Aller au contenu

avilug

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    115

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par avilug

  1. avilug
    (i:, j: et k: sont des partitions de mon HD de données, pas des clés usb) oups j'avais zappé la question: NON je n'ai plus aucune alerte d'antivir ! c'est du tout bon, non ? ah si, la mise à jour d'antivir ne fonctionnait plus depuis le 29 mars. J'ai réinstallé antivir et tout a l'air ok.
  2. avilug
    merci encore, Gof . le rapport mbam Malwarebytes' Anti-Malware 1.35 Version de la base de données: 1923 Windows 5.1.2600 Service Pack 3 31/03/2009 17:18:23 mbam-log-2009-03-31 (17-18-23).txt Type de recherche: Examen rapide Eléments examinés: 70784 Temps écoulé: 3 minute(s), 20 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) (nb: le E est bien le hd (différents HD) que je branche.
  3. avilug
    en réfléchissant 2 min, je crois que ma réinfection constante venait ... d'un HD et non pas d'une clé amovible. car le hd, je me souviens l'avoir branché pls fois ces temps ci mais PAS la clé. D'autre part, avant désinfection, il n'y avait pas sur mes clés de fichier autorun. cela se tient-il ? (tu ne m'oublies pas pour l'outil de test, hein ??? c'est que moi, j'ai pas envie de me faire [encore] engueuler par les amis infectés par ma faute...)
  4. avilug
    et le dernier : ComboFix 09-03-29.04 - David 2009-03-30 14:31:40.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1471.1086 [GMT 2:00] Lancé depuis: c:\documents and settings\David\Bureau\DESINFECTION\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\David\Bureau\DESINFECTION\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé FILE :: c:\windows\system32\drivers\xjbdqgl.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\David\Application Data\Search Settings c:\documents and settings\David\Application Data\Search Settings\kb128\temp\ws-14333.log E:\Autorun.inf e:\recycler\Desktop_.ini E:\s39tg.cmd . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 )))))))))))))))))))))))))))))))))))) . 2009-03-30 13:53 . 2009-03-30 13:59 <REP> d-------- C:\Combb 2009-03-29 22:25 . 2009-03-29 22:25 <REP> d--h----- c:\documents and settings\All Users\Application Data\CanonIJScan 2009-03-29 22:22 . 2009-03-29 22:22 <REP> d--h----- c:\windows\system32\CanonIJ Uninstaller Information 2009-03-29 22:22 . 2009-03-29 22:22 <REP> d--h----- c:\program files\CanonBJ 2009-03-29 22:22 . 2008-04-07 16:58 1,339,392 --a------ c:\windows\system32\CNQ4807C.DLL 2009-03-29 22:22 . 2008-04-18 15:51 598,016 --a------ c:\windows\system32\CNQ4807L.DLL 2009-03-29 22:22 . 2007-03-15 16:12 188,416 --a------ c:\windows\system32\CNQ4807O.DLL 2009-03-29 22:22 . 2008-04-07 16:58 98,304 --a------ c:\windows\system32\CNQ4807I.DLL 2009-03-29 19:01 . 2009-03-29 11:58 23,911,893 --a------ C:\ivdf_fusebundle_nt_en.zip 2009-03-29 16:31 . 2009-03-29 22:21 <REP> d-------- c:\program files\Navilog1 2009-03-27 18:24 . 2009-03-27 18:24 <REP> d-------- c:\documents and settings\David\Application Data\Thinstall 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression 2009-03-09 14:03 . 2007-11-07 12:36 <REP> d--h----- c:\documents and settings\Administrateur\Modèles 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d-------- c:\documents and settings\Administrateur\Mes documents 2009-03-09 14:03 . 2007-11-07 14:27 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d-------- c:\documents and settings\Administrateur\Favoris 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d-------- c:\documents and settings\Administrateur\Bureau 2009-03-09 14:03 . 2009-03-09 14:03 <REP> d-------- c:\documents and settings\Administrateur 2009-03-08 21:34 . 2009-03-08 21:34 <REP> d-------- c:\program files\Alcohol Soft 2009-03-08 21:31 . 2009-03-08 21:31 639,224 --a------ c:\windows\system32\drivers\sptd.sys 2009-03-05 20:43 . 2009-03-05 20:43 <REP> d-------- c:\program files\Q-Dir 2009-03-05 20:43 . 2009-03-05 20:44 <REP> d-------- c:\documents and settings\David\Application Data\Q-Dir 2009-03-05 20:43 . 2009-03-08 14:40 4,446 --a------ c:\windows\Q-Dir.ini 2009-02-23 15:41 . 2009-02-23 15:41 <REP> d-------- c:\program files\Fichiers communs\Skype 2009-02-12 21:24 . 2004-03-07 02:03 4,259,840 --a------ C:\VideoOut.avi 2009-02-12 21:12 . 2009-02-12 21:12 <REP> d-------- c:\program files\RADVideo 2009-02-12 00:10 . 2009-02-12 00:10 863,514 --a------ C:\1.bmp 2009-02-07 23:02 . 2009-02-07 23:02 <REP> d-------- c:\program files\QT Lite 2009-02-07 23:02 . 2009-02-07 23:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-07 23:02 . 2008-09-06 16:09 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx 2009-02-07 23:02 . 2008-09-06 16:09 57,344 --a------ c:\windows\system32\QuickTime.qts 2009-02-07 22:56 . 2009-02-07 22:56 <REP> d-------- c:\program files\ProtectDisc Driver Installer 2009-02-07 22:56 . 2009-02-07 22:56 <REP> d-------- c:\documents and settings\David\Application Data\ProtectDisc 2009-02-05 22:28 . 2009-02-05 22:28 <REP> d-------- c:\documents and settings\David\Application Data\pdfforge 2009-02-05 22:11 . 2009-02-05 22:11 <REP> d-------- c:\program files\pdfforge Toolbar 2009-02-05 22:11 . 2009-02-05 22:12 <REP> d-------- c:\program files\PDFCreator 2009-02-05 22:11 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX 2009-02-05 22:11 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll 2009-02-05 22:11 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-29 20:25 --------- d-----w c:\documents and settings\David\Application Data\Canon 2009-03-29 20:23 --------- d-----w c:\program files\Canon 2009-03-27 16:12 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-26 15:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 15:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-15 19:30 --------- d-----w c:\program files\eMule 2009-03-15 14:03 --------- d-----w c:\documents and settings\David\Application Data\TeamViewer 2009-03-13 16:55 --------- d-----w c:\documents and settings\David\Application Data\Skype 2009-03-13 15:54 --------- d-----w c:\documents and settings\David\Application Data\skypePM 2009-03-09 00:39 --------- d-----w c:\documents and settings\David\Application Data\dvdcss 2009-02-23 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-02-23 13:41 --------- d-----r c:\program files\Skype 2009-02-21 21:23 --------- d-----w c:\program files\CDex 2009-02-21 19:38 1,195 ----a-w c:\documents and settings\David\Application Data\SAS7_000.DAT 2009-02-15 19:37 --------- d-----w c:\program files\EDT 2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-01-31 22:57 --------- d-----w c:\program files\UtopiaBOX 2.02 2009-01-30 09:28 --------- d-----w c:\program files\Copernic Desktop Search 2 2009-01-30 09:28 --------- d-----w c:\documents and settings\David\Application Data\Copernic 2009-01-28 01:08 --------- d-----w c:\program files\foxit 2009-01-08 22:14 48,208 ----a-w c:\documents and settings\David\Application Data\GDIPFONTCACHEV1.DAT 2008-12-20 23:29 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-05 06:57 144,896 ----a-w c:\windows\system32\schannel.dll 2008-09-14 13:40 40,559 ----a-w c:\documents and settings\David\Application Data\mdb.bin . ((((((((((((((((((((((((((((( SnapShot_2009-03-30_13.58.20,82 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-30 12:27:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_350.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] 2009-01-30 16:12 650752 --a------ c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752] [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-12-11 1588224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-07 266497] "Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2008-08-07 443116] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2008-08-07 90112] "tsnp2std"="c:\windows\tsnp2std.exe" [2005-09-09 102400] "snp2std"="c:\windows\vsnp2std.exe" [2005-08-16 339968] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256] "VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe] "atwtusb"="atwtusb.exe" [2007-03-20 c:\windows\system32\ATWTUSB.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer] --a------ 2005-02-08 23:06 356352 c:\program files\IE New Window Maximizer\iemaximizer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 17:15 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-16 17:15 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 20:34 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-02-10 17:00 1937408 c:\program files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2009-03-06 23:54 24095528 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-10-25 10:03 210472 c:\program files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2001-10-02 01:42 10752 c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Sun\\SDK\\jdk\\bin\\java.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\David\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "61295:TCP"= 61295:TCP:emule R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-16 28544] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736] S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-08-07 22528] . . ------- Examen supplémentaire ------- . uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\efg79632.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - component: c:\program files\Copernic Desktop Search 2\FirefoxConnector\components\CSPXPCOMBridge.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-30 14:33:19 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1???????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,f7,1b,78,81,41, d6,38,8e,c8,28,51,af,b0,29,a3,98,03,12,57,ac,75,45,07,d9,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,96,51,5b,0e,d9, 00,88,54,71,3b,04,66,8b,46,0d,96,60,f0,13,5c,02,16,bf,c9,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d9,4c,4f,fe,b5, c6,32,49,25,da,ec,7e,55,20,c9,26,3d,25,65,c8,45,89,18,33,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,56,cf,71,a7,58, 63,62,12,3e,1e,9e,e0,57,5a,93,61,e4,0a,46,91,b1,c7,6e,ce,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,75,a5,fd,51,59, 71,47,18,cd,44,cd,b9,a6,33,6c,cd,31,e1,67,f4,fb,29,e7,46,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,50,56,d7,0b,66, 37,22,5b,b0,18,ed,a7,3f,8d,37,a4,a8,3f,1d,67,cd,ec,86,23,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,b2,e1,e1,8a,fd, 28,da,58,31,77,e1,ba,b1,f8,68,02,c5,dc,d1,fe,f1,6d,ae,e7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,07,b5,95,3e,6c, f4,4e,18,83,6c,56,8b,a0,85,96,ab,04,c8,36,25,f9,3b,2d,c2,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,ab,48,39,b3,1e, 58,09,52,51,fa,6e,91,28,9e,14,cc,14,e6,d1,2a,1b,a3,b7,e5,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,a7,a2,3a,76,eb, e8,94,b0,b1,cd,45,5a,a8,c4,f8,b9,75,99,7a,56,b8,85,2f,96,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,22,28,6f,f6,8d, 9e,06,fc,e3,0e,66,d5,eb,bc,2f,6b,61,55,bf,4e,00,0f,0c,d8,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,8e,ca,95,34,bd, bd,3f,74,fa,ea,66,7f,d4,3b,6b,70,2c,39,86,63,58,65,f1,03,6c,43,2d,1e,aa,22,\ . Heure de fin: 2009-03-30 14:35:05 ComboFix-quarantined-files.txt 2009-03-30 12:34:51 ComboFix2.txt 2009-03-30 12:16:42 ComboFix3.txt 2009-03-30 11:59:24 ComboFix4.txt 2009-03-29 14:42:54 Avant-CF: 4 222 447 616 octets libres Après-CF: 4,208,140,288 octets libres 253 --- E O F --- 2009-03-27 15:58:35 (2 hd et 3 clés, au total) merci !
