:35 . 2008-03-27 20:48 <REP> d-------- C:\Program Files\TalkMail 2008-03-23 07:08 . 2008-03-23 07:08 30,615 --a------ C:\Documents and Settings\Tayeb Kial\x.exe 2008-03-22 22:13 . 2008-03-22 22:15 <REP> d-------- C:\Program Files\NeoTracePro 2008-03-22 18:35 . 2008-03-22 18:35 <REP> d-------- C:\Documents and Settings\Tayeb Kial\VisualRoute 2008-03-21 22:01 . 2008-03-22 22:12 <REP> d-------- C:\Program Files\NeoTrace Express 2008-03-21 21:12 . 2008-03-21 21:12 <REP> d-------- C:\Documents and Settings\Tayeb Kial\dsc 2008-03-21 21:11 . 2008-03-22 18:31 <REP> d-------- C:\Documents and Settings\Tayeb Kial\vw 2008-03-21 21:09 . 2008-03-23 07:08 <REP> d-------- C:\Program Files\VisualRoute 2008 2008-03-18 18:37 . 2008-03-18 18:37 <REP> d-------- C:\Program Files\NeroInstall.bak 2008-03-18 17:10 . 2008-03-18 17:10 <REP> d-------- C:\Documents and Settings\Tayeb Kial\.ssh 2008-03-17 17:38 . 2008-03-26 06:48 1,312 --a------ C:\WINDOWS\SYSTEM32\1.tsk 2008-03-16 22:28 . 2008-03-16 22:28 123 --a------ C:\WINDOWS\ODBC.INI 2008-03-16 21:50 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys 2008-03-16 21:50 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbscan.sys 2008-03-16 21:44 . 2008-03-16 21:44 <REP> d-------- C:\Program Files\Hewlett-Packard 2008-03-16 21:44 . 2008-03-16 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard 2008-03-15 22:04 . 2008-03-15 22:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-03-14 19:13 . 2008-03-14 19:13 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_556555671038.bk 2008-03-14 07:42 . 2008-03-14 07:42 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_416272183013.bk 2008-03-14 07:42 . 2008-03-14 07:42 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_57792421819.bk 2008-03-14 07:42 . 2008-03-14 07:42 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_257329516519.bk 2008-03-13 17:46 . 2008-03-13 17:46 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_687213566482.bk 2008-03-13 17:46 . 2008-03-13 17:46 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_161037891969.bk 2008-03-13 17:46 . 2008-03-13 17:46 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_527954726991.bk 2008-03-12 17:42 . 2008-03-12 17:42 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_624338598015.bk 2008-03-12 17:42 . 2008-03-12 17:42 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_211559864177.bk 2008-03-12 17:41 . 2008-03-12 17:41 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_265531845483.bk 2008-03-12 13:34 . 2008-03-12 13:34 <REP> d-------- C:\Program Files\Total Video Converter 2008-03-12 13:34 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\SYSTEM32\comctl32.ocx 2008-03-12 06:13 . 2008-03-12 06:13 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_504291745939.bk 2008-03-12 06:13 . 2008-03-12 06:13 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_2863448837.bk 2008-03-12 06:12 . 2008-03-12 06:12 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_416378586644.bk 2008-03-11 20:34 . 2008-04-03 17:14 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 4 2008-03-11 18:18 . 2008-03-11 18:18 <REP> d-------- C:\Documents and Settings\Tayeb Kial\Application Data\AVS4YOU 2008-03-11 18:18 . 2008-03-11 18:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-03-11 18:16 . 2008-03-13 08:16 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia 2008-03-11 18:16 . 2008-03-13 08:16 <REP> d-------- C:\Program Files\AVS4YOU 2008-03-11 18:08 . 2008-03-11 18:08 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_103859860857.bk 2008-03-11 18:08 . 2008-03-11 18:08 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_413293480800.bk 2008-03-11 18:07 . 2008-03-11 18:07 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_158648709408.bk 2008-03-11 06:37 . 2008-03-11 06:37 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_109125242515.bk 2008-03-11 06:37 . 2008-03-11 06:37 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_743886804086.bk 2008-03-11 06:37 . 2008-03-11 06:37 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_444903616507.bk 2008-03-10 18:11 . 2008-03-10 18:11 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_844429348075.bk 2008-03-10 18:11 . 2008-03-10 18:11 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_381828139309.bk 2008-03-10 18:11 . 2008-03-10 18:11 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_880414592092.bk 2008-03-10 06:43 . 2008-03-10 06:43 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_661189713955.bk 2008-03-10 06:43 . 2008-03-10 06:43 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_83756710997.bk 2008-03-10 06:42 . 2008-03-10 06:42 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_38736132542.bk 2008-03-09 16:30 . 2008-03-09 16:30 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_754580135974.bk 2008-03-09 16:30 . 2008-03-09 16:30 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_614660251222.bk 2008-03-09 16:30 . 2008-03-09 16:30 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_827197443268.bk 2008-03-09 04:59 . 2008-03-09 04:59 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_569820795011.bk 2008-03-09 04:59 . 2008-03-09 04:59 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_42163424771.bk 2008-03-09 04:59 . 2008-03-09 04:59 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_789625386682.bk 2008-03-08 18:24 . 