joel25

voila : 2011/05/12 11:00:20.0578 3644 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16 2011/05/12 11:00:21.0000 3644 ================================================================================ 2011/05/12 11:00:21.0000 3644 SystemInfo: 2011/05/12 11:00:21.0000 3644 2011/05/12 11:00:21.0000 3644 OS Version: 5.1.2600 ServicePack: 2.0 2011/05/12 11:00:21.0000 3644 Product type: Workstation 2011/05/12 11:00:21.0000 3644 ComputerName: 1-5603EEKF3ZU1R 2011/05/12 11:00:21.0000 3644 UserName: 1 2011/05/12 11:00:21.0000 3644 Windows directory: C:\WINDOWS 2011/05/12 11:00:21.0000 3644 System windows directory: C:\WINDOWS 2011/05/12 11:00:21.0000 3644 Processor architecture: Intel x86 2011/05/12 11:00:21.0000 3644 Number of processors: 1 2011/05/12 11:00:21.0000 3644 Page size: 0x1000 2011/05/12 11:00:21.0000 3644 Boot type: Normal boot 2011/05/12 11:00:21.0000 3644 ================================================================================ 2011/05/12 11:00:21.0625 3644 Initialize success 2011/05/12 11:00:24.0328 3660 ================================================================================ 2011/05/12 11:00:24.0328 3660 Scan started 2011/05/12 11:00:24.0328 3660 Mode: Manual; 2011/05/12 11:00:24.0328 3660 ================================================================================ 2011/05/12 11:00:26.0984 3660 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/05/12 11:00:27.0078 3660 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/05/12 11:00:27.0281 3660 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2011/05/12 11:00:27.0406 3660 AFD (944ca435bfcfc82cc1ed9e3a7d731aa9) C:\WINDOWS\System32\drivers\afd.sys 2011/05/12 11:00:27.0703 3660 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2011/05/12 11:00:27.0828 3660 AnyDVD (9410a723f054537b3304b30d0680b0ec) C:\WINDOWS\system32\Drivers\AnyDVD.sys 2011/05/12 11:00:28.0078 3660 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/05/12 11:00:28.0203 3660 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/05/12 11:00:28.0312 3660 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/05/12 11:00:28.0406 3660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/05/12 11:00:28.0515 3660 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/05/12 11:00:28.0625 3660 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/05/12 11:00:28.0750 3660 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/05/12 11:00:28.0859 3660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/05/12 11:00:29.0046 3660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/05/12 11:00:29.0171 3660 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/05/12 11:00:29.0281 3660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/05/12 11:00:29.0406 3660 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/05/12 11:00:29.0484 3660 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/05/12 11:00:29.0671 3660 CoachAud (3128276503486bff925e8fa57f1c2776) C:\WINDOWS\system32\DRIVERS\CoachAud.sys 2011/05/12 11:00:29.0765 3660 CoachUsb (601ef78b2511d3ad74449a0d0b3b2262) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys 2011/05/12 11:00:29.0890 3660 CoachVc (1ef03a4109e5ddae1e5212acfe7b85c3) C:\WINDOWS\system32\DRIVERS\CoachVc.sys 2011/05/12 11:00:30.0156 3660 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/05/12 11:00:30.0328 3660 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys 2011/05/12 11:00:30.0484 3660 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys 2011/05/12 11:00:30.0593 3660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/05/12 11:00:30.0671 3660 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/05/12 11:00:30.0890 3660 driverhardwarev2 (207466574b541081d8f3a25564ed020d) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys 2011/05/12 11:00:31.0046 3660 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/05/12 11:00:31.0125 3660 ElbyCDFL (c61c83501268b0110b5c5db7e63dee0c) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys 2011/05/12 11:00:31.0343 3660 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 2011/05/12 11:00:31.0437 3660 ElbyDelay (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys 2011/05/12 11:00:31.0562 3660 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/05/12 11:00:31.0703 3660 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/05/12 11:00:31.0796 3660 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 2011/05/12 11:00:31.0906 3660 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys 2011/05/12 11:00:32.0031 3660 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/05/12 11:00:32.0187 3660 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/05/12 11:00:32.0234 3660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/05/12 11:00:32.0328 3660 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/05/12 11:00:32.0437 3660 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/05/12 11:00:32.0562 3660 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/05/12 11:00:32.0703 3660 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/05/12 11:00:33.0250 3660 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/05/12 11:00:33.0546 3660 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/05/12 11:00:33.0718 3660 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/05/12 11:00:33.0812 3660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/05/12 11:00:33.0906 3660 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/05/12 11:00:34.0015 3660 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/05/12 