  5. avilug
    bonjour gof ! voici les rapports : ComboFix 09-03-29.02 - David 2009-03-30 14:10:56.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1471.1075 [GMT 2:00] Lancé depuis: c:\documents and settings\David\Bureau\DESINFECTION\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\David\Bureau\DESINFECTION\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé FILE :: c:\windows\system32\drivers\xjbdqgl.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\David\Application Data\Search Settings c:\documents and settings\David\Application Data\Search Settings\kb128\temp\ws-14333.log E:\Autorun.inf e:\recycler\Desktop_.ini E:\s39tg.cmd . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 )))))))))))))))))))))))))))))))))))) . 2009-03-30 13:53 . 2009-03-30 13:59 <REP> d-------- C:\Combb 2009-03-29 22:25 . 2009-03-29 22:25 <REP> d--h----- c:\documents and settings\All Users\Application Data\CanonIJScan 2009-03-29 22:22 . 2009-03-29 22:22 <REP> d--h----- c:\windows\system32\CanonIJ Uninstaller Information 2009-03-29 22:22 . 2009-03-29 22:22 <REP> d--h----- c:\program files\CanonBJ 2009-03-29 22:22 . 2008-04-07 16:58 1,339,392 --a------ c:\windows\system32\CNQ4807C.DLL 2009-03-29 22:22 . 2008-04-18 15:51 598,016 --a------ c:\windows\system32\CNQ4807L.DLL 2009-03-29 22:22 . 2007-03-15 16:12 188,416 --a------ c:\windows\system32\CNQ4807O.DLL 2009-03-29 22:22 . 2008-04-07 16:58 98,304 --a------ c:\windows\system32\CNQ4807I.DLL 2009-03-29 19:01 . 2009-03-29 11:58 23,911,893 --a------ C:\ivdf_fusebundle_nt_en.zip 2009-03-29 16:31 . 2009-03-29 22:21 <REP> d-------- c:\program files\Navilog1 2009-03-27 18:24 . 2009-03-27 18:24 <REP> d-------- c:\documents and settings\David\Application Data\Thinstall 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression 2009-03-09 14:03 . 2007-11-07 12:36 <REP> d--h----- c:\documents and settings\Administrateur\Modèles 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d-------- c:\documents and settings\Administrateur\Mes documents 2009-03-09 14:03 . 2007-11-07 14:27 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d-------- c:\documents and settings\Administrateur\Favoris 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d-------- c:\documents and settings\Administrateur\Bureau 2009-03-09 14:03 . 2009-03-09 14:03 <REP> d-------- c:\documents and settings\Administrateur 2009-03-08 21:34 . 2009-03-08 21:34 <REP> d-------- c:\program files\Alcohol Soft 2009-03-08 21:31 . 2009-03-08 21:31 639,224 --a------ c:\windows\system32\drivers\sptd.sys 2009-03-05 20:43 . 2009-03-05 20:43 <REP> d-------- c:\program files\Q-Dir 2009-03-05 20:43 . 2009-03-05 20:44 <REP> d-------- c:\documents and settings\David\Application Data\Q-Dir 2009-03-05 20:43 . 2009-03-08 14:40 4,446 --a------ c:\windows\Q-Dir.ini 2009-02-23 15:41 . 2009-02-23 15:41 <REP> d-------- c:\program files\Fichiers communs\Skype 2009-02-12 21:24 . 2004-03-07 02:03 4,259,840 --a------ C:\VideoOut.avi 2009-02-12 21:12 . 2009-02-12 21:12 <REP> d-------- c:\program files\RADVideo 2009-02-12 00:10 . 2009-02-12 00:10 863,514 --a------ C:\1.bmp 2009-02-07 23:02 . 2009-02-07 23:02 <REP> d-------- c:\program files\QT Lite 2009-02-07 23:02 . 2009-02-07 23:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-07 23:02 . 2008-09-06 16:09 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx 2009-02-07 23:02 . 2008-09-06 16:09 57,344 --a------ c:\windows\system32\QuickTime.qts 2009-02-07 22:56 . 2009-02-07 22:56 <REP> d-------- c:\program files\ProtectDisc Driver Installer 2009-02-07 22:56 . 2009-02-07 22:56 <REP> d-------- c:\documents and settings\David\Application Data\ProtectDisc 2009-02-05 22:28 . 2009-02-05 22:28 <REP> d-------- c:\documents and settings\David\Application Data\pdfforge 2009-02-05 22:11 . 2009-02-05 22:11 <REP> d-------- c:\program files\pdfforge Toolbar 2009-02-05 22:11 . 2009-02-05 22:12 <REP> d-------- c:\program files\PDFCreator 2009-02-05 22:11 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX 2009-02-05 22:11 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll 2009-02-05 22:11 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-29 20:25 --------- d-----w c:\documents and settings\David\Application Data\Canon 2009-03-29 20:23 --------- d-----w c:\program files\Canon 2009-03-27 16:12 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-26 15:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 15:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-15 19:30 --------- d-----w c:\program files\eMule 2009-03-15 14:03 --------- d-----w c:\documents and settings\David\Application Data\TeamViewer 2009-03-13 16:55 --------- d-----w c:\documents and settings\David\Application Data\Skype 2009-03-13 15:54 --------- d-----w c:\documents and settings\David\Application Data\skypePM 2009-03-09 00:39 --------- d-----w c:\documents and settings\David\Application Data\dvdcss 2009-02-23 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-02-23 13:41 --------- d-----r c:\program files\Skype 2009-02-21 21:23 --------- d-----w c:\program files\CDex 2009-02-21 19:38 1,195 ----a-w c:\documents and settings\David\Application Data\SAS7_000.DAT 2009-02-15 19:37 --------- d-----w c:\program files\EDT 2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-01-31 22:57 --------- d-----w c:\program files\UtopiaBOX 2.02 2009-01-30 09:28 --------- d-----w c:\program files\Copernic Desktop Search 2 2009-01-30 09:28 --------- d-----w c:\documents and settings\David\Application Data\Copernic 2009-01-28 01:08 --------- d-----w c:\program files\foxit 2009-01-08 22:14 48,208 ----a-w c:\documents and settings\David\Application Data\GDIPFONTCACHEV1.DAT 2008-12-20 23:29 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-05 06:57 144,896 ----a-w c:\windows\system32\schannel.dll 2008-09-14 13:40 40,559 ----a-w c:\documents and settings\David\Application Data\mdb.bin . ((((((((((((((((((((((((((((( SnapShot_2009-03-30_13.58.20,82 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-30 12:05:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_21c.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] 2009-01-30 16:12 650752 --a------ c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752] [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-12-11 1588224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-07 266497] "Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2008-08-07 443116] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2008-08-07 90112] "tsnp2std"="c:\windows\tsnp2std.exe" [2005-09-09 102400] "snp2std"="c:\windows\vsnp2std.exe" [2005-08-16 339968] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256] "VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe] "atwtusb"="atwtusb.exe" [2007-03-20 c:\windows\system32\ATWTUSB.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer] --a------ 2005-02-08 23:06 356352 c:\program files\IE New Window Maximizer\iemaximizer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 17:15 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-16 17:15 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 20:34 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-02-10 17:00 1937408 c:\program files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2009-03-06 23:54 24095528 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-10-25 10:03 210472 c:\program files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2001-10-02 01:42 10752 c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Sun\\SDK\\jdk\\bin\\java.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\David\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "61295:TCP"= 61295:TCP:emule R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-16 28544] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736] S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-08-07 22528] . . ------- Examen supplémentaire ------- . uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\efg79632.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - component: c:\program files\Copernic Desktop Search 2\FirefoxConnector\components\CSPXPCOMBridge.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-30 14:13:56 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1???????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,f7,1b,78,81,41, d6,38,8e,c8,28,51,af,b0,29,a3,98,03,12,57,ac,75,45,07,d9,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,96,51,5b,0e,d9, 00,88,54,71,3b,04,66,8b,46,0d,96,60,f0,13,5c,02,16,bf,c9,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d9,4c,4f,fe,b5, c6,32,49,25,da,ec,7e,55,20,c9,26,3d,25,65,c8,45,89,18,33,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,56,cf,71,a7,58, 63,62,12,3e,1e,9e,e0,57,5a,93,61,e4,0a,46,91,b1,c7,6e,ce,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,75,a5,fd,51,59, 71,47,18,cd,44,cd,b9,a6,33,6c,cd,31,e1,67,f4,fb,29,e7,46,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,50,56,d7,0b,66, 37,22,5b,b0,18,ed,a7,3f,8d,37,a4,a8,3f,1d,67,cd,ec,86,23,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,b2,e1,e1,8a,fd, 28,da,58,31,77,e1,ba,b1,f8,68,02,c5,dc,d1,fe,f1,6d,ae,e7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,07,b5,95,3e,6c, f4,4e,18,83,6c,56,8b,a0,85,96,ab,04,c8,36,25,f9,3b,2d,c2,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,ab,48,39,b3,1e, 58,09,52,51,fa,6e,91,28,9e,14,cc,14,e6,d1,2a,1b,a3,b7,e5,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,a7,a2,3a,76,eb, e8,94,b0,b1,cd,45,5a,a8,c4,f8,b9,75,99,7a,56,b8,85,2f,96,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,22,28,6f,f6,8d, 9e,06,fc,e3,0e,66,d5,eb,bc,2f,6b,61,55,bf,4e,00,0f,0c,d8,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,8e,ca,95,34,bd, bd,3f,74,fa,ea,66,7f,d4,3b,6b,70,2c,39,86,63,58,65,f1,03,6c,43,2d,1e,aa,22,\ . Heure de fin: 2009-03-30 14:16:40 ComboFix-quarantined-files.txt 2009-03-30 12:16:10 ComboFix2.txt 2009-03-30 11:59:24 ComboFix3.txt 2009-03-29 14:42:54 Avant-CF: 4 252 831 744 octets libres Après-CF: 4,239,486,976 octets libres 252 --- E O F --- 2009-03-27 15:58:35 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ComboFix 09-03-29.02 - David 2009-03-30 13:54:57.