2008-03-08 18:24 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_711531732826.bk 2008-03-08 18:23 . 2008-03-08 18:23 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_8757184816.bk 2008-03-08 18:23 . 2008-03-08 18:23 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_727313414163.bk 2008-03-08 06:54 . 2008-03-08 06:54 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_141106833382.bk 2008-03-08 06:54 . 2008-03-08 06:54 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_35414951043.bk 2008-03-08 06:54 . 2008-03-08 06:54 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_277769657030.bk . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-08 18:18 61,453,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-08 18:17 2,610,976 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-08 18:08 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\uTorrent 2008-04-08 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-08 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-08 15:52 852,596 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-08 15:52 274,724 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-08 07:09 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-04-04 17:36 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-04-04 13:31 --------- d-----w C:\Program Files\Picasa2 2008-04-03 19:50 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-04-02 20:57 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-03-30 11:48 --------- d-----w C:\Program Files\FlashGet 2008-03-28 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-23 20:19 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\skypePM 2008-03-23 20:19 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\Skype 2008-03-23 16:49 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\Apple Computer 2008-03-21 20:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-18 17:30 --------- d-----w C:\Program Files\Fichiers communs\Nero 2008-03-18 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-03-15 19:41 --------- d-----w C:\Program Files\pebuilder3110a 2008-03-15 10:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-03-13 05:14 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-03-06 19:11 --------- d-----w C:\Program Files\Java 2008-03-04 16:20 --------- d-----w C:\Program Files\Microsoft 2008-03-03 21:02 307,968 ----a-w C:\WINDOWS\SYSTEM32\TuneUpDefragService.exe 2008-03-02 20:28 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\dvdcss 2008-03-01 20:03 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\Nero 2008-03-01 19:53 --------- d-----w C:\Program Files\Nero 2008-02-28 17:29 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\Uniblue 2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-02-28 08:25 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\CPS Labs 2008-02-27 12:15 28,416 ----a-w C:\WINDOWS\SYSTEM32\uxtuneup.dll 2008-02-26 15:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-02-26 04:54 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys 2008-02-25 11:40 --------- d-----w C:\Program Files\FlashSpring Pro 3 2008-02-25 11:39 --------- d-----w C:\Program Files\Fichiers communs\CPS Labs Ltd 2008-02-24 16:59 203,776 ----a-w C:\WINDOWS\SYSTEM32\clrviddc.dll 2008-02-24 07:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\authorPOINT Lite 2008-02-21 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-02-18 20:37 --------- d-----w C:\Program Files\Larousse 2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2008-02-18 15:04 95,600 ----a-w C:\WINDOWS\SYSTEM32\NeroCo.dll 2008-02-14 07:10 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3 2008-02-13 21:09 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2 2008-02-12 07:48 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\DonationCoder 2008-02-11 19:11 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-11 19:08 --------- d-----w C:\Program Files\Skype 2008-02-11 19:08 --------- d-----w C:\Program Files\Fichiers communs\Skype 2008-02-11 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-02-08 21:06 --------- d-----w C:\Program Files\RamCal 2008-02-08 17:37 219,664 ----a-w C:\WINDOWS\SYSTEM32\klogon.dll 2008-02-08 17:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat 2008-02-08 16:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-08 07:48 --------- d-----w C:\Program Files\QuickTime 2008-02-08 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-01-12 17:11 90,112 -c--a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll 2008-01-12 17:11 126,976 ----a-w C:\WINDOWS\SYSTEM32\UAService7.exe 2008-01-11 10:35 26,112 -c--a-w C:\WINDOWS\SYSTEM32\idndl.dll 2008-01-11 10:35 24,576 -c--a-w C:\WINDOWS\SYSTEM32\nlsdl.dll 2008-01-11 10:35 23,552 ----a-w C:\WINDOWS\SYSTEM32\normaliz.dll 2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll 2008-01-08 14:15 266 -csha-w C:\Program Files\desktop.ini 2008-01-08 14:15 11,208 -c-ha-w C:\Program Files\folder.htt 2008-01-08 14:06 19,275 -c--a-w C:\WINDOWS\SETVER.EXE . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . - Unable to find file version info. in file. ---- Directory of C:\Documents and Settings\Tayeb Kial\.ssh ---- 2008-03-18 17:10 1137 --a------ C:\Documents and Settings\Tayeb Kial\.ssh\known_hosts ---- Directory of C:\Documents and Settings\Tayeb Kial\dsc ---- 2008-03-22 18:30 4 --a------ C:\Documents and Settings\Tayeb Kial\dsc\dns.txt ---- Directory of C:\Documents and Settings\Tayeb Kial\vw ---- 2008-03-22 18:31 2 --a------ C:\Documents and Settings\Tayeb Kial\vw\tct.bin 2008-03-21 21:12 42 --a------ C:\Documents and Settings\Tayeb Kial\vw\3U1NATYQ44F563FNSY6BQ7N44J33QDD 2008-03-21 21:11 42 --a------ C:\Documents and Settings\Tayeb Kial\vw\DI12FMAVFZL0LG8N40CY2GIL5SUNXSD 2008-03-21 21:11 42 --a------ C:\Documents and Settings\Tayeb Kial\vw\CATM5J0LB9ZTMQXO4PNI4OA9Z5JF4R9 ---- Directory of C:\WINDOWS\SYSTEM32\1.tsk ---- C:\WINDOWS\SYSTEM32\1.tsk\ ((((((((((((((((((((((((((((( snapshot@2008-04-06_14.01.17.51 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 20:34:22 465,472 ----a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll - 2008-04-06 12:58:07 229,979 ----a-w C:\WINDOWS\SYSTEM32\inetsrv\MetaBase.bin + 2008-04-08 15:54:36 229,978 ----a-w C:\WINDOWS\SYSTEM32\inetsrv\MetaBase.bin + 2008-04-08 15:54:36 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_8d0.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}] 2008-03-13 15:24 1662976 --a------ C:\Program Files\PicLensIE\PicLens.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay] @={7D688A77-C613-11D0-999B-00C04FD655E1} [HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}] 2007-10-25 17:43 8516608 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-08 20:44 68856] "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-03-03 09:41 197888] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00 315392] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-12 07:34 29744] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-08 22:33 185896] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21 94208] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-12-07 03:08 124928 C:\WINDOWS\SYSTEM32\advpack.dll] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-08 20:44:52 124400] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) "DisableCAD"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "msacm.alf2cd"= alf2cd.acm "msacm.ac3acm"= AC3ACM.acm "vidc.dvsd"= mcdvd_32.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\French\\setup.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"= "C:\\WINDOWS\\SYSTEM32\\rundll32.exe"= "C:\\WINDOWS\\amcap.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "C:\\WINDOWS\\SYSTEM32\\java.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Groupement homologue Windows "3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 16:09] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-12 07:34] S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-19 16:10] S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-19 16:10] S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-19 16:10] S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-19 16:10] S3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-03 22:02] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-05 19:53:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-08 18:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-04-08 18:06:00 C:\WINDOWS\Tasks\Rappel d'expiration de la désinstallation.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2008-04-08 13:13:19 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C2F7E53A-AAEC-4157-A756-DD54752BAFE3}.job" - C:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-08 19:18:12 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-04-08 19:20:07 ComboFix-quarantined-files.txt 2008-04-08 18:20:01 Pre-Run: 23,021,530,624 octets libres Post-Run: 23,008,923,136 octets libres . 2008-03-13 05:25:35 --- E O F --- et le rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:45:22, on 08/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~2\NTXcontext.htm O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~2\NTXtoolbar.htm (HKCU) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - http://piclens.com/shared/plinstll.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 12823 bytes A+

Le PC est comme à l'arrêt, et aucune trace d'un quelconque fichier ComboFix.txt Je te transmets donc pour analyse un autre rapport Hijackthis ci-dessous, peut-être que tu pourras y déchiffrer quelque chose: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:35, on 2008-04-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~2\NTXcontext.htm O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~2\NTXtoolbar.htm (HKCU) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - http://piclens.com/shared/plinstll.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 12591 bytes Merci pour tout.

Aucun rapport ComboFix.txt. Je recommence donc la procédure. A+

J'ai appliqué la procédure indiquée, mais sans prendre la précaution de désactiver l'antivirus. Rien n'indique qu'il y ait une activité quelconque. Au lancement de ComboFix, il y a eu cette fenêtre bleue pendant 2 ou 3 secondes puis plus rien. Le PC n'a pas redémarré. Faudra-t-il recommencer la procédure ?

Bonjour! Depuis quelques semaines, mon laptop est anormalement ralenti lorsque j'ouvre mon navigateur et mon client de messagerie. J'aimerais savoir s'il n'est pas infecté, et comment faire pour le nettoyer le cas échéant. Ci-dessous, mon rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:47:32, on 06/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D3172FC1-1EA4-49C4-BD5F-5C1950C6166C}: NameServer = 192.168.30.1 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -- End of file - 5821 bytes Merci d'avance !