11:00:34.0078 3660 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/05/12 11:00:34.0187 3660 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/05/12 11:00:34.0296 3660 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/05/12 11:00:34.0390 3660 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/05/12 11:00:34.0453 3660 kbdhid (62dd5eefcec4ef4163f1168d4262a9e4) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/05/12 11:00:34.0687 3660 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 2011/05/12 11:00:34.0750 3660 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/05/12 11:00:34.0937 3660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/05/12 11:00:35.0015 3660 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys 2011/05/12 11:00:35.0062 3660 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/05/12 11:00:35.0125 3660 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/05/12 11:00:35.0218 3660 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/05/12 11:00:35.0343 3660 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/05/12 11:00:35.0468 3660 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/05/12 11:00:35.0562 3660 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/05/12 11:00:35.0671 3660 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/05/12 11:00:35.0734 3660 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/05/12 11:00:35.0796 3660 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/05/12 11:00:35.0906 3660 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/05/12 11:00:35.0984 3660 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/05/12 11:00:36.0078 3660 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/05/12 11:00:36.0203 3660 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/05/12 11:00:36.0296 3660 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/05/12 11:00:36.0390 3660 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/05/12 11:00:36.0453 3660 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/05/12 11:00:36.0531 3660 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/05/12 11:00:36.0656 3660 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/05/12 11:00:36.0750 3660 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/05/12 11:00:36.0843 3660 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/05/12 11:00:36.0968 3660 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/05/12 11:00:37.0109 3660 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/05/12 11:00:37.0218 3660 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/05/12 11:00:37.0359 3660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/05/12 11:00:37.0437 3660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/05/12 11:00:37.0546 3660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/05/12 11:00:37.0671 3660 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/05/12 11:00:37.0750 3660 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/05/12 11:00:37.0875 3660 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/05/12 11:00:37.0968 3660 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\System32\PCANDIS5.SYS 2011/05/12 11:00:38.0218 3660 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/05/12 11:00:38.0359 3660 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/05/12 11:00:38.0687 3660 pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys 2011/05/12 11:00:38.0781 3660 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/05/12 11:00:38.0890 3660 Processor (f480712b761e538bc8e44ede60f3a3c3) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/05/12 11:00:38.0968 3660 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/05/12 11:00:39.0015 3660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/05/12 11:00:39.0093 3660 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/05/12 11:00:39.0250 3660 QCMerced (b607f201293e884f36f9a2ac2c960853) C:\WINDOWS\system32\DRIVERS\LVCM.sys 2011/05/12 11:00:39.0562 3660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/05/12 11:00:39.0640 3660 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/05/12 11:00:39.0765 3660 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/05/12 11:00:39.0828 3660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/05/12 11:00:39.0921 3660 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/05/12 11:00:40.0046 3660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/05/12 11:00:40.0171 3660 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/05/12 11:00:40.0265 3660 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/05/12 11:00:40.0390 3660 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/05/12 11:00:40.0500 3660 RescueDrv (9296228b5d990816883feb5b40a60c90) C:\WINDOWS\system32\Drivers\resc_dwb.sys 2011/05/12 11:00:40.0656 3660 Secdrv (bb6fbebebbd14429021f2851a60d8546) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/05/12 11:00:40.0750 3660 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/05/12 11:00:40.0843 3660 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/05/12 11:00:40.0921 3660 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/05/12 11:00:41.0062 3660 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/05/12 11:00:41.0203 3660 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2011/05/12 11:00:41.0343 3660 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 2011/05/12 11:00:41.0453 3660 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys 2011/05/12 11:00:41.0625 3660 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/05/12 