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1471.1094 [GMT 2:00] Lancé depuis: c:\documents and settings\David\Bureau\DESINFECTION\Combb.exe Commutateurs utilisés :: c:\documents and settings\David\Bureau\DESINFECTION\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé FILE :: c:\windows\system32\drivers\xjbdqgl.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\David\Application Data\Search Settings c:\documents and settings\David\Application Data\Search Settings\kb128\temp\ws-14330.log c:\program files\AskBarDis c:\program files\AskBarDis\bar\bin\askBar.dll c:\program files\AskBarDis\bar\bin\askPopStp.dll c:\program files\AskBarDis\bar\bin\psvince.dll c:\program files\AskBarDis\bar\Cache\0A3D4DE4 c:\program files\AskBarDis\bar\Cache\0A3D52C6.bin c:\program files\AskBarDis\bar\Cache\0A3D5547.bin c:\program files\AskBarDis\bar\Cache\0A3D58A2.bin c:\program files\AskBarDis\bar\Cache\0A3D5AA6.bin c:\program files\AskBarDis\bar\Cache\0A3D5D36.bin c:\program files\AskBarDis\bar\Cache\0A3D5EEC.bin c:\program files\AskBarDis\bar\Cache\0A3D6072.bin c:\program files\AskBarDis\bar\Cache\0A3D6276.bin c:\program files\AskBarDis\bar\Cache\0A3D64C8.bin c:\program files\AskBarDis\bar\Cache\0A3D6748.bin c:\program files\AskBarDis\bar\Cache\files.ini c:\program files\AskBarDis\bar\History\search c:\program files\AskBarDis\bar\Settings\config.dat c:\program files\AskBarDis\bar\Settings\config.dat.bak c:\program files\AskBarDis\bar\Settings\prevcfg.htm c:\program files\AskBarDis\bar\Settings\prevCfg2.htm c:\program files\AskBarDis\PopSwatter\History\notallow c:\program files\AskBarDis\unins000.dat c:\program files\AskBarDis\unins000.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 )))))))))))))))))))))))))))))))))))) . 2009-03-29 22:25 . 2009-03-29 22:25 <REP> d--h----- c:\documents and settings\All Users\Application Data\CanonIJScan 2009-03-29 22:22 . 2009-03-29 22:22 <REP> d--h----- c:\windows\system32\CanonIJ Uninstaller Information 2009-03-29 22:22 . 2009-03-29 22:22 <REP> d--h----- c:\program files\CanonBJ 2009-03-29 22:22 . 2008-04-07 16:58 1,339,392 --a------ c:\windows\system32\CNQ4807C.DLL 2009-03-29 22:22 . 2008-04-18 15:51 598,016 --a------ c:\windows\system32\CNQ4807L.DLL 2009-03-29 22:22 . 2007-03-15 16:12 188,416 --a------ c:\windows\system32\CNQ4807O.DLL 2009-03-29 22:22 . 2008-04-07 16:58 98,304 --a------ c:\windows\system32\CNQ4807I.DLL 2009-03-29 19:01 . 2009-03-29 11:58 23,911,893 --a------ C:\ivdf_fusebundle_nt_en.zip 2009-03-29 16:31 . 2009-03-29 22:21 <REP> d-------- c:\program files\Navilog1 2009-03-27 18:24 . 2009-03-27 18:24 <REP> d-------- c:\documents and settings\David\Application Data\Thinstall 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression 2009-03-09 14:03 . 2007-11-07 12:36 <REP> d--h----- c:\documents and settings\Administrateur\Modèles 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d-------- c:\documents and settings\Administrateur\Mes documents 2009-03-09 14:03 . 2007-11-07 14:27 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d-------- c:\documents and settings\Administrateur\Favoris 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d-------- c:\documents and settings\Administrateur\Bureau 2009-03-09 14:03 . 2009-03-09 14:03 <REP> d-------- c:\documents and settings\Administrateur 2009-03-08 21:34 . 2009-03-08 21:34 <REP> d-------- c:\program files\Alcohol Soft 2009-03-08 21:31 . 2009-03-08 21:31 639,224 --a------ c:\windows\system32\drivers\sptd.sys 2009-03-05 20:43 . 2009-03-05 20:43 <REP> d-------- c:\program files\Q-Dir 2009-03-05 20:43 . 2009-03-05 20:44 <REP> d-------- c:\documents and settings\David\Application Data\Q-Dir 2009-03-05 20:43 . 2009-03-08 14:40 4,446 --a------ c:\windows\Q-Dir.ini 2009-02-23 15:41 . 2009-02-23 15:41 <REP> d-------- c:\program files\Fichiers communs\Skype 2009-02-12 21:24 . 2004-03-07 02:03 4,259,840 --a------ C:\VideoOut.avi 2009-02-12 21:12 . 2009-02-12 21:12 <REP> d-------- c:\program files\RADVideo 2009-02-12 00:10 . 2009-02-12 00:10 863,514 --a------ C:\1.bmp 2009-02-07 23:02 . 2009-02-07 23:02 <REP> d-------- c:\program files\QT Lite 2009-02-07 23:02 . 2009-02-07 23:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-07 23:02 . 2008-09-06 16:09 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx 2009-02-07 23:02 . 2008-09-06 16:09 57,344 --a------ c:\windows\system32\QuickTime.qts 2009-02-07 22:56 . 2009-02-07 22:56 <REP> d-------- c:\program files\ProtectDisc Driver Installer 2009-02-07 22:56 . 2009-02-07 22:56 <REP> d-------- c:\documents and settings\David\Application Data\ProtectDisc 2009-02-05 22:28 . 2009-02-05 22:28 <REP> d-------- c:\documents and settings\David\Application Data\pdfforge 2009-02-05 22:11 . 2009-02-05 22:11 <REP> d-------- c:\program files\pdfforge Toolbar 2009-02-05 22:11 . 2009-02-05 22:12 <REP> d-------- c:\program files\PDFCreator 2009-02-05 22:11 . 1998-06-24 01:00 137,000 --a------ c:\windows\system32\MSMAPI32.OCX 2009-02-05 22:11 . 2001-10-28 17:42 116,224 --a------ c:\windows\system32\pdfcmnnt.dll 2009-02-05 22:11 . 1998-07-06 01:00 23,552 --a------ c:\windows\system32\MSMPIDE.DLL . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-29 20:25 --------- d-----w c:\documents and settings\David\Application Data\Canon 2009-03-29 20:23 --------- d-----w c:\program files\Canon 2009-03-27 16:12 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-26 15:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 15:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-15 19:30 --------- d-----w c:\program files\eMule 2009-03-15 14:03 --------- d-----w c:\documents and settings\David\Application Data\TeamViewer 2009-03-13 16:55 --------- d-----w c:\documents and settings\David\Application Data\Skype 2009-03-13 15:54 --------- d-----w c:\documents and settings\David\Application Data\skypePM 2009-03-09 00:39 --------- d-----w c:\documents and settings\David\Application Data\dvdcss 2009-02-23 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-02-23 13:41 --------- d-----r c:\program files\Skype 2009-02-21 21:23 --------- d-----w c:\program files\CDex 2009-02-21 19:38 1,195 ----a-w c:\documents and settings\David\Application Data\SAS7_000.DAT 2009-02-15 19:37 --------- d-----w c:\program files\EDT 2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-01-31 22:57 --------- d-----w c:\program files\UtopiaBOX 2.02 2009-01-30 09:28 --------- d-----w c:\program files\Copernic Desktop Search 2 2009-01-30 09:28 --------- d-----w c:\documents and settings\David\Application Data\Copernic 2009-01-28 01:08 --------- d-----w c:\program files\foxit 2009-01-08 22:14 48,208 ----a-w c:\documents and settings\David\Application Data\GDIPFONTCACHEV1.DAT 2008-12-20 23:29 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-05 06:57 144,896 ----a-w c:\windows\system32\schannel.dll 2008-09-14 13:40 40,559 ----a-w c:\documents and settings\David\Application Data\mdb.bin . ((((((((((((((((((((((((((((( SnapShot@2009-03-29_16.41.26,75 ))))))))))))))))))))))))))))))))))))))))) . + 2008-02-14 12:07:30 590,680 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\DelDrv.exe + 2008-02-11 10:25:24 49,664 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstAR.dll + 2008-02-03 16:30:12 49,664 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstCN.dll + 2008-02-11 10:25:26 50,688 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstCZ.dll + 2008-02-11 10:25:28 57,344 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstDE.dll + 2008-02-11 10:25:32 50,688 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstDK.dll + 2008-02-19 10:46:24 54,784 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstES.dll + 2008-02-11 10:25:36 50,688 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstFI.dll + 2008-02-18 09:56:10 54,784 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstFR.dll + 2008-02-11 10:25:42 57,344 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstGR.dll + 2008-02-11 10:25:44 51,712 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstHU.dll + 2008-02-03 17:13:44 51,200 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstID.dll + 2008-02-11 10:25:46 54,272 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstIT.dll + 2008-02-14 11:56:29 38,912 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstJP.dll + 2008-02-03 16:52:28 49,664 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstKR.dll + 2008-02-11 10:25:50 53,760 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstNL.dll + 2008-02-11 10:25:52 50,176 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstNO.dll + 2008-02-18 09:56:14 53,760 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstPL.dll + 2008-02-11 10:25:56 51,712 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstPT.dll + 2008-02-11 10:26:00 52,736 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstRU.dll + 2008-02-11 10:26:02 50,176 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstSE.dll + 2008-02-03 16:58:34 49,664 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstTH.dll + 2008-02-11 10:26:04 50,688 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstTR.dll + 2008-02-03 16:45:28 49,664 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstTW.dll + 2008-02-14 11:56:28 49,664 ----a-r c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807\RES\DLL\IJInstUS.dll + 2009-03-30 08:20:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_228.dat + 2007-10-24 13:36:58 118,784 ----a-w c:\windows\twain_32\CNQ4807\AG.DLL + 2005-04-15 15:34:36 57,344 ----a-w c:\windows\twain_32\CNQ4807\BaLCo.dll + 2007-11-05 20:14:46 14,848 ----a-w c:\windows\twain_32\CNQ4807\caddisnt.dll + 2008-03-19 16:36:50 118,784 ----a-w c:\windows\twain_32\CNQ4807\CAPS.DLL + 2005-08-24 15:51:00 126,976 ----a-w c:\windows\twain_32\CNQ4807\CFine2.dll + 2008-04-03 13:26:00 30,720 ----a-w c:\windows\twain_32\CNQ4807\CNQ4807.DAT + 2008-03-26 13:26:34 393,216 ----a-w