Je viens de terminer les deux procédures. Je vous transmets ci-dessous les rapports SDFix SDFix: Version 1.167 Run by Tayeb Kial on 06/04/2008 at 13:15 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\TAYEBK~1\Bureau\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\comsa32.sys - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-06 13:24:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 34 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMuleMorphXT" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter" "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\French\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\French\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 7.0" "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player" "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 7.0" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer" "C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\SYSTEM32\\rundll32.exe"="C:\\WINDOWS\\SYSTEM32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application" "C:\\WINDOWS\\amcap.exe"="C:\\WINDOWS\\amcap.exe:*:Enabled:AMCap" "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©" "C:\\WINDOWS\\SYSTEM32\\java.exe"="C:\\WINDOWS\\SYSTEM32\\java.exe:*:Enabled:Java Platform SE binary" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\DOCUME~1\TAYEBK~1\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes : Sat 12 Jan 2008 0 ..SH. --- "C:\WINDOWS\SEA0A6EB8.tmp" Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Fri 4 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe" Tue 4 May 2004 344,064 A..H. --- "C:\WINDOWS\SYSTEM32\msvcr70.dll" Fri 5 Aug 2005 545,000 A..H. --- "C:\WINDOWS\SYSTEM32\msvcr71d.dll" Wed 9 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 9 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 8 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8f3e004a562e1247e8b254b9e4fee21c\BIT3.tmp" Finished! 1er rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:36:38, on 06/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~2\NTXcontext.htm O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~2\NTXtoolbar.htm (HKCU) O16 - DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - http://piclens.com/shared/plinstll.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 12482 bytes ComboFix ComboFix 08-04-04.1 - Tayeb Kial 2008-04-06 13:48:48.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.192 [GMT 1:00] Endroit: C:\Documents and Settings\Tayeb Kial\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\start.exe C:\WINDOWS\system32\andt.sys C:\WINDOWS\system32\Cache C:\WINDOWS\system32\drmgs.sys C:\WINDOWS\system32\Indt2.sys C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\tmp0_10973640611.bk C:\WINDOWS\system32\tmp0_11352513100.bk C:\WINDOWS\system32\tmp0_129996874164.bk C:\WINDOWS\system32\tmp0_161805520065.bk C:\WINDOWS\system32\tmp0_221025442424.bk C:\WINDOWS\system32\tmp0_22533707995.bk C:\WINDOWS\system32\tmp0_23692830454.bk C:\WINDOWS\system32\tmp0_268623535633.bk C:\WINDOWS\system32\tmp0_2914573932.bk C:\WINDOWS\system32\tmp0_295200803334.bk C:\WINDOWS\system32\tmp0_301843580262.bk C:\WINDOWS\system32\tmp0_321736296869.bk C:\WINDOWS\system32\tmp0_327422799158.bk C:\WINDOWS\system32\tmp0_356059733281.bk C:\WINDOWS\system32\tmp0_371951732792.bk C:\WINDOWS\system32\tmp0_405433430904.bk C:\WINDOWS\system32\tmp0_44077855294.bk C:\WINDOWS\system32\tmp0_458102770766.bk C:\WINDOWS\system32\tmp0_469046527836.bk C:\WINDOWS\system32\tmp0_4839455530.bk C:\WINDOWS\system32\tmp0_523480432092.bk C:\WINDOWS\system32\tmp0_52752278242.bk C:\WINDOWS\system32\tmp0_531070211205.bk C:\WINDOWS\system32\tmp0_539171357137.bk C:\WINDOWS\system32\tmp0_549665878553.bk C:\WINDOWS\system32\tmp0_63910052749.bk C:\WINDOWS\system32\tmp0_64402695585.bk C:\WINDOWS\system32\tmp0_6478738111.bk C:\WINDOWS\system32\tmp0_65619124200.bk C:\WINDOWS\system32\tmp0_660595805436.bk C:\WINDOWS\system32\tmp0_672166541307.bk C:\WINDOWS\system32\tmp0_685277437081.bk C:\WINDOWS\system32\tmp0_70447711193.bk C:\WINDOWS\system32\tmp0_711859150679.bk C:\WINDOWS\system32\tmp0_717903699782.bk C:\WINDOWS\system32\tmp0_723888221693.bk C:\WINDOWS\system32\tmp0_754638612059.bk C:\WINDOWS\system32\tmp0_757904434374.bk C:\WINDOWS\system32\tmp0_764245278493.bk C:\WINDOWS\system32\tmp0_769608317540.bk C:\WINDOWS\system32\tmp0_770203223313.bk C:\WINDOWS\system32\tmp0_774678637101.bk C:\WINDOWS\system32\tmp0_793288184284.bk C:\WINDOWS\system32\tmp0_813495449785.bk C:\WINDOWS\system32\tmp0_817646413713.bk C:\WINDOWS\system32\tmp0_826276764906.bk C:\WINDOWS\system32\tmp0_827571791623.bk C:\WINDOWS\system32\tmp0_864411765694.bk C:\WINDOWS\system32\tmp0_875196721190.bk C:\WINDOWS\system32\tmp0_95710411995.bk C:\WINDOWS\Web\default.htt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Legacy_PERFMONS -------\Legacy_ROUTING -------\Service_Iprip -------\Service_perfmons -------\Service_Routing ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))))))) . 2008-04-06 13:36 . 2008-04-06 13:36 <REP> d-------- C:\Program Files\Trend Micro 2008-04-05 19:52 . 2008-04-05 19:52 <REP> d-------- C:\WINDOWS\ERUNT 2008-04-05 18:47 . 2008-01-08 15:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-04-05 18:47 . 2008-01-08 15:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-04-05 18:47 . 2008-01-08 15:48 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-04-05 18:47 . 