11:00:41.0703 3660 Srv (e03b4ea274c9e509cca7f9f0cec24232) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/05/12 11:00:41.0859 3660 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/05/12 11:00:41.0953 3660 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys 2011/05/12 11:00:42.0031 3660 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/05/12 11:00:42.0109 3660 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/05/12 11:00:42.0218 3660 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/05/12 11:00:42.0437 3660 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/05/12 11:00:42.0531 3660 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/05/12 11:00:42.0687 3660 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/05/12 11:00:42.0781 3660 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/05/12 11:00:42.0875 3660 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/05/12 11:00:43.0031 3660 truecrypt (0f36134bc7897ac0b038b64fa23c4df9) C:\WINDOWS\system32\drivers\truecrypt.sys 2011/05/12 11:00:43.0281 3660 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/05/12 11:00:43.0390 3660 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 2011/05/12 11:00:43.0546 3660 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/05/12 11:00:43.0640 3660 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/05/12 11:00:43.0703 3660 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/05/12 11:00:43.0796 3660 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/05/12 11:00:43.0906 3660 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/05/12 11:00:44.0015 3660 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/05/12 11:00:44.0156 3660 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/05/12 11:00:44.0250 3660 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/05/12 11:00:44.0296 3660 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/05/12 11:00:44.0390 3660 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys 2011/05/12 11:00:44.0453 3660 viagfx (8415d39e3f95e27f5247072c78812c24) C:\WINDOWS\system32\DRIVERS\vtmini.sys 2011/05/12 11:00:44.0562 3660 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/05/12 11:00:44.0671 3660 viamraid (44056e9fee477f512ee58bcfee949621) C:\WINDOWS\system32\DRIVERS\viamraid.sys 2011/05/12 11:00:44.0718 3660 VIAudio (08c5fd340d290e8536413c863ba4f9a6) C:\WINDOWS\system32\drivers\vinyl97.sys 2011/05/12 11:00:44.0812 3660 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/05/12 11:00:44.0953 3660 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/05/12 11:00:45.0078 3660 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/05/12 11:00:45.0437 3660 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/05/12 11:00:45.0640 3660 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2011/05/12 11:00:45.0734 3660 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/05/12 11:00:45.0890 3660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/05/12 11:00:45.0968 3660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/05/12 11:00:46.0109 3660 xusb20 (c1c30732240de36551f438d5412959be) C:\WINDOWS\system32\DRIVERS\xusb20.sys 2011/05/12 11:00:46.0328 3660 ================================================================================ 2011/05/12 11:00:46.0328 3660 Scan finished 2011/05/12 11:00:46.0328 3660 ================================================================================ je fait le dernier et je reposte

re ! voila le premier il a rien trouver ! le second voila le rapport : Fix Navipromo version 4.1.0 commencé le 12/05/2011 10:18:04,62 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! Outil exécuté depuis C:\navilog1 Mise à jour le 20.04.2011 à 09h00 par IL-MAFIOSO Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Sempron Processor 2800+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : 1 ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 10.0.1.58 (Not Activated) C:\ (Local Disk) - NTFS - Total:152 Go (Free:38 Go) D:\ (CD or DVD) Recherche executée en mode normal Nettoyage exécuté au redémarrage de l'ordinateur Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\1\locals~1\Temp effectué ! *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok Certificat Electronic-Group supprimé ! Certificat OOO-Favorit supprimé ! *** Scan terminé 12/05/2011 10:22:05,01 *** je fait le troisiéme aussi ? merci ! joel

bonjour ! voila j'ai suivi les instructions , j'espére que c'est bon voila le rapport : © CJoint.com, 2010 encore merci de la réponse trés rapide ! joel

bonjour! depuis quelques jours j'ai ce message en fermant window :nsAppshell:event window ci-joint mon hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:38:51, on 11/05/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SFR\Media Center\MediaCenter.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\1\Mes documents\HiJackThis.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 1968 bytes merci d'avance pour votre aide ! joel

salut! encore merci je vais prendre le temps de lire tout ça !! joel

re pour sp3 je vais attendre de récupérer un dd externe pour faire mes sauvegardes pour le raccourci je trouve pas, mais c'est pas grave j'utilise en principe que Mozilla en tout cas merci pour ton aide sa fait plaisir que des gens comme toi s'occupe de ceux qui font des bêtises pour zone alarme , je l'avais installer mais j'arrive pas encore à le maitriser ça me bloque tout, je vais bien étudier le problème pour bien m'en servir!! joel