c:\windows\twain_32\CNQ4807\CNQ4807N.DAT + 2008-03-05 16:19:40 148,200 ----a-w c:\windows\twain_32\CNQ4807\CNQ4807P.DAT + 2008-01-08 11:04:18 2,102,320 ----a-w c:\windows\twain_32\CNQ4807\CNQ4807R.DAT + 2008-05-08 15:04:22 172,032 ----a-w c:\windows\twain_32\CNQ4807\CUBS.DLL + 2008-02-12 15:42:24 73,728 ----a-w c:\windows\twain_32\CNQ4807\DDT.dll + 2006-04-13 15:43:30 53,248 ----a-w c:\windows\twain_32\CNQ4807\HSL.DLL + 2007-12-06 13:46:10 73,728 ----a-w c:\windows\twain_32\CNQ4807\IJFSHLIB.DLL + 2008-05-08 19:57:25 188,416 ----a-w c:\windows\twain_32\CNQ4807\IOP.DLL + 2008-05-08 19:58:48 38,401 ----a-w c:\windows\twain_32\CNQ4807\IPM.DAT + 2008-05-08 19:58:28 151,552 ----a-w c:\windows\twain_32\CNQ4807\IPM.DLL + 2008-04-17 13:20:42 94,208 ----a-w c:\windows\twain_32\CNQ4807\JPRCV.dll + 2004-06-07 12:58:04 290,816 ----a-w c:\windows\twain_32\CNQ4807\libBLC.dll + 2008-01-24 10:33:36 139,264 ----a-w c:\windows\twain_32\CNQ4807\MC2.DLL + 2008-02-12 15:42:28 90,112 ----a-w c:\windows\twain_32\CNQ4807\MC2Plus.dll + 2008-01-23 16:45:24 454,656 ----a-w c:\windows\twain_32\CNQ4807\RACSLIB.dll + 2007-09-11 14:21:00 86,016 ----a-w c:\windows\twain_32\CNQ4807\RSTCOL.DLL + 2008-05-08 19:57:18 151,552 ----a-w c:\windows\twain_32\CNQ4807\SCANINTF.DLL + 2005-02-02 18:34:44 118,784 ----a-w c:\windows\twain_32\CNQ4807\SCRPRMV.DLL + 2007-07-02 11:04:30 114,688 ----a-w c:\windows\twain_32\CNQ4807\SCRPRMVL.DLL + 2008-04-03 14:53:14 1,159,168 ----a-w c:\windows\twain_32\CNQ4807\SGCFLTR.DLL + 2008-04-22 14:26:00 1,912,832 ----a-w c:\windows\twain_32\CNQ4807\SGRES_AR.DLL + 2008-04-22 14:25:57 1,875,968 ----a-w c:\windows\twain_32\CNQ4807\SGRES_CN.DLL + 2008-04-22 14:25:56 1,916,928 ----a-w c:\windows\twain_32\CNQ4807\SGRES_CZ.DLL + 2008-04-22 14:25:54 1,925,120 ----a-w c:\windows\twain_32\CNQ4807\SGRES_DE.DLL + 2008-04-22 14:25:53 1,916,928 ----a-w c:\windows\twain_32\CNQ4807\SGRES_DK.DLL + 2008-04-22 14:25:51 1,929,216 ----a-w c:\windows\twain_32\CNQ4807\SGRES_ES.DLL + 2008-04-22 14:25:50 1,916,928 ----a-w c:\windows\twain_32\CNQ4807\SGRES_FI.DLL + 2008-04-22 14:25:47 1,925,120 ----a-w c:\windows\twain_32\CNQ4807\SGRES_FR.DLL + 2008-04-22 14:25:47 1,929,216 ----a-w c:\windows\twain_32\CNQ4807\SGRES_GR.DLL + 2008-04-22 14:25:43 1,921,024 ----a-w c:\windows\twain_32\CNQ4807\SGRES_HU.DLL + 2008-04-22 14:26:02 1,916,928 ----a-w c:\windows\twain_32\CNQ4807\SGRES_ID.DLL + 2008-04-22 14:22:04 1,929,216 ----a-w c:\windows\twain_32\CNQ4807\SGRES_IT.DLL + 2008-05-08 19:57:00 1,888,256 ----a-w c:\windows\twain_32\CNQ4807\SGRES_JP.DLL + 2008-04-22 14:21:01 1,888,256 ----a-w c:\windows\twain_32\CNQ4807\SGRES_KR.DLL + 2008-04-22 14:20:58 1,925,120 ----a-w c:\windows\twain_32\CNQ4807\SGRES_NL.DLL + 2008-04-22 14:20:58 1,916,928 ----a-w c:\windows\twain_32\CNQ4807\SGRES_NO.DLL + 2008-04-22 14:20:55 1,921,024 ----a-w c:\windows\twain_32\CNQ4807\SGRES_PL.DLL + 2008-04-22 14:20:55 1,925,120 ----a-w c:\windows\twain_32\CNQ4807\SGRES_PT.DLL + 2008-04-22 14:20:52 1,921,024 ----a-w c:\windows\twain_32\CNQ4807\SGRES_RU.DLL + 2008-04-22 14:20:49 1,916,928 ----a-w c:\windows\twain_32\CNQ4807\SGRES_SE.DLL + 2008-04-22 14:20:52 1,908,736 ----a-w c:\windows\twain_32\CNQ4807\SGRES_TH.DLL + 2008-04-22 14:23:42 1,912,832 ----a-w c:\windows\twain_32\CNQ4807\SGRES_TR.DLL + 2008-04-22 14:26:06 1,875,968 ----a-w c:\windows\twain_32\CNQ4807\SGRES_TW.DLL + 2008-05-08 19:56:58 1,912,832 ----a-w c:\windows\twain_32\CNQ4807\SGRES_US.DLL + 2008-05-08 19:58:22 1,232,896 ----a-w c:\windows\twain_32\CNQ4807\SGUI.DLL + 2007-12-03 17:33:26 102,400 ----a-w c:\windows\twain_32\CNQ4807\softfare.dll + 2008-05-08 19:57:49 532,480 ----a-w c:\windows\twain_32\CNQ4807\TPM.DLL + 2008-04-22 14:28:45 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESAR.DLL + 2008-04-22 14:28:25 4,096 ----a-w c:\windows\twain_32\CNQ4807\USDRESCN.DLL + 2008-04-22 14:28:52 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESCZ.DLL + 2008-04-22 14:28:44 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESDE.DLL + 2008-04-22 14:28:43 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESDK.DLL + 2008-04-22 14:28:42 5,120 ----a-w c:\windows\twain_32\CNQ4807\USDRESES.DLL + 2008-04-22 14:28:42 5,120 ----a-w c:\windows\twain_32\CNQ4807\USDRESFI.DLL + 2008-04-22 14:28:41 5,120 ----a-w c:\windows\twain_32\CNQ4807\USDRESFR.DLL + 2008-04-22 14:28:41 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESGR.DLL + 2008-04-22 14:28:40 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESHU.DLL + 2008-04-22 14:28:39 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESID.DLL + 2008-04-22 14:28:38 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESIT.DLL + 2007-10-31 10:47:42 4,096 ----a-w c:\windows\twain_32\CNQ4807\USDRESJP.DLL + 2008-04-22 14:28:38 4,096 ----a-w c:\windows\twain_32\CNQ4807\USDRESKR.DLL + 2008-04-22 14:28:37 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESNL.DLL + 2008-04-22 14:28:30 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESNO.DLL + 2008-04-22 14:28:29 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESPL.DLL + 2008-04-22 14:28:29 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESPT.DLL + 2008-04-22 14:28:28 5,120 ----a-w c:\windows\twain_32\CNQ4807\USDRESRU.DLL + 2008-04-22 14:28:28 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESSE.DLL + 2008-04-22 14:28:27 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESTH.DLL + 2008-04-22 14:28:27 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESTR.DLL + 2008-04-22 14:28:25 4,096 ----a-w c:\windows\twain_32\CNQ4807\USDRESTW.DLL + 2007-10-31 10:47:44 4,608 ----a-w c:\windows\twain_32\CNQ4807\USDRESUS.DLL + 2007-12-18 19:20:46 221,184 ----a-w c:\windows\twain_32\CNQ4807\USIP.DLL . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] 2009-01-30 16:12 650752 --a------ c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752] [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-12-11 1588224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-07 266497] "Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2008-08-07 443116] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2008-08-07 90112] "tsnp2std"="c:\windows\tsnp2std.exe" [2005-09-09 102400] "snp2std"="c:\windows\vsnp2std.exe" [2005-08-16 339968] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256] "VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe] "atwtusb"="atwtusb.exe" [2007-03-20 c:\windows\system32\ATWTUSB.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer] --a------ 2005-02-08 23:06 356352 c:\program files\IE New Window Maximizer\iemaximizer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 17:15 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-16 17:15 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 20:34 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-02-10 17:00 1937408 c:\program files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2009-03-06 23:54 24095528 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-10-25 10:03 210472 c:\program files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2001-10-02 01:42 10752 c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Sun\\SDK\\jdk\\bin\\java.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\David\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "61295:TCP"= 61295:TCP:emule R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-16 28544] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736] S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-08-07 22528] . . ------- Examen supplémentaire ------- . uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\efg79632.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - component: c:\program files\Copernic Desktop Search 2\FirefoxConnector\components\CSPXPCOMBridge.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-30 13:57:22 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1???????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,f7,1b,78,81,41, d6,38,8e,c8,28,51,af,b0,29,a3,98,03,12,57,ac,75,45,07,d9,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,96,51,5b,0e,d9, 00,88,54,71,3b,04,66,8b,46,0d,96,60,f0,13,5c,02,16,bf,c9,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d9,4c,4f,fe,b5, c6,32,49,25,da,ec,7e,55,20,c9,26,3d,25,65,c8,45,89,18,33,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,56,cf,71,a7,58, 63,62,12,3e,1e,9e,e0,57,5a,93,61,e4,0a,46,91,b1,c7,6e,ce,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,75,a5,fd,51,59, 71,47,18,cd,44,cd,b9,a6,33,6c,cd,31,e1,67,f4,fb,29,e7,46,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,50,56,d7,0b,66, 37,22,5b,b0,18,ed,a7,3f,8d,37,a4,a8,3f,1d,67,cd,ec,86,23,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,b2,e1,e1,8a,fd, 28,da,58,31,77,e1,ba,b1,f8,68,02,c5,dc,d1,fe,f1,6d,ae,e7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,07,b5,95,3e,6c, f4,4e,18,83,6c,56,8b,a0,85,96,ab,04,c8,36,25,f9,3b,2d,c2,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,ab,48,39,b3,1e, 58,09,52,51,fa,6e,91,28,9e,14,cc,14,e6,d1,2a,1b,a3,b7,e5,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,a7,a2,3a,76,eb, e8,94,b0,b1,cd,45,5a,a8,c4,f8,b9,75,99,7a,56,b8,85,2f,96,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,22,28,6f,f6,8d, 9e,06,fc,e3,0e,66,d5,eb,bc,2f,6b,61,55,bf,4e,00,0f,0c,d8,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,8e,ca,95,34,bd, bd,3f,74,fa,ea,66,7f,d4,3b,6b,70,2c,39,86,63,58,65,f1,03,6c,43,2d,1e,aa,22,\ . Heure de fin: 2009-03-30 13:59:23 ComboFix-quarantined-files.txt 2009-03-30 11:59:09 ComboFix2.txt 2009-03-29 14:42:54 Avant-CF: 4 268 695 552 octets libres Après-CF: 4,257,329,152 octets libres 376 --- E O F --- 2009-03-27 15:58:35 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ j'ai fait la procedure sur mon pc avec ce qu'il y avait comme HD j'ai refait la procedure avec un HD en plus et une CLE usb je continue. (nb: tu ne m'as pas dit COMMENT je peux savoir si j'ai infecté la semaine passée une autre PC avec ma clé ou un hd. Quel outil me conseilles-tu pour tester sur leur PC si je les ai vérollé ou pas ?)