2008-01-08 15:48 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-04-05 18:47 . 2008-01-08 15:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-04-05 18:47 . 2008-01-08 15:48 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-04-05 18:47 . 2008-01-08 15:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-04-05 18:40 . 2008-04-05 18:49 3,258 --a------ C:\WINDOWS\SYSTEM32\tmp.reg 2008-04-03 20:50 . 2008-04-03 21:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-04-03 20:49 . 2008-04-03 20:49 <REP> d-------- C:\Program Files\Articulate 2008-03-27 20:41 . 2008-03-27 20:41 <REP> d-------- C:\Program Files\PicLensIE 2008-03-27 20:35 . 2008-03-27 20:48 <REP> d-------- C:\Program Files\TalkMail 2008-03-26 06:43 . 2008-03-26 06:43 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_80257417953.bk 2008-03-26 06:43 . 2008-03-26 06:43 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_233545185404.bk 2008-03-26 06:43 . 2008-03-26 06:43 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_630924362952.bk 2008-03-25 16:44 . 2008-03-25 16:44 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_155577209506.bk 2008-03-25 16:44 . 2008-03-25 16:44 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_808144884914.bk 2008-03-25 16:44 . 2008-03-25 16:44 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_178302103124.bk 2008-03-25 05:14 . 2008-03-25 05:14 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_372947415371.bk 2008-03-25 05:14 . 2008-03-25 05:14 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_396402278405.bk 2008-03-25 05:14 . 2008-03-25 05:14 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_59398535479.bk 2008-03-24 17:26 . 2008-03-24 17:26 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_350914650704.bk 2008-03-24 17:25 . 2008-03-24 17:25 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_137787682836.bk 2008-03-24 17:25 . 2008-03-24 17:25 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_187507355969.bk 2008-03-24 05:54 . 2008-03-24 05:54 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_276870672018.bk 2008-03-24 05:54 . 2008-03-24 05:54 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_59737617725.bk 2008-03-24 05:54 . 2008-03-24 05:54 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_30509727084.bk 2008-03-23 17:32 . 2008-03-23 17:32 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_735658523992.bk 2008-03-23 17:32 . 2008-03-23 17:32 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_860155714422.bk 2008-03-23 17:31 . 2008-03-23 17:31 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_648367137115.bk 2008-03-23 07:08 . 2008-03-23 07:08 30,615 --a------ C:\Documents and Settings\Tayeb Kial\x.exe 2008-03-23 06:02 . 2008-03-23 06:02 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_95658718601.bk 2008-03-23 06:02 . 2008-03-23 06:02 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_131020193602.bk 2008-03-23 06:01 . 2008-03-23 06:01 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_885018786007.bk 2008-03-22 22:13 . 2008-03-22 22:15 <REP> d-------- C:\Program Files\NeoTracePro 2008-03-22 18:35 . 2008-03-22 18:35 <REP> d-------- C:\Documents and Settings\Tayeb Kial\VisualRoute 2008-03-22 18:00 . 2008-03-22 18:00 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_806260631631.bk 2008-03-22 18:00 . 2008-03-22 18:00 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_59937537474.bk 2008-03-22 18:00 . 2008-03-22 18:00 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_18937758603.bk 2008-03-22 06:30 . 2008-03-22 06:30 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_156781293923.bk 2008-03-22 06:30 . 2008-03-22 06:30 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_303101315291.bk 2008-03-22 06:30 . 2008-03-22 06:30 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_95965134138.bk 2008-03-21 22:01 . 2008-03-22 22:12 <REP> d-------- C:\Program Files\NeoTrace Express 2008-03-21 21:12 . 2008-03-21 21:12 <REP> d-------- C:\Documents and Settings\Tayeb Kial\dsc 2008-03-21 21:11 . 2008-03-22 18:31 <REP> d-------- C:\Documents and Settings\Tayeb Kial\vw 2008-03-21 21:09 . 2008-03-23 07:08 <REP> d-------- C:\Program Files\VisualRoute 2008 2008-03-21 11:33 . 2008-03-21 11:33 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_824088805909.bk 2008-03-21 11:32 . 2008-03-21 11:32 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_761505311931.bk 2008-03-21 11:32 . 2008-03-21 11:32 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_70012369644.bk 2008-03-21 00:02 . 2008-03-21 00:02 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_146070161670.bk 2008-03-21 00:02 . 2008-03-21 00:02 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_463267665855.bk 2008-03-21 00:01 . 2008-03-21 00:01 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_793205599317.bk 2008-03-20 18:26 . 2008-03-20 18:26 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_30267137476.bk 2008-03-20 18:26 . 2008-03-20 18:26 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_49367054688.bk 2008-03-20 18:26 . 2008-03-20 18:26 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_288507141139.bk 2008-03-20 06:56 . 2008-03-20 06:56 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_745256247378.bk 2008-03-20 06:56 . 2008-03-20 06:56 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_149374606393.bk 2008-03-20 06:56 . 2008-03-20 06:56 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_427952305632.bk 2008-03-19 18:30 . 