salut! j'ai presque tout installer , il me manque le pare-feu et sp3 j'ai juste un peu peur car quand je demarre l'instal de sp3 il me dit de sauvegarder mes données!! y a t'il des risques pour mes dossiers genre photos perso.... pour Ie8 j'ai pas d'icones que se soit sur le bureau où dans mes programme,normal? bon je te met deja le rapport java: JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Jan 06 16:46:36 2010 Found and removed: C:\Program Files\Java\jre1.5.0_06 Found and removed: C:\Program Files\Java\jre1.5.0_10 Found and removed: C:\Program Files\Java\jre1.5.0_11 Found and removed: C:\Program Files\Java\jre1.6.0_03 Found and removed: C:\Program Files\Java\jre1.6.0_05 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: C:\Documents and Settings\1\Application Data\Sun\Java\jre1.6.0_10 Found and removed: C:\Documents and Settings\1\Application Data\Sun\Java\jre1.6.0_11 Found and removed: C:\Documents and Settings\1\Application Data\Sun\Java\jre1.6.0_13 Found and removed: C:\Documents and Settings\1\Application Data\Sun\Java\jre1.6.0_15 Found and removed: C:\Documents and Settings\1\Application Data\Sun\Java\jre1.6.0_16 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Jan 06 16:47:58 2010 Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: Software\JavaSoft\Java2D\1.5.0_10 Found and removed: Software\JavaSoft\Java2D\1.5.0_11 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaPlugin.150_10 Found and removed: SOFTWARE\Classes\JavaPlugin.150_11 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\JavaPlugin.160_03 Found and removed: SOFTWARE\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11 Found and removed: Software\Classes\JavaPlugin.160_03 Found and removed: Software\Classes\JavaPlugin.160_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05 Found and removed: Software\JavaSoft\Java2D\1.6.0_03 Found and removed: Software\JavaSoft\Java2D\1.6.0_05 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070} ------------------------------------ Finished reporting. merci de ton aide

Logfile of random's system information tool 1.06 (written by random/random) Run by 1 at 2010-01-05 17:16:31 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 21 GB (14%) free of 156 GB Total RAM: 959 MB (56% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:16:56, on 05/01/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\1\Mes documents\RSIT.exe C:\Documents and Settings\1\Mes documents\1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [NoTraceAUTO] "C:\Documents and Settings\1\Mes documents\NoTrace.exe" /Automatique O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/ O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206025881933 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{88729C73-DB8D-4880-B78F-C0A2F3A48A4D}: NameServer = 192.168.1.1 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 9556 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Kodak AiO Scheduled Maintenance.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19C8E43B-07B3-49CB-BFFC-6777B593E6F8}] Download Manager Browser Helper Object - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL [2006-06-27 520192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-23 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-13 325048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5146c40-189a-4311-bda9-fbae3e023187}] Multi_Media toolbar - C:\Program Files\Multi_Media\tbMul1.dll [2007-08-04 1326104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {b5146c40-189a-4311-bda9-fbae3e023187} - Multi_Media toolbar - C:\Program Files\Multi_Media\tbMul1.dll [2007-08-04 1326104] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-09 153136] "TrayServer"=C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe [2007-07-17 90112] "EKIJ5000StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2008-02-15 1052672] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NoTraceAUTO"=C:\Documents and Settings\1\Mes documents\NoTrace.exe [2007-04-22 215040] "AlcoholAutomount"=C:\Program Files\Alcohol 52\axcmd.exe [2007-07-02 219008] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488] "Internet Download Accelerator"=C:\Program Files\IDA\ida.exe -autorun [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-27 3584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\Kyodai Mahjongg 2006\kmj.exe"="C:\Program Files\Kyodai Mahjongg 2006\kmj.exe:*:Enabled:Kyodai Mahjongg" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Fichiers communs\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe"="C:\Program Files\Photo Story 3 for Windows\PhotoStory3.exe:*:Enabled:Photo Story 3 for Windows" "C:\Program Files\Micro Application\Maxi Mah-Jong\Mahjongg.exe"="C:\Program Files\Micro Application\Maxi Mah-Jong\Mahjongg.exe:*:Enabled:Mahjongg" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" ======List of files/folders created in the last 1 months====== 2010-01-05 17:16:30 ----D---- C:\rsit 2010-01-05 16:20:14 ----D---- C:\Program Files\Avira 2010-01-05 16:20:14 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2010-01-05 14:24:02 ----D---- C:\Documents and Settings\1\Application Data\Malwarebytes 2010-01-05 14:23:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-01-05 14:23:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-01-05 14:22:24 ----A---- C:\ComboFix.txt 2010-01-05 13:57:28 ----A---- C:\Boot.bak 2010-01-05 13:57:19 ----RASHD---- C:\cmdcons 2010-01-05 13:55:53 ----A---- C:\WINDOWS\zip.exe 2010-01-05 13:55:53 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-01-05 13:55:53 ----A---- C:\WINDOWS\SWSC.exe 2010-01-05 13:55:53 ----A---- C:\WINDOWS\SWREG.exe 2010-01-05 13:55:53 ----A---- C:\WINDOWS\sed.exe 2010-01-05 13:55:53 ----A---- C:\WINDOWS\PEV.exe 2010-01-05 13:55:53 ----A---- C:\WINDOWS\NIRCMD.exe 2010-01-05 13:55:53 ----A---- C:\WINDOWS\MBR.exe 2010-01-05 13:55:53 ----A---- C:\WINDOWS\grep.exe 2010-01-05 13:55:35 ----D---- C:\WINDOWS\ERDNT 2010-01-05 13:53:34 ----D---- C:\Qoobox 2010-01-03 10:34:30 ----D---- C:\Documents and Settings\1\Application Data\HouseCall 6.6 2010-01-02 23:03:07 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini 2009-12-17 18:57:33 ----D---- C:\Program Files\ScreenMates ======List of files/folders modified in the last 1 months====== 2010-01-05 17:14:24 ----D---- C:\Program Files\Mozilla Firefox 2010-01-05 16:41:33 ----D---- C:\WINDOWS\Temp 2010-01-05 16:41:30 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-05 16:41:24 ----D---- C:\WINDOWS 2010-01-05 16:40:10 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-05 16:20:24 ----HD---- C:\WINDOWS\inf 2010-01-05 16:20:24 ----D---- C:\WINDOWS\system32\drivers 2010-01-05 16:20:14 ----RD---- C:\Program Files 2010-01-05 16:19:44 ----D---- C:\WINDOWS\WinSxS 2010-01-05 16:19:42 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2010-01-05 16:19:41 ----SHD---- C:\WINDOWS\Installer 2010-01-05 16:14:53 ----D---- C:\Documents and Settings\1\Application Data\vlc 2010-01-05 16:10:02 ----D---- C:\WINDOWS\system32 2010-01-05 15:29:54 ----SHD---- C:\System Volume Information 2010-01-05 15:29:54 ----D---- C:\WINDOWS\system32\Restore 2010-01-05 15:17:57 ----HDC---- C:\WINDOWS\$NtUninstallQ331953$ 2010-01-05 14:21:10 ----SD---- C:\WINDOWS\Tasks 2010-01-05 14:16:12 ----A---- C:\WINDOWS\system.ini 2010-01-05 14:14:39 ----D---- C:\WINDOWS\system32\config 2010-01-05 14:12:12 ----D---- C:\WINDOWS\AppPatch 2010-01-05 14:12:10 ----D---- C:\Program Files\Fichiers communs 2010-01-05 14:08:04 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-05 13:57:28 ----RASH---- C:\boot.ini 2010-01-05 10:05:15 ----D---- C:\WINDOWS\Prefetch 2010-01-01 13:22:28 ----D---- C:\Program Files\eMule 2009-12-17 16:41:41 ----D---- C:\Documents and Settings\1\Application Data\dvdcss ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-01-05 28520] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-26 5632] R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2007-05-03 188672] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-05 56816] R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2009-01-09 71184] R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-08-02 19200] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392] R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-05-01 9856] R3 QCMerced;Logitech QuickCam Messenger; C:\WINDOWS\System32\DRIVERS\LVCM.sys [2003-06-27 472332] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480] R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-10-07 174592] R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-08-03 202112] S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] S3 CamAv;SAMSUNG Video Capture; C:\WINDOWS\System32\Drivers\CamAv.sys [] S3 CAMFLT;%CAMFLT.SvcDesc%; C:\WINDOWS\system32\drivers\CAMFLT.sys [] S3 catchme;catchme; \??\C:\joel25\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 cdspacex;cdspacex; C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys [] S3 CoachAud;Coach Audio; C:\WINDOWS\system32\DRIVERS\CoachAud.sys [2004-11-24 10368] S3 CoachUsb;Coach Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 50976] S3 CoachVc;Coach Video Capture; C:\WINDOWS\system32\DRIVERS\CoachVc.sys [2004-11-24 44256] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [] S3 ids00026;ids00026; \??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [] S3 ids0005c;ids0005c; \??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys [] S3 ids00102;ids00102; \??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00102.sys [] S3 klstm;klstm; \??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS [] S3 RescueDrv;Inventel Access Point USB Rescue Driver; C:\WINDOWS\System32\Drivers\resc_dwb.sys [2003-04-24 74828] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 TSP;TSP; \??\C:\WINDOWS\system32\Drivers\klif.sys [] S3 TwoRabts;Two Rabbits Live Bus; C:\WINDOWS\system32\DRIVERS\TwoRabts.sys [] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-08-07 685816] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-01-05 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-01-05 185089] R2 EFUploadSrv;ExtraFilm upload service; C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe [2008-11-27 1712128] R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe [2002-01-30 77824] R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-12-14 61440] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [2009-01-13 918792] R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-06-14 576680] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824] S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [2009-01-13 1021192] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-20 14336] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-01-05 17:16:58 ======Uninstall list====== -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf -->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer' 30+ Free Patience-->C:\Program Files\30+ Free Patience\uninstall.exe ACDSee for PENTAX 2.0-->MsiExec.exe /I{D8320DD6-FE47-41DE-B116-4158B7AE3F37} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log aiofw-->MsiExec.exe /I{791E3D44-33D3-4446-82AD-5CD4B0169083} aioocr-->MsiExec.exe /I{3BED0238-3A25-41AE-BC23-316914B5B048} aioprnt-->MsiExec.exe /I{2A97D5B3-A989-47E1-B207-1CA9E3635655} aioscnnr-->MsiExec.exe /I{C0251585-1BE8-4278-B3CB-964B6E01C59D} AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD" Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ArcSoft MediaConverter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5BD1F9C-8BBA-410E-837D-94D523269F8F}\SETUP.EXE" -l0x40c Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe" center-->MsiExec.exe /I{79E41D91-BA1C-44B9-9358-48E598263ECF} CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD" CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" CyberGestion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C964A549-C74A-11D3-B88A-00A0C9379093}\setup.exe" Dual Mode Digital Camera Z-->C:\Program Files\InstallShield Installation Information\{3C516E56-0B4B-4BDE-88A2-035B4D170A26}\setup.exe -runfromtemp -l0x040c -removeonly DVD Decrypter 3.5.4.0 Fr-->C:\Program Files\DVD Decrypter\UnInstall_DVDdecrypt.exe DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly EasyRecovery Professional-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1036 eMule-->"C:\Program Files\eMule\Uninstall.exe" EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Extrafilm Designer FR-->C:\Program Files\Extrafilm Designer FR\Uninstall.exe ExtraFilm FotoFacil-->C:\Program Files\ExtraFilm FotoFacil\Uninstall.exe Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\instslct.exe /p Front Page Sports: Trophy Rivers-->C:\WINDOWS\IsUninst.exe -fC:\SIERRA\TRivers\Uninst.isu Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1} Gekko Mahjongg-->C:\PROGRA~1\MICROA~1\MAXIMA~1\Data\System\Unwise32.exe C:\PROGRA~1\MICROA~1\MAXIMA~1\Data\System\Install.log Help_CTR-->MsiExec.exe /I{0996C331-6DCB-4E38-A3EC-0A77ABAE1361} helptut-->MsiExec.exe /I{843081BD-351F-46FC-8A17-517A0D9117A3} helpug-->MsiExec.exe /I{DC626A21-EDF1-40C7-8F2F-D2BA7535529F} HijackThis 2.0.2-->"C:\Documents and Settings\1\Mes documents\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HouseCall 6.6-->"C:\Documents and Settings\1\Application Data\HouseCall 6.6\uninstaller.exe" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} K-Lite Codec Pack 2.32 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" ksdip-->MsiExec.exe /I{73F1681F-ADE1-461F-9F18-B7640507D395} Kyodai Mahjongg 2006 v1.21-->"C:\Program Files\Kyodai Mahjongg 2006\unins000.exe" Logiciel pour imprimante multifonction KODAK-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_baf07\Setup.exe /APR-REMOVE Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG Logitech QuickCam-->MsiExec.exe /I{26AA53D5-1307-48F9-A80F-A4D25F5849D4} Ma-Config.com-->MsiExec.exe /X{B312D12A-0320-4462-B6F7-C9B69EB3DB5C} MAGIX Video deluxe 2008 Trial 7.0.3.0 (F)-->C:\Program Files\MAGIX\Video_deluxe_2008_e-version\instslct.exe /p Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" mes données 1.0.0.7-->C:\Program Files\mes données\uninst.exe Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Moorhuhn 2 V1.1-->C:\WINDOWS\IsUn0407.exe -f"C:\Program Files\Phenomedia AG\Moorhuhn 2\Uninst.isu" Moorhuhn 3 DL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF895069-BD9A-11D5-986D-00500443CF9F}\Setup.exe" -l0x7 Moorhuhn Invasion Vollversion-->C:\PROGRA~1\PHENOM~1\MOORHU~3\UNWISE.EXE C:\PROGRA~1\PHENOM~1\MOORHU~3\INSTALL.LOG Moorhuhn Piraten - Demo-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A22B3BA-E751-4F37-8ACB-C34B81FFABAA}\Setup.exe" -l0x7 Moorhuhn Soccer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59DC43FF-8F26-40B2-A566-C69C9457BF7D}\setup.exe" -l0x7 MOORHUHN WANTED XXL-->c:\games\MOORHUHN WANTED XXL\Uninstal.exe Moorhuhn Wanted XXL-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A116D023-A3BC-4C70-A8B8-9FE77850F0D9}\Setup.exe" -l0x7 DUIM Moorhuhn Winter-Edition-->C:\WINDOWS\IsUn0407.exe -f"C:\Program Files\Phenomedia AG\Moorhuhn Winter-Edition\Uninst.isu" Moorhuhn X - XS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21BBAD12-C75F-4F06-A9B0-6F8BEEAF3846}\Setup.exe" -l0x7 -UNINST Moorhuhn X - XXL-->C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\Moorhuhn X - XXL\UNINSTAL.DAT Moorhuhnjagd-->C:\WINDOWS\IsUn0407.exe -f"C:\Program Files\Phenomedia\Moorhuhnjagd\Uninst.isu" Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} Multi Media Toolbar-->C:\PROGRA~1\MULTI_~1\UNWISE.EXE C:\PROGRA~1\MULTI_~1\INSTALL.LOG Multimedia Keyboard & Mouse Driver-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{F36AE663-540B-474C-9702-34B533B5EFD0} /l1033 Nero 7 Essentials-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1} OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} Outil de connexion Wanadoo-->C:\PROGRA~1\Wanadoo\MessageDesinstallation.exe Wanadoo Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PC Inspector smart recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9A87D86-FDFD-418B-BF96-EF09320973B3}\Setup.exe" -l0x40c PerfectDisk 10 Professional-->MsiExec.exe /I{7B738CD9-D107-48C7-8E65-2E6639A39C8D} PhotoBox 3.2.5-->"C:\Program Files\PhotoBox\uninstall.exe" Photorécit 3 pour Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E} Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe" PMP DV-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF68A865-76E3-4F34-ADD3-B38EFA5E6E62}\Setup.exe" PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall PPTminimizer-->"C:\Program Files\PPTminimizer\unins000.exe" QuickTime 3.