  6. avilug
    bonjour Gof merci de ta prise en charge ! effectivement, c'est pas malin de ma part, moi qui croyait que tous les modes recherches des utilitaires étaient inoffensifs... Ce qui m'ennuie, c'est que je peux désinfecter toutes mes partitions mais, les autres Hd que j'ai récemment branché cette semaine (j'ai fait des copies hd à hd) , sont-ils aussi vérollés ? en fait ma question est : puis-je appliquer PLUSIEURS fois la procédure que tu me décris, sachant que je ne peux pas brancher tous les hd utilisés en même temps ? et s'ils ont été installés sur un autre PC , quel scan dois-je faire pour savoir s'ils ont la même infection ? (c'est quoi le nom de cette infection, d'ailleurs ???) désolé, bcp de questions, mais je veux faire une VRAIE procédure en suivant A LA LETTRE , cette fois , ce que tu me décriras !!! merci encore. edit : j'attends ta réponses pour les manip, au cas où !
  7. avilug
    bonjour à tous d'habitude je demande de l'aide pour des collègues/amis; là, c'est moi qui me suis fais infecter. Comme quoi ... Voici plusieurs fois en quelques jours que ANTIVIR m'alerte sur 2 fichiers (toujours les mêmes noms), que je mets en quarantaine aussitot : Virus or unwanted program 'TR/PSW.Magania.aven [trojan]' detected in file 'C:\WINDOWS\system32\mkfght0.dll. Action performed: Move file to quarantine Virus or unwanted program 'RKIT/Agent.3488 [trojan]' detected in file 'C:\WINDOWS\system32\drivers\klif.sys. Action performed: Move file to quarantine Pour gagner du temps (beaucoup de temps) j'ai passer un coup de -hijackthis -mbam -ccleaner -antivir scan complet -navilog (recherche uniquement) -combofix (recherche uniquement) c'est parti pour les logs MERCI BEAUCOUP ! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:41:16, on 29/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\atwtusb.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\TeamViewer\Version4\TeamViewer.exe H:\download\desinfection\HiJackThis.exe R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Barre d'outils Copernic Desktop Search - Home - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000048.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [atwtusb] atwtusb.exe O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray O4 - HKCU\..\Run: [ertyuop] C:\WINDOWS\system32\rttrwq.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1230013830828 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe -- End of file - 7558 bytes @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Malwarebytes' Anti-Malware 1.35 Version de la base de données: 1915 Windows 5.1.2600 Service Pack 3 29/03/2009 14:49:01 mbam-log-2009-03-29 (14-49-01).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 127453 Temps écoulé: 1 hour(s), 57 minute(s), 23 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ertyuop (Spyware.OnlineGames) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\rttrwq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Search Navipromo version 3.7.6 commencé le 29/03/2009 à 16:31:45,76 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon XP 2800+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : David ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:14 Go (Free:4 Go) D:\ (CD or DVD) F:\ (CD or DVD) H:\ (Local Disk) - NTFS - Total:56 Go (Free:2 Go) I:\ (Local Disk) - NTFS - Total:20 Go (Free:10 Go) J:\ (Local Disk) - NTFS - Total:3 Go (Free:2 Go) K:\ (Local Disk) - NTFS - Total:385 Go (Free:19 Go) Recherche executé en mode normal *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\David\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\David\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\David\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\David\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** !! Les clés trouvées ne sont pas forcément infectées !! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\David\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche autres dossiers et fichiers connus : *** Analyse terminée le 29/03/2009 à 16:37:29,50 *** @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ComboFix 09-03-28.06 - David 2009-03-29 16:39:49.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1471.1003 [GMT 2:00] Lancé depuis: c:\documents and settings\David\Bureau\DESINFECTION\Combb.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . H:\Autorun.inf H:\s39tg.cmd I:\Autorun.inf I:\s39tg.cmd J:\Autorun.inf J:\s39tg.cmd K:\Autorun.inf K:\s39tg.cmd . ((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-29 )))))))))))))))))))))))))))))))))))) . 2009-03-29 16:31 . 2009-03-29 16:37 <REP> d-------- c:\program files\Navilog1 2009-03-29 14:49 . 2009-03-29 14:49 61,440 --a------ c:\windows\system32\drivers\xjbdqgl.sys 2009-03-27 18:24 . 2009-03-27 18:24 <REP> d-------- c:\documents and settings\David\Application Data\Thinstall 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression 2009-03-09 14:03 . 2007-11-07 12:36 <REP> d--h----- c:\documents and settings\Administrateur\Modèles 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d-------- c:\documents and settings\Administrateur\Mes documents 2009-03-09 14:03 . 2007-11-07 14:27 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d-------- c:\documents and settings\Administrateur\Favoris 2009-03-09 14:03 . 2007-11-07 14:27 <REP> d-------- c:\documents and settings\Administrateur\Bureau 2009-03-09 14:03 . 2009-03-09 14:03 <REP> d-------- c:\documents and settings\Administrateur 2009-03-08 21:34 . 2009-03-08 21:34 <REP> d-------- c:\program files\Alcohol Soft 2009-03-08 21:31 . 2009-03-08 21:31 639,224 --a------ c:\windows\system32\drivers\sptd.sys 2009-03-05 20:43 . 2009-03-05 20:43 <REP> d-------- c:\program files\Q-Dir 2009-03-05 20:43 . 2009-03-05 20:44 <REP> d-------- c:\documents and settings\David\Application Data\Q-Dir 2009-03-05 20:43 . 2009-03-08 14:40 4,446 --a------ c:\windows\Q-Dir.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-27 16:12 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-26 15:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-26 15:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-15 19:30 --------- d-----w c:\program files\eMule 2009-03-15 14:03 --------- d-----w c:\documents and settings\David\Application Data\TeamViewer 2009-03-13 16:55 --------- d-----w c:\documents and settings\David\Application Data\Skype 2009-03-13 15:54 --------- d-----w c:\documents and settings\David\Application Data\skypePM 2009-03-12 21:43 --------- d-----w c:\documents and settings\David\Application Data\Canon 2009-03-09 00:39 --------- d-----w c:\documents and settings\David\Application Data\dvdcss 2009-03-01 20:21 --------- d-----w c:\program files\AskBarDis 2009-02-23 13:41 --------- d-----w c:\program files\Fichiers communs\Skype 2009-02-23 13:41 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2009-02-23 13:41 --------- d-----r c:\program files\Skype 2009-02-21 21:23 --------- d-----w c:\program files\CDex 2009-02-21 19:38 1,195 ----a-w c:\documents and settings\David\Application Data\SAS7_000.DAT 2009-02-15 19:37 --------- d-----w c:\program files\EDT 2009-02-12 19:12 --------- d-----w c:\program files\RADVideo 2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys 2009-02-07 21:02 --------- d-----w c:\program files\QT Lite 2009-02-07 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-07 20:56 --------- d-----w c:\program files\ProtectDisc Driver Installer 2009-02-07 20:56 --------- d-----w c:\documents and settings\David\Application Data\ProtectDisc 2009-02-05 20:28 --------- d-----w c:\documents and settings\David\Application Data\Search Settings 2009-02-05 20:28 --------- d-----w c:\documents and settings\David\Application Data\pdfforge 2009-02-05 20:12 --------- d-----w c:\program files\PDFCreator 2009-02-05 20:11 --------- d-----w c:\program files\pdfforge Toolbar 2009-01-31 22:57 --------- d-----w c:\program files\UtopiaBOX 2.02 2009-01-30 09:28 --------- d-----w c:\program files\Copernic Desktop Search 2 2009-01-30 09:28 --------- d-----w c:\documents and settings\David\Application Data\Copernic 2009-01-28 01:08 --------- d-----w c:\program files\foxit 2009-01-08 22:14 48,208 ----a-w c:\documents and settings\David\Application Data\GDIPFONTCACHEV1.DAT 2008-09-14 13:40 40,559 ----a-w c:\documents and settings\David\Application Data\mdb.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 13:58 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] 2009-01-30 16:12 650752 --a------ c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-12-11 1588224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-07 266497] "Cloneur Expert Monitor"="c:\program files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2008-08-07 443116] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2008-08-07 90112] "tsnp2std"="c:\windows\tsnp2std.exe" [2005-09-09 102400] "snp2std"="c:\windows\vsnp2std.exe" [2005-08-16 339968] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-12-04 406016] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2007-03-19 259624] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256] "VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe] "atwtusb"="atwtusb.exe" [2007-03-20 c:\windows\system32\ATWTUSB.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "VIDC.MJPG"= Pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer] --a------ 2005-02-08 23:06 356352 c:\program files\IE New Window Maximizer\iemaximizer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 17:15 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-16 17:15 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 20:34 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] --------- 2005-02-10 17:00 1937408 c:\program files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2009-03-06 23:54 24095528 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-10-25 10:03 210472 c:\program files\Fichiers communs\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2001-10-02 01:42 10752 c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Sun\\SDK\\jdk\\bin\\java.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\David\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "61295:TCP"= 61295:TCP:emule R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-16 28544] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736] S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-08-07 22528] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - EBBAKGRA *Deregistered* - ebbakgra [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\s39tg.cmd \Shell\open\Command - E:\s39tg.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2233fb6-f3ad-11dd-aff7-000c76fd16c0}] \Shell\AutoRun\command - start.exe \Shell\iledefrance\command - start.exe . . ------- Examen supplémentaire ------- . uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\efg79632.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - component: c:\program files\Copernic Desktop Search 2\FirefoxConnector\components\CSPXPCOMBridge.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll . catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-29 16:40:57 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1???????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,f7,1b,78,81,41, d6,38,8e,c8,28,51,af,b0,29,a3,98,03,12,57,ac,75,45,07,d9,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,96,51,5b,0e,d9, 00,88,54,71,3b,04,66,8b,46,0d,96,60,f0,13,5c,02,16,bf,c9,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d9,4c,4f,fe,b5, c6,32,49,25,da,ec,7e,55,20,c9,26,3d,25,65,c8,45,89,18,33,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,56,cf,71,a7,58, 63,62,12,3e,1e,9e,e0,57,5a,93,61,e4,0a,46,91,b1,c7,6e,ce,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,75,a5,fd,51,59, 71,47,18,cd,44,cd,b9,a6,33,6c,cd,31,e1,67,f4,fb,29,e7,46,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,50,56,d7,0b,66, 37,22,5b,b0,18,ed,a7,3f,8d,37,a4,a8,3f,1d,67,cd,ec,86,23,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,b2,e1,e1,8a,fd, 28,da,58,31,77,e1,ba,b1,f8,68,02,c5,dc,d1,fe,f1,6d,ae,e7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,07,b5,95,3e,6c, f4,4e,18,83,6c,56,8b,a0,85,96,ab,04,c8,36,25,f9,3b,2d,c2,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,ab,48,39,b3,1e, 58,09,52,51,fa,6e,91,28,9e,14,cc,14,e6,d1,2a,1b,a3,b7,e5,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,a7,a2,3a,76,eb, e8,94,b0,b1,cd,45,5a,a8,c4,f8,b9,75,99,7a,56,b8,85,2f,96,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,22,28,6f,f6,8d, 9e,06,fc,e3,0e,66,d5,eb,bc,2f,6b,61,55,bf,4e,00,0f,0c,d8,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,8e,ca,95,34,bd, bd,3f,74,fa,ea,66,7f,d4,3b,6b,70,2c,39,86,63,58,65,f1,03,6c,43,2d,1e,aa,22,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(852) c:\windows\system32\cscui.dll . Heure de fin: 2009-03-29 16:42:52 ComboFix-quarantined-files.txt 2009-03-29 14:42:34 Avant-CF: 4 398 370 816 octets libres Après-CF: 4,424,167,424 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 259 --- E O F --- 2009-03-27 15:58:35 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ (mbam est le seul à avoir trouvé qqchose) j'espère que mon post garde une certaine lisibilité ! ENCORE MERCI !