2008-03-19 18:30 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_82194941810.bk 2008-03-19 18:30 . 2008-03-19 18:30 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_532564549123.bk 2008-03-19 18:30 . 2008-03-19 18:30 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_411430568496.bk 2008-03-19 07:00 . 2008-03-19 07:00 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_118881220264.bk 2008-03-19 07:00 . 2008-03-19 07:00 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_257058784084.bk 2008-03-18 18:37 . 2008-03-18 18:37 <REP> d-------- C:\Program Files\NeroInstall.bak 2008-03-18 17:42 . 2008-03-18 17:42 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_65621496225.bk 2008-03-18 17:42 . 2008-03-18 17:42 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_70965841955.bk 2008-03-18 17:41 . 2008-03-18 17:41 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_25683111992.bk 2008-03-18 17:10 . 2008-03-18 17:10 <REP> d-------- C:\Documents and Settings\Tayeb Kial\.ssh 2008-03-18 06:12 . 2008-03-18 06:12 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_826115281247.bk 2008-03-18 06:12 . 2008-03-18 06:12 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_447626540201.bk 2008-03-18 06:12 . 2008-03-18 06:12 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_211318448596.bk 2008-03-17 17:38 . 2008-03-26 06:48 1,312 --a------ C:\WINDOWS\SYSTEM32\1.tsk 2008-03-17 17:37 . 2008-03-17 17:37 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_564246214939.bk 2008-03-17 17:37 . 2008-03-17 17:37 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_801150426918.bk 2008-03-17 17:37 . 2008-03-17 17:37 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_721337705317.bk 2008-03-17 06:07 . 2008-03-17 06:07 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_249061599661.bk 2008-03-17 06:06 . 2008-03-17 06:06 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_36742170870.bk 2008-03-17 06:06 . 2008-03-17 06:06 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_114997137551.bk 2008-03-16 22:28 . 2008-03-16 22:28 123 --a------ C:\WINDOWS\ODBC.INI 2008-03-16 21:50 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys 2008-03-16 21:50 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\SYSTEM32\dllcache\usbscan.sys 2008-03-16 21:44 . 2008-03-16 21:44 <REP> d-------- C:\Program Files\Hewlett-Packard 2008-03-16 21:44 . 2008-03-16 21:44 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard 2008-03-16 18:14 . 2008-03-16 18:14 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_17270290914.bk 2008-03-16 18:14 . 2008-03-16 18:14 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_764277312808.bk 2008-03-16 18:14 . 2008-03-16 18:14 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_675286187107.bk 2008-03-16 06:44 . 2008-03-16 06:44 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_637320581041.bk 2008-03-16 06:44 . 2008-03-16 06:44 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_110794294058.bk 2008-03-16 06:43 . 2008-03-16 06:43 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_28748618282.bk 2008-03-15 22:04 . 2008-03-15 22:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-03-15 17:58 . 2008-03-15 17:58 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_824188621205.bk 2008-03-15 17:58 . 2008-03-15 17:58 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_79672423026.bk 2008-03-15 17:57 . 2008-03-15 17:57 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_336442584256.bk 2008-03-15 06:27 . 2008-03-15 06:27 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_583944874536.bk 2008-03-15 06:27 . 2008-03-15 06:27 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_834703804984.bk 2008-03-15 06:27 . 2008-03-15 06:27 68 --a------ C:\WINDOWS\SYSTEM32\tmp1_447092424358.bk 2008-03-14 19:13 . 2008-03-14 19:13 68 --a------ C:\WINDOWS\SYSTEM32\tmp4_509526875468.bk 2008-03-14 19:13 . 2008-03-14 19:13 68 --a------ C:\WINDOWS\SYSTEM32\tmp3_683749511499.bk . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-06 12:58 60,858,144 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-06 12:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-04-06 12:57 2,589,728 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-04-06 12:56 845,324 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-06 12:56 273,044 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-04-05 14:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-04-04 17:36 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-04-04 13:31 --------- d-----w C:\Program Files\Picasa2 2008-04-03 19:50 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-04-02 20:57 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-03-30 11:48 --------- d-----w C:\Program Files\FlashGet 2008-03-28 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-24 05:29 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\uTorrent 2008-03-23 20:19 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\skypePM 2008-03-23 20:19 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\Skype 2008-03-23 16:49 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\Apple Computer 2008-03-21 20:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-18 20:16 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-03-18 17:30 --------- d-----w C:\Program Files\Fichiers communs\Nero 2008-03-18 17:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero 2008-03-15 19:41 --------- d-----w C:\Program