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Registry Mechanic 6.0-->"C:\Program Files\Registry Mechanic\unins000.exe" RocketDock 1.3.0-->"C:\Program Files\RocketDock\unins000.exe" S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display' S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2' S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2' S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay' S3 S3TrayPlus-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus' Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Outlook 2007 (KB946983)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe SoftPepper Video Converter 2.0-->C:\Program Files\SoftPepper Video Converter 2.0\uninst.exe Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u C:\Program Files\TrueCrypt\ UniChrome Pro IGP Display Driver and Utilities-->C:\PROGRA~1\S3Inc\S3\s3setvga.exe -s -fC:\PROGRA~1\S3Inc\S3\S3.uns Update for Office 2007 (KB934391)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb955433)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D9806966-6AA1-4B55-9528-6748E37CEE86} VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA Vinyl Audio Codecs Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu" Virtual Magnifying Glass-->"C:\Program Files\Virtual Magnifying Glass\uninstall.exe" VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe WebCam for MSN Messenger-->Rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 128 C:\WINDOWS\INF\Athena.inf Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe Winkaa 1.0 1.0-->"C:\Program Files\Emoticons-plus.com\Winkaa 1.0\uninstall.exe" ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: 1-5603EEKF3ZU1R Event Code: 7036 Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution. Record Number: 6858 Source Name: Service Control Manager Time Written: 20091117082528.000000+060 Event Type: Informations User: Computer Name: 1-5603EEKF3ZU1R Event Code: 7036 Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté. Record Number: 6857 Source Name: Service Control Manager Time Written: 20091117082528.000000+060 Event Type: Informations User: Computer Name: 1-5603EEKF3ZU1R Event Code: 7036 Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution. Record Number: 6856 Source Name: Service Control Manager Time Written: 20091117082527.000000+060 Event Type: Informations User: Computer Name: 1-5603EEKF3ZU1R Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application. Record Number: 6855 Source Name: Service Control Manager Time Written: 20091117082527.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: 1-5603EEKF3ZU1R Event Code: 7036 Message: Le service PDEngine est entré dans l'état : en cours d'exécution. Record Number: 6854 Source Name: Service Control Manager Time Written: 20091117082525.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: 1-5603EEKF3ZU1R Event Code: 1104 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Completed all work. Shutting down. Record Number: 8631 Source Name: .NET Runtime Optimization Service Time Written: 20090322225652.000000+060 Event Type: Informations User: Computer Name: 1-5603EEKF3ZU1R Event Code: 1102 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 8630 Source Name: .NET Runtime Optimization Service Time Written: 20090322225652.000000+060 Event Type: User: Computer Name: 1-5603EEKF3ZU1R Event Code: 1100 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 8629 Source Name: .NET Runtime Optimization Service Time Written: 20090322225652.000000+060 Event Type: Informations User: Computer Name: 1-5603EEKF3ZU1R Event Code: 1102 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 8628 Source Name: .NET Runtime Optimization Service Time Written: 20090322225652.000000+060 Event Type: User: Computer Name: 1-5603EEKF3ZU1R Event Code: 1100 Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Began compiling: System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Record Number: 8627 Source Name: .NET Runtime Optimization Service Time Written: 20090322225652.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\PROGRA~1\MICROS~2\Office;C:\Program Files\Fichiers communs\GTK\2.0\bin;;C:\PROGRA~1\DISKEE~1\DISKEE~1;C:\Program Files\Samsung\Samsung PC Studio 3 "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2c02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "KDS_LANGUAGE"=5 -----------------EOF----------------- voila c'est fait ! au fait j'ai remis antivir est maintenant il marche ! joel

voila le rapport de MBAM: Malwarebytes' Anti-Malware 1.43 Version de la base de données: 3495 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 05/01/2010 15:16:37 mbam-log-2010-01-05 (15-16-37).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 216231 Temps écoulé: 49 minute(s), 53 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\1\Mes documents\telechargements\registrydoktor-v05fr.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTwqgodovyqm.sys.vir (Malware.Packer) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully. je met celui de combofix dans le message suivant ! joel ComboFix 10-01-04.01 - 1 05/01/2010 14:08:00.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.959.593 [GMT 1:00] Lancé depuis: c:\documents and settings\1\Bureau\joel25.exe . ADS - svchost.exe: deleted 228 bytes in 1 streams. ADS - ntoskrnl.exe: deleted 228 bytes in 1 streams. ADS - explorer.exe: deleted 228 bytes in 1 streams. ADS - win32k.sys: deleted 228 bytes in 1 streams. ADS - netcfgx.dll: deleted 228 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\H8SRTwqgodovyqm.sys c:\windows\system32\H8SRTbiqxolcvjn.dll c:\windows\system32\H8SRTkktemoqxyu.dll c:\windows\system32\H8SRTqsiorbvxub.dll c:\windows\system32\H8SRTrqtepxmkha.dat c:\windows\system32\srcr.dat c:\windows\unins000.dat c:\windows\unins000.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_H8SRTd.sys -------\Legacy_H8SRTd.sys -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2009-12-05 au 2010-01-05 )))))))))))))))))))))))))))))))))))) . 2010-01-04 16:30 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-01-04 16:30 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-01-04 16:30 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-01-04 16:30 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-01-04 16:30 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-01-04 16:30 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-01-04 16:30 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-01-04 16:30 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr 2010-01-04 16:30 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe 2010-01-03 09:35 . 2008-03-30 18:55 1213784 ----a-w- c:\documents and settings\1\Application Data\HouseCall 6.6\vsapi32.dll 2010-01-03 09:35 . 2006-11-22 16:48 91744 ----a-w- c:\documents and settings\1\Application Data\HouseCall 6.6\BPMNT.dll 2010-01-03 09:35 . 2007-12-24 16:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2010-01-03 09:35 . 2007-12-24 16:37 138384 ----a-w- c:\documents and settings\1\Application Data\HouseCall 6.6\tmcomm.sys 2010-01-03 09:35 . 2006-07-07 15:29 1197584 ----a-w- c:\documents and settings\1\Application Data\HouseCall 6.6\ssapi32.dll 2010-01-03 09:35 . 2009-03-27 16:38 366344 ----a-w- c:\documents and settings\1\Application Data\HouseCall 6.6\tsc.exe 2010-01-03 09:35 . 2010-01-03 09:35 116048 ----a-w- c:\documents and settings\1\Application Data\HouseCall 6.6\TmEngDrv.dll 2010-01-02 22:08 . 2010-01-05 09:01 880 ----a-w- c:\windows\system32\krl32mainweq.dll 2009-12-26 08:53 . 2009-08-25 17:01 28672 ----a-w- c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\evv2y5o6.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll 2009-12-17 17:57 . 2009-12-17 17:57 -------- d-----w- c:\program files\ScreenMates . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-03 10:48 . 2010-01-03 09:34 -------- d-----w- c:\documents and settings\1\Application Data\HouseCall 6.6 2010-01-02 21:02 . 2009-11-03 09:39 -------- d-----w- c:\documents and settings\1\Application Data\vlc 2010-01-01 12:22 . 2006-01-07 09:40 -------- d-----w- c:\program files\eMule 2009-12-17 15:41 . 2006-10-23 15:27 -------- d-----w- c:\documents and settings\1\Application Data\dvdcss 2009-11-27 07:42 . 2009-03-22 21:03 -------- d-----w- c:\program files\Microsoft Silverlight 2009-11-26 16:49 . 2007-06-14 20:29 -------- d-----w- c:\program files\Windows Live 2009-11-26 16:47 . 2009-03-22 20:54 -------- d-----w- c:\program files\Microsoft 2009-11-24 06:53 . 2006-04-14 16:51 -------- d-----w- c:\program files\Java 2009-11-24 06:53 . 2009-11-24 06:53 152576 ----a-w- c:\documents and settings\1\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-24 06:53 . 2009-11-24 06:53 79488 ----a-w- c:\documents and settings\1\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-12 10:30 . 2009-11-10 14:50 -------- d-----w- c:\program files\IDA 2009-11-11 07:38 . 2009-11-10 14:51 -------- d-----w- c:\documents and settings\1\Application Data\Internet Download Accelerator 2009-10-25 07:20 . 2001-08-28 14:00 72126 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-25 07:20 . 2001-08-28 14:00 460986 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-22 05:00 . 2009-10-22 05:00 152576 ----a-w- c:\documents and settings\1\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-10-11 03:17 . 2008-11-24 19:14 411368 ----a-w- c:\windows\system32\deploytk.dll 2006-04-24 18:43 . 2006-01-01 13:38 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe 2006-12-17 14:30 . 2006-12-17 14:26 26912 --sha-w- c:\windows\fidbox.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NoTraceAUTO"="c:\documents and settings\1\Mes documents\NoTrace.exe" [2007-04-22 215040] "AlcoholAutomount"="c:\program files\Alcohol 52\axcmd.exe" [2007-07-02 219008] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "TrayServer"="c:\program files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 90112] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-29 110592] EPSON Status Monitor 3 Environment Check.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [1999-10-22 217600] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-4-1 67128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"= "c:\\Program Files\\Micro Application\\Maxi Mah-Jong\\Mahjongg.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/01/2010 17:30 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/01/2010 17:30 20560] R2 EFUploadSrv;ExtraFilm upload service;c:\program files\Extrafilm Designer FR\EFUploadSrv.exe [27/11/2008 15:17 1712128] S3 cdspacex;cdspacex;c:\windows\system32\DRIVERS\CDSPACEX.sys --> c:\windows\system32\DRIVERS\CDSPACEX.sys [?] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [09/06/2008 20:30 1527900] S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [?] S3 ids0005c;ids0005c;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys [?] S3 ids00102;ids00102;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00102.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00102.sys [?] S3 klstm;klstm;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [14/06/2008 09:13 576680] S3 RescueDrv