  8. avilug

    Support ventilateur PC cassé

    avilug a répondu à un(e) sujet de avilug dans Hardware

    oui, je crois que je suis condamné à me diriger vers le démontage de la CM. merci thorgal & bonne journée!
  9. avilug

    Support ventilateur PC cassé

    avilug a répondu à un(e) sujet de avilug dans Hardware

    bonsoir thorgal j'avais pensé à tout changé mais ... je n'arrive pas à démonter le radiateur passif !!! pourtant j'ai bien regardé mais, à part des leviers en faire INACCESSIBLES qui sont à la base (sur le socket, je crois) rien à faire ! Et est-ce qu'on peut COLLER un ventilo sur le metal ? (je pose la question sans trop de conviction mais...) Ou est-ce que ceci peut m'être utile ? http://www.grosbill.com/4-xilence_power_sy...essoire_boitier merci !
  10. avilug
    bonjour en voulant changer l'alim d'un pc, j'ai cassé le support de ventilo (pas malin, je sais). le problème est : où en acheter un autre, sachant que le processeur est un athlon xp 2100+ avec un ventilo quelconque sur le dissipateur métallique ? en fait, est-ce que ça existe encore ? http://i42.tinypic.com/30072gl.jpg http://i42.tinypic.com/1zd4ta9.jpg (pour la petite histoire : le pc est à une collègue, je me suis porté volontaire pour le réparer, et ... j'ai fait des dégats ! donc faut que je répare. je dois pas être le seul dans ce cas, je suppose ...) merci !!
  11. avilug
    ok pour en acheter mais est-ce toujours vendu avec ? celui-ci semble ok http://www.pearl.fr/composants/ventilation...-x-25_CM05.html mais ... je vois pas le support ?
  12. avilug
    slt falkra En fait j'ai cassé le SUPPORT du ventilo de mon athlon xp 2100+ : c'est le carré en plastique qui se fixe sur la radiateur passif et qui supporte le ventilo (je me suis retrouvé avec 3 morceaux dans les doigts, c'est malin !). malgré mes recherches, je n'arrive pas à savoir si ça se rachète / si c'est vendu avec les ventilos / et sinon, ou ça se trouve ! puis-je abuser en te demandant ton avis ... ? MERCI BEAUCOUP BEAUCOUP !!!
  13. avilug
    ok merci beaucoup pear !
  14. avilug
    bonsoir falkra en fait, je m'aperçois que je n'ai tjs pas répondu sur ce sujet et pour cause : j'ai cassé le support ventilo du proc de ce PC en voulant changer l'alimentation (qui avait lâché) : bilan, j'ai une nouvelle alim ... et plus de ventilo ! donc TROP dangereux de le faire fonctionner sans ou avec un "ventilo qui bouge", même le temps de faire un scan avec hijackthis désolé. (avant que ça casse, il n'y avait déjà plus de symptome d'infection, mais je referai un hijackscan, pour être sûr)
  15. avilug
    bonsoir pear heu ... voulez-vous toujours continuer avec moi ? non pas que je m'impatiente (rien de vraiment d'urgent) mais 36h sans nouvelle, j'ai peur que vous ne vouliez plus suivre ma désinfection !!! à bientôt ... ?
  16. avilug
    en fait, je n'ai pas été assez précis : le modem qui doit accueillir le point d'accès n'a de de wifi, ok, mais il n'a pas non plus de 2e prise ethernet ! 1) si je branche ainsi : modem ---- hub ----- point d'accès (sur hub) . . . . . . . . . . . . . -----------pc (sur hub) est-ce que ça marchera ? ne faut-il pas que le modem soit aussi routeur ? 2) peut-on brancher le point d'accès sur le PC et faire un pont réseau entre point-accès+radiowifi et le pc qui a la connection internet bonne soirée !
  17. avilug
    Pear, je me suis permis de faire un scan par MBAM histoire de gagner du temps (je n'ai PAS lancé de désinfection, juste un scan) peut-être cela servira ? Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1836 Windows 5.1.2600 Service Pack 3 11/03/2009 17:48:30 mbam-log-2009-03-11 (17-48-30).txt Type de recherche: Examen rapide Eléments examinés: 61071 Temps écoulé: 4 minute(s), 12 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  18. avilug
    ET LE RAPPORT APRES ! merci de votre aide, pear !!! -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 1.60GHz ) BIOS : Default System BIOS USER : user ( Administrator ) BOOT : Fail-safe with network boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:14 Go (Free:10 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 11/03/2009|17:35 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\AskBarDis\bar Supprime! - C:\Program Files\AskBarDis\unins000.dat Supprime! - C:\Program Files\AskBarDis\unins000.exe Supprime! - C:\WINDOWS\Prefetch\ASKSBARSETUP.EXE-0925D19C.pf Supprime! - C:\WINDOWS\Prefetch\ASKSBARSETUP.TMP-0DDF4F85.pf Supprime! - C:\Program Files\AskBarDis -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (user) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.fr/" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.files-ftp.com/~unicorni/phpBB2/index.php" "Default_Search_URL"="http://www.google.com/ie" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 11/03/2009|17:32 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 11/03/2009|17:36 - Option : [2] -----------\\ Fin du rapport a 17:36:35,06
  19. avilug
    LE RAPPORT AVANT ! -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 1.60GHz ) BIOS : Default System BIOS USER : user ( Administrator ) BOOT : Fail-safe with network boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:14 Go (Free:10 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 11/03/2009|17:31 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\AskBarDis C:\Program Files\AskBarDis\bar C:\Program Files\AskBarDis\unins000.dat C:\Program Files\AskBarDis\unins000.exe C:\Program Files\AskBarDis\bar\bin C:\Program Files\AskBarDis\bar\Cache C:\Program Files\AskBarDis\bar\History C:\Program Files\AskBarDis\bar\Settings C:\Program Files\AskBarDis\bar\bin\askBar.dll C:\Program Files\AskBarDis\bar\bin\askPopStp.dll C:\Program Files\AskBarDis\bar\bin\psvince.dll C:\Program Files\AskBarDis\bar\Cache\0007F097 C:\Program Files\AskBarDis\bar\Cache\0007F55A C:\Program Files\AskBarDis\bar\Cache\0007F9A0.bin C:\Program Files\AskBarDis\bar\Cache\0007FE34.bin C:\Program Files\AskBarDis\bar\Cache\00080112.bin C:\Program Files\AskBarDis\bar\Cache\000802B8.bin C:\Program Files\AskBarDis\bar\Cache\0008043F.bin C:\Program Files\AskBarDis\bar\Cache\00080604.bin C:\Program Files\AskBarDis\bar\Cache\0008079A.bin C:\Program Files\AskBarDis\bar\Cache\00080A0B.bin C:\Program Files\AskBarDis\bar\Cache\00080C3D.bin C:\Program Files\AskBarDis\bar\Cache\00080EFD.bin C:\Program Files\AskBarDis\bar\Cache\files.ini C:\Program Files\AskBarDis\bar\History\search C:\Program Files\AskBarDis\bar\Settings\config.dat C:\Program Files\AskBarDis\bar\Settings\config.dat.bak C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm C:\WINDOWS\Prefetch\ASKSBARSETUP.EXE-0925D19C.pf C:\WINDOWS\Prefetch\ASKSBARSETUP.TMP-0DDF4F85.pf -----------\\ Extensions (user) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.fr/" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.files-ftp.com/~unicorni/phpBB2/index.php" "Default_Search_URL"="http://www.google.com/ie" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 11/03/2009|17:32 - Option : [1] -----------\\ Fin du rapport a 17:32:40,90
  20. avilug
    bonjour à tous après avoir récupéré un vieux PC et y avoir fait le menage (y compris physiquement avec un aspirateur !!!) , je constate que le HD fonctionne 1s toutes les 10s (diode en marche) c-à-d qu'il y a un accès disk régulier . Le problème, c'est qu'il n'y a rien de spécial qui tourne ! Antivir ne dit rien. voici le scan hijackthis : Y a-t-il qq chose de suspect qui serait resté ? MERCI !!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:51:00, on 11/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [\\PHY4-MASTER\EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P37 "\\PHY4-MASTER\EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 4317 bytes
  21. avilug
    ok, merci pour ta réponse !
  22. avilug
    bonjour à tous je voudrai offrir à une personne une radio wifi (99€ chez pearl - ya 2,3 modèles) mais il a un modem ethernet sans wifi. comme je connais pas grand chose en wifi, savez-vous ce qu'il faut mettre pour connecter le MODEM et la RADIO (point d'accès ou autre?) Est-ce compliqué à configurer ? merci à ceux qui auront un bon conseil à me donner !
  23. avilug
    voici j'ai mis IE7 merci bcp falkra !!!
  24. avilug
    et un rapport, un : ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== C:\WINDOWS\system32\ruCIPXbc.ini2 moved successfully. C:\WINDOWS\system32\xnqsaver.ini moved successfully. C:\WINDOWS\system32\vojobukg.ini moved successfully. C:\WINDOWS\system32\sgaquyiu.ini moved successfully. C:\WINDOWS\system32\jsoyugvw.ini moved successfully. C:\WINDOWS\system32\sjqjbtmi.ini moved successfully. C:\WINDOWS\system32\ubtbigdu.ini moved successfully. C:\WINDOWS\system32\ruCIPXbc.ini moved successfully. File/Folder C:\Program Files\Hotbar not found. File/Folder C:\PROGRA~1\MYWEBS~1 not found. C:\Program Files\Registry Cleaner Trial moved successfully. File/Folder C:\Program Files\SpySpotter3 not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotbar\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter System Defender\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mr bouazziz^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk\\ deleted successfully. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02272009_163623 Files moved on Reboot... File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
  25. avilug
    j'ai mis (list since 3 months) car ça fait presque 2 mois que le pc était vérollé et il servait plus depuis plus 1 mois) log.txt Logfile of random's system information tool 1.05 (written by random/random) Run by mr bouazziz at 2009-02-27 16:24:19 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 17 GB (30%) free of 59 GB Total RAM: 767 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:24:23, on 27/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Apps\ActivBoard\nhksrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\System32\Drivers\WTSRV.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Microsoft Money\System\urlmap.exe C:\Documents and Settings\mr bouazziz.SN4970687158\Local Settings\Temporary Internet Files\Content.IE5\7OAK75OO\RSIT[1].exe C:\Program Files\trend micro\mr bouazziz.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.packardbell.fr/center R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKCU\..\Run: [PreAnnotate] C:\WINDOWS\System32\PreAnntt.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1b899115aa524635ae2c03ac4feee1f2 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1b899115aa524635ae2c03ac4feee1f2 O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE O24 - Desktop Component 0: (no name) - http://tbn0.google.com/images?q=tbn:KyMK1j...ack%2BWhale.jpg O24 - Desktop Component 1: (no name) - file:///C:/Program%20Files/fond-ecran-wallpaper/fleur/images/image_004.jpg O24 - Desktop Component 2: (no name) - file:///C:/Program%20Files/fond-ecran-wallpaper/fleur/images/image_001.jpg O24 - Desktop Component 3: (no name) - http://www.fond-ecran-wallpaper.com/fleur/.../fleur-0004.jpg -- End of file - 11825 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\ABD56CEF918AE237.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Rappel d'enregistrement 1.job C:\WINDOWS\tasks\Rappel d'enregistrement 2.job C:\WINDOWS\tasks\Rappel d'enregistrement 3.job C:\WINDOWS\tasks\Scheduled scanning task.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-29 308856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 434279] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-09 737776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}] C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Copernic Agent - C:\PROGRA~1\COPERN~1\COPERN~1.DLL [2004-12-02 1066968] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2436160] {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - TV5 - Dictionnaires - C:\Program Files\MEDIADICO\Dico TV5\MDTV5TB.dll [2007-12-26 811008] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-04-29 185896] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-09-05 266497] "Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "PreAnnotate"=C:\WINDOWS\System32\PreAnntt.exe [2002-06-26 229376] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-02 68856] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe [2002-06-19 192512] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [2005-06-23 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent] C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDSwitchAgent] C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] C:\Program Files\F-Secure Anti-Virus\Common\FSM32.EXE /splash [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard] C:\Program Files\F-Secure Anti-Virus\FSGUI\FSSW.EXE /reboot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] C:\Program Files\F-Secure Anti-Virus\TNB\TNBUtil.exe /CHECKALL /WAITFORSW [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotbar] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2006-07-09 36864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe [2002-12-10 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2002-12-10 61440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MEDIA HEART FACE FIRST] C:\Documents and Settings\All Users\Application Data\slow seek media heart\Ford Real.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] C:\Program Files\Messenger Plus! 3\MsgPlus.exe /WinStart [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau] C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner] C:\Program Files\Registry Cleaner Trial\regclean.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza] C:\Program Files\Shareaza\Shareaza.exe -tray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [2006-10-12 49263] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-04-29 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer] C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe [2002-06-07 299008] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WService] C:\WINDOWS\system32\WService.EXE [2002-09-07 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Fond Ecran OneClick.lnk] C:\PROGRA~1\FOND-E~1\FEW-ON~1.EXE [2006-10-02 657531] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2006-07-09 196608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk] C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSOEMON.EXE [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk] C:\PROGRA~1\SAGEMW~1.11G\WLANUTL.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk] C:\PROGRA~1\SAGEMW~1\WLANUTL.exe [2007-01-16 950272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk] C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mr bouazziz^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk] C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSOEMON.EXE [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HPAiODevice(hp psc 700 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing" "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Documents and Settings\mr bouazziz\Bureau\incredimail_install.exe"="C:\Documents and Settings\mr bouazziz\Bureau\incredimail_install.exe:*:Enabled:IncrediMail Installer" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe"="C:\Program Files\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe:*:Enabled:F-Secure Anti-Virus 2005" "C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Documents and Settings\mr bouazziz.SN4970687158\Local Settings\Temporary Internet Files\Content.IE5\K1QNGLIN\WoW-frFR-Installer-downloader[1].exe"="C:\Documents and Settings\mr bouazziz.SN4970687158\Local Settings\Temporary Internet Files\Content.IE5\K1QNGLIN\WoW-frFR-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader" "C:\Documents and Settings\mr bouazziz.SN4970687158\Local Settings\Temporary Internet Files\Content.IE5\O5QFOD6Z\BurningCrusade[1].exe"="C:\Documents and Settings\mr bouazziz.SN4970687158\Local Settings\Temporary Internet Files\Content.IE5\O5QFOD6Z\BurningCrusade[1].exe:*:Enabled:Blizzard Downloader" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 3 months====== 2009-02-27 16:24:20 ----D---- C:\Program Files\trend micro 2009-02-27 16:24:19 ----D---- C:\rsit 2009-02-27 15:17:00 ----D---- C:\Documents and Settings\mr bouazziz.SN4970687158\Application Data\Malwarebytes 2009-02-27 15:16:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-02-27 15:16:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-02-27 01:42:50 ----N---- C:\avlogfile.txt 2009-01-08 06:33:17 ----D---- C:\Documents and Settings\mr bouazziz.SN4970687158\Application Data\TeamViewer 2009-01-08 06:33:06 ----D---- C:\Program Files\TeamViewer 2009-01-07 18:05:30 ----SH---- C:\WINDOWS\system32\xnqsaver.ini 2009-01-04 15:38:16 ----SH---- C:\WINDOWS\system32\vojobukg.ini 2009-01-02 13:56:58 ----SH---- C:\WINDOWS\system32\sgaquyiu.ini 2008-12-30 19:22:31 ----SH---- C:\WINDOWS\system32\jsoyugvw.ini 2008-12-29 19:19:07 ----SH---- C:\WINDOWS\system32\sjqjbtmi.ini 2008-12-28 19:16:09 ----SH---- C:\WINDOWS\system32\ubtbigdu.ini 2008-12-28 19:15:35 ----A---- C:\WINDOWS\system32\7b60bf61-.txt 2008-12-28 19:15:20 ----ASH---- C:\WINDOWS\system32\ruCIPXbc.ini2 2008-12-28 19:15:20 ----ASH---- C:\WINDOWS\system32\ruCIPXbc.ini 2008-12-25 19:42:39 ----D---- C:\Program Files\Microsoft Silverlight 2008-12-25 19:42:24 ----D---- C:\Program Files\Microsoft Office Outlook Connector 2008-12-25 19:36:29 ----D---- C:\Program Files\Microsoft Sync Framework 2008-12-25 19:35:36 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2008-12-25 19:35:32 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2008-12-25 19:34:54 ----D---- C:\WINDOWS\SxsCaPendDel 2008-12-25 19:34:06 ----D---- C:\Program Files\Microsoft 2008-12-25 19:33:41 ----D---- C:\Program Files\Windows Live SkyDrive 2008-12-25 19:25:36 ----D---- C:\Program Files\Fichiers communs\Windows Live 2008-12-02 22:37:20 ----A---- C:\WINDOWS\system32\sirenacm.dll ======List of files/folders modified in the last 3 months====== 2009-02-27 16:24:20 ----RD---- C:\Program Files 2009-02-27 16:20:00 ----D---- C:\WINDOWS\Temp 2009-02-27 15:40:40 ----A---- C:\WINDOWS\PreAnntt.INI 2009-02-27 15:40:04 ----D---- C:\WINDOWS 2009-02-27 15:38:41 ----D---- C:\WINDOWS\system32\drivers 2009-02-27 15:38:41 ----D---- C:\WINDOWS\system32 2009-02-27 15:38:12 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-27 15:25:22 ----D---- C:\WINDOWS\Debug 2009-02-27 14:59:17 ----D---- C:\WINDOWS\Prefetch 2009-02-27 14:56:28 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-27 14:53:30 ----D---- C:\WINDOWS\system32\config 2009-02-27 01:39:53 ----D---- C:\WINDOWS\system 2009-02-27 01:18:17 ----D---- C:\Program Files\Microsoft AntiSpyware 2009-02-27 01:05:20 ----D---- C:\Program Files\MSN Messenger 2009-02-27 00:55:28 ----D---- C:\Documents and Settings 2009-02-26 23:24:33 ----D---- C:\WINDOWS\BDOSCAN8 2009-02-26 23:23:51 ----A---- C:\WINDOWS\NeroDigital.ini 2008-12-25 20:52:27 ----RSD---- C:\WINDOWS\assembly 2008-12-25 20:52:27 ----D---- C:\WINDOWS\Microsoft.NET 2008-12-25 19:51:47 ----SD---- C:\Documents and Settings\mr bouazziz.SN4970687158\Application Data\Microsoft 2008-12-25 19:51:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-12-25 19:43:28 ----SHD---- C:\WINDOWS\Installer 2008-12-25 19:42:24 ----D---- C:\Program Files\Fichiers communs\System 2008-12-25 19:41:56 ----HD---- C:\WINDOWS\inf 2008-12-25 19:41:44 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-12-25 19:41:43 ----D---- C:\Program Files\Windows Live 2008-12-25 19:38:23 ----D---- C:\WINDOWS\WinSxS 2008-12-25 19:36:48 ----D---- C:\Program Files\Windows Live Toolbar 2008-12-25 19:36:47 ----SD---- C:\WINDOWS\Tasks 2008-12-25 19:36:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-12-25 19:35:37 ----D---- C:\WINDOWS\system32\DirectX 2008-12-25 19:33:49 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2008-12-25 19:25:36 ----D---- C:\Program Files\Fichiers communs 2008-12-22 13:06:31 ----D---- C:\Program Files\Mozilla Firefox 2008-12-18 20:39:00 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-12-18 20:38:37 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-17 18:50:29 ----D---- C:\Program Files\eMule 2008-12-14 00:35:51 ----A---- C:\WINDOWS\win.ini 2008-12-12 18:02:12 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072] R1 msikbd2k;Multimedia Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\msikbd2k.sys [2001-12-20 6656] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632] R1 vcsmpdrv;vcsmpdrv; C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2002-06-07 49232] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624] R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-04-29 28288] R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-01-13 96256] R3 nvmpu401;NVIDIA MIDI UART Driver; C:\WINDOWS\system32\drivers\nvmpu401.sys [2002-04-29 10240] R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-04-29 212736] R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2007-01-16 17664] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096] S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2007-01-16 20608] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804] S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-01-13 12500] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726] S3 dot4;Pilote MS IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976] S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 Dot4Scan;Pilote de classe Scanneur pour IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704] S3 dot4usb;Filtre Dot4USB Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-23 24064] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 QCMerced;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2002-09-20 472396] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-28 5888] S3 SE26bus;Sony Ericsson Device 038 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE26bus.sys [2006-05-01 61600] S3 SE26mdfl;Sony Ericsson Device 038 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys [2006-05-01 9360] S3 SE26mdm;Sony Ericsson Device 038 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE26mdm.sys [2006-05-01 97184] S3 SE26obex;Sony Ericsson Device 038 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE26obex.sys [2006-05-01 86560] S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver; C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-28 402432] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2002-09-07 15346] S3 TClass2k;Tablet Class Driver; C:\WINDOWS\System32\Drivers\TClass2k.sys [2002-09-07 23106] S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\System32\Drivers\UCTblHid.sys [2002-09-21 11074] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312] S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148] S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\WlanUIG.sys [] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\system32\ZDCndis5.SYS [] S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS [] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-25 68865] R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-25 151297] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120] R2 nhksrv;Netropa NHK Server; C:\Apps\ActivBoard\nhksrv.exe [2001-08-06 28672] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R2 VCSSecS;Virtual CD v4 Security service (SDK - Version); C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264] R2 WinTabService;WinTab Service; C:\WINDOWS\System32\Drivers\WTSRV.EXE [2002-09-07 40960] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-02 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- info.txt info.txt logfile of random's system information tool 1.05 2009-02-27 16:24:27 ======Uninstall list====== -->"C:\Program Files\Fichiers communs\Teknum Systems\tsUninst.exe" "C:\Program Files\HandyBits\EasyCrypto\HandyBits EasyCrypto Deluxe.del" -->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{09B44E78-A988-4BC0-962F-63ECD3333708} /l1036 -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\BWUnin-6.1.0.145L.exe -AppId 4448364 -->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\System32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1} -->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log -->C:\WINDOWS\uninst.exe -fC:\APPS\Audioneer\NewDJ\DeIsL1.isu -cC:\APPS\Audioneer\NewDJ\_ISREG32.DLL -->MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1} -->MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95} -->MsiExec.exe /X{DEBEA68F-45AA-4707-A9A7-DBD6DB4FBE89} -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0208A7E3-0D30-11D4-A1FC-00508B9D1BA2}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\SETUP.EXE" -uninst -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Alexandra Ledermann 3 - Équitation Aventure-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\PAN vision\Alexandra Ledermann 3 - Équitation Aventure\Uninst.isu" Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE BlueSoleil-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x40c BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Coach Cérébral - Performance-->C:\PROGRA~1\HAPPYN~1\COACHC~2\UNWISE.EXE C:\PROGRA~1\HAPPYN~1\COACHC~2\INSTALL.LOG Coach Cérébral-->C:\PROGRA~1\HAPPYN~1\COACHC~1\UNWISE.EXE C:\PROGRA~1\HAPPYN~1\COACHC~1\INSTALL.LOG Copernic Agent Basic-->"C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" CSI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BA044B0-A5E4-428E-8731-63BD5DD4FDB2}\setup.exe" -l0x40c Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976} Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9} eMule-->"C:\Program Files\eMule\Uninstall.exe" Encyclopédie Hachette Multimédia-->C:\WINDOWS\unvise32.exe C:\program files\EHMINSTALL\uninstal.log eSkin-->C:\PROGRA~1\eSkin\UNWISE.EXE C:\PROGRA~1\eSkin\INSTALL.LOG Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D} Fond Ecran OneClick-->C:\Program Files\fond-ecran-wallpaper\un_fewoneclick.exe Galerie de photos Windows Live-->MsiExec.exe /X{43563ACB-371B-4C58-8979-B192B390424C} GammonEmpire-->C:\Program Files\GammonEmpire\GammonEmpire.exe /uninstall getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall Gimp pour Windows -->"C:\Program Files\Gimp\uninstall.exe" Google Earth-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll" HijackThis 2.0.2-->"C:\Documents and Settings\mr bouazziz.SN4970687158\Bureau\HijackThis.exe" /uninstall hp psc 700 series-->C:\WINDOWS\system32\hpocon09.exe /u 1220799218 /d "hp psc 700 series" HP Share-to-Web-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l1036 Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0} iTunes-->MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4} J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020} J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040} J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080} J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} Java Runtime Environment 1.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\JavaSoft\JRE\1.1\lib\DeIsL1.isu" Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A} La Toolbar TV5 - Dictionnaires-->MsiExec.exe /I{03D2963E-8DC6-4D31-A920-4B216CDF5DCD} Larousse Médical-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11DA34AE-A565-4659-86BE-11252557783F}\Setup.exe" -l0x40c Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Les Experts - Meurtres à Las Vegas-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}\setup.exe" -l0x40c LimeWire 4.14.10-->"C:\Program Files\LimeWire\uninstall.exe" Livebox-->C:\Program Files\InstallShield Installation Information\{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}\Setup.exe -runfromtemp -l0x040c -removeonly LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Logiciel d'impression photo HP-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Hewlett-Packard\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\Photo Printing\hpiunPC.dll Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL Logitech IM Video Companion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{984F10FD-11FD-4BED-8163-92DB81E6A825}\Setup.exe" -l0x40c UNINSTALL Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA} Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929} MFP USB Driver Installation-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{BEB999AF-F39A-46E1-AA8A-703D76F0BF9E} Micro Application - Brevet des Collèges-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\PackBrevet\Uninst.isu" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft DirectX Transform optional components-->RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12 Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mozilla Firefox (1.5)-->C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (fr)" MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Navigation par onglets (Windows Live Toolbar)-->MsiExec.exe /X{E916E61F-DE9D-4EAF-91E1-CEB50016326A} Navilog1 Version 2.0.9-->"C:\Program Files\Navilog1\uninstall.exe" Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PCI Audio Applications-->C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe PCI Audio Driver-->cmuninst.exe Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.EXE" -uninstall QuickTime-->MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} Rapporteur (Juin 2004)-->"C:\Program Files\Rapporteur\unins000.exe" RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Sagem Wi-Fi 11g USB adapter (utility)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAFD22B6-A6C7-4134-AF4E-080BCBCD3493}\Setup.exe" -l0x40c SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly Samsung Samples Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x40c -removeonly Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe VERITAS RecordNow DX-->MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1} VideoLAN VLC media player 0.8.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8} Votre santé au quotidien-->C:\Program Files\Votre santé au quotidien\Uninstall\Uninstall.exe Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B} Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B} Windows Live Contrôle parental-->MsiExec.exe /X{EB8BAA0D-11EF-4EDC-A960-2AB7CA8F53F0} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A} Windows Live Toolbar-->MsiExec.exe /X{915809D6-1F93-45F2-9699-5F1DA64DC24B} Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Security center information====== AV: Avira AntiVir PersonalEdition System event log Computer Name: SN4970687158 Event Code: 26 Message: Application popup : : Machine Check: Regs Record Number: 82903 Source Name: Application Popup Time Written: 20081112155455.000000+060 Event Type: Informations User: Computer Name: SN4970687158 Event Code: 26 Message: Application popup : : Machine Check: Record Number: 82902 Source Name: Application Popup Time Written: 20081112155455.000000+060 Event Type: Informations User: Computer Name: SN4970687158 Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 82901 Source Name: EventLog Time Written: 20081112155434.000000+060 Event Type: Informations User: Computer Name: SN4970687158 Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free. Record Number: 82900 Source Name: EventLog Time Written: 20081112155434.000000+060 Event Type: Informations User: Computer Name: SN4970687158 Event Code: 6006 Message: Le service d'Enregistrement d'événement a été arrêté. Record Number: 82899 Source Name: EventLog Time Written: 20081111191830.000000+060 Event Type: Informations User: Application event log Computer Name: SN4970687158 Event Code: 0 Message: Record Number: 8361 Source Name: iPod Service Time Written: 20081005140030.000000+120 Event Type: Informations User: Computer Name: SN4970687158 Event Code: 4096 Message: Record Number: 8360 Source Name: Avira AntiVir Time Written: 20081005140014.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: SN4970687158 Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 8359 Source Name: SecurityCenter Time Written: 20081005140011.000000+120 Event Type: Informations User: Computer Name: SN4970687158 Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur SN4970687158\mr bouazziz alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 8358 Source Name: Userenv Time Written: 20081004230319.000000+120 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: SN4970687158 Event Code: 101 Message: msnmsgr (1096) Le moteur de base de données est arrêté. Record Number: 8357 Source Name: ESENT Time Written: 20081004230303.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\FICHIE~1\TVNAVI~1;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0602 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip -----------------EOF-----------------
×
×
  • Créer...