Files\pebuilder3110a 2008-03-15 10:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-03-13 05:14 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-03-06 19:11 --------- d-----w C:\Program Files\Java 2008-03-04 16:20 --------- d-----w C:\Program Files\Microsoft 2008-03-02 20:28 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\dvdcss 2008-03-01 20:03 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\Nero 2008-03-01 19:53 --------- d-----w C:\Program Files\Nero 2008-02-28 17:29 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\Uniblue 2008-02-28 16:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2008-02-28 08:25 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\CPS Labs 2008-02-26 15:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2008-02-26 04:54 43,520 ----a-w C:\WINDOWS\system32\drivers\fetnd5bv.sys 2008-02-25 11:40 --------- d-----w C:\Program Files\FlashSpring Pro 3 2008-02-25 11:39 --------- d-----w C:\Program Files\Fichiers communs\CPS Labs Ltd 2008-02-24 07:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\authorPOINT Lite 2008-02-21 12:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-02-18 20:37 --------- d-----w C:\Program Files\Larousse 2008-02-18 15:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2008-02-18 15:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2008-02-14 07:10 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3 2008-02-13 21:09 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2 2008-02-12 07:48 --------- d-----w C:\Documents and Settings\Tayeb Kial\Application Data\DonationCoder 2008-02-11 19:11 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-11 19:08 --------- d-----w C:\Program Files\Skype 2008-02-11 19:08 --------- d-----w C:\Program Files\Fichiers communs\Skype 2008-02-11 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-02-08 21:06 --------- d-----w C:\Program Files\RamCal 2008-02-08 17:35 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat 2008-02-08 16:06 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-02-08 07:48 --------- d-----w C:\Program Files\QuickTime 2008-02-08 07:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-02-07 07:01 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-01-08 14:15 266 -csha-w C:\Program Files\desktop.ini 2008-01-08 14:15 11,208 -c-ha-w C:\Program Files\folder.htt 2008-01-08 14:06 19,275 -c--a-w C:\WINDOWS\SETVER.EXE . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}] 2008-03-13 15:24 1662976 --a------ C:\Program Files\PicLensIE\PicLens.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay] @={7D688A77-C613-11D0-999B-00C04FD655E1} [HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}] 2007-10-25 17:43 8516608 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-08 20:44 68856] "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-03-03 09:41 197888] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00 315392] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-12 07:34 29744] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-08 22:33 185896] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21 94208] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-12-07 03:08 124928 C:\WINDOWS\SYSTEM32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) "DisableCAD"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "msacm.lhacm"= lhacm.acm "vidc.yv12"= yv12vfw.dll "MSVideo8"= VfWWDM32.dll "msacm.alf2cd"= alf2cd.acm "msacm.ac3acm"= AC3ACM.acm "vidc.dvsd"= mcdvd_32.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\French\\setup.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"= "C:\\WINDOWS\\SYSTEM32\\rundll32.exe"= "C:\\WINDOWS\\amcap.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "C:\\WINDOWS\\SYSTEM32\\java.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Groupement homologue Windows "3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 16:09] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-12 07:34] S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-19 16:10] S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-19 16:10] S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-19 16:10] S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-19 16:10] S3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-03 22:02] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-05 19:53:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-06 13:00:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe "2008-04-06 12:06:00 C:\WINDOWS\Tasks\Rappel d'expiration de la désinstallation.job" 2ème rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:23, on 2008-04-06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~2\NTXcontext.htm O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~2\NTXtoolbar.htm (HKCU) O16 - DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - http://piclens.com/shared/plinstll.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 12545 bytes Il me semble que de l'excellent travail a été fait grâce à vos conseils. Merci de me le confirmer, ou de m'indiquer une démarche supplémentaire si vous en appréciez la nécessité. Après mon PC, permettez-moi de vous soumettre un autre rapport sur le laptop qu'utilise mon benjamin... Merci

Bonjour ! J'ai téléchargé SDFIx et ComboFix sur mon bureau. Je voudrais toutefois une confirmation. Est-ce que je dois exécuter les procédures successivement, ou bien ComboFix est une alternative à SDFix. Merci de la diligence de ta réponse.

Merci pour la procédure, que j'ai scrupuleusement suivie. Voici le fichier Report SDFix: Version 1.166 Run by Tayeb Kial on 05/04/2008 at 19:57 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\TAYEBK~1\Bureau\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found C:\WINDOWS\system32\comsa32.sys - Deleted Removing Temp Files ADS Check : Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\comsa32.sys - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-05 20:17:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 34 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMuleMorphXT" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter" "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\French\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\French\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 7.0" "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player" "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"="C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Internet Security 7.0" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer" "C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\SYSTEM32\\rundll32.exe"="C:\\WINDOWS\\SYSTEM32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application" "C:\\WINDOWS\\amcap.exe"="C:\\WINDOWS\\amcap.exe:*:Enabled:AMCap" "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©" "C:\\WINDOWS\\SYSTEM32\\java.exe"="C:\\WINDOWS\\SYSTEM32\\java.exe:*:Enabled:Java Platform SE binary" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\DOCUME~1\TAYEBK~1\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes : Sat 12 Jan 2008 0 ..SH. --- "C:\WINDOWS\SEA0A6EB8.tmp" Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe" Fri 4 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe" Tue 4 May 2004 344,064 A..H. --- "C:\WINDOWS\SYSTEM32\msvcr70.dll" Fri 5 Aug 2005 545,000 A..H. --- "C:\WINDOWS\SYSTEM32\msvcr71d.dll" Wed 9 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 9 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Tue 8 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8f3e004a562e1247e8b254b9e4fee21c\BIT3.tmp" Finished! et dans ce qui suit le nouveau log hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:25:41, on 05/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC- 5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273- 0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA- CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736 \swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232- 0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32 \IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05 \bin\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~2 \NTXcontext.htm O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5- 1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71- 9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29- 0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7 -f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E- 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~2\NTXtoolbar.htm (HKCU) O16 - DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - http://piclens.com/shared/plinstll.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1 \Google\GOOGLE~4\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager- 010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150 \Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 12605 bytes

Bonjour !!!!! Il faut avouer qu'il est difficile, pour quelqu'un qui est presque affolé, de se rappeler des règles élémentaires du savoir-vivre, et de dire autre chose que 'allo, maman, bobo" dans le titre de mon post ! Voilà donc ma préoccupation. Depuis quelques jours, mon vieux PC rame avec ses 512 k de RAM. En utilisant le module Process Manager de TuneUp Utilities, j'ai remarqué, tout débutant que je suis, quelque chose qui m'a paru quelque peu anormal, deux process bien nichés dans Windows\system32: perfs.exe et routing.exe En cherchant sur la toile, j'ai cru comprendre qu'il s'agissait de trojans, responsables de la lenteur de mon PC, et je voudrai m'en débarrasser. J'ai exécuté Hijackthis, mais je suis incapable de déchiffrer quoi que ce soit. Alors, au secours ! Et merci d'avance pour les éclairages!

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:32:11, on 05/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\routing.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\asck.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~2\NTXcontext.htm O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~2\NTXtoolbar.htm (HKCU) O16 - DPF: {79E54B26-46B9-40EF-BFDC-0B1BB0D68897} - http://piclens.com/shared/plinstll.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 13219 bytes

Une fenêtre pop up s'est encore ouverte !! Voici le rapport Logfile of HijackThis v1.99.1 Scan saved at 21:14:11, on 11/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\Explorer.EXE H:\WINDOWS\system32\spoolsv.exe H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe H:\Program Files\Skype\Phone\Skype.exe H:\Program Files\Google\Google Talk\googletalk.exe H:\Program Files\MSN Messenger\MsnMsgr.Exe H:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE H:\WINDOWS\system32\ctfmon.exe H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe H:\Program Files\Bonjour\mDNSResponder.exe H:\WINDOWS\system32\cisvc.exe H:\WINDOWS\system32\inetsrv\inetinfo.exe H:\WINDOWS\system32\tcpsvcs.exe H:\WINDOWS\System32\snmp.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\system32\mqsvc.exe H:\WINDOWS\system32\mqtgsvc.exe H:\Program Files\Skype\Plugin Manager\SkypePM.exe H:\Program Files\MSN Messenger\usnsvc.exe H:\WINDOWS\system32\cidaemon.exe H:\Program Files\Mozilla Firefox\firefox.exe H:\WINDOWS\system32\cidaemon.exe H:\Documents and Settings\Tayeb\Bureau\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing) O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - H:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [PHIME2002ASync] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AVP] "H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [Google Desktop Search] "H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKCU\..\Run: [skype] "H:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [googletalk] "H:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "H:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Windows Live Search - res://H:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: Ouvrir avec ScanSoft PDF Converter 4.0 - res://H:\Program Files\ScanSoft\PDF Converter 4\cnvres_fre.dll /100 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://H:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?4802c9cbe957490680035d211d21a85f O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://H:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?4802c9cbe957490680035d211d21a85f O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - H:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: h:\program files\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177772839338 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - H:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: H:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll H:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: klogon - H:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - H:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - H:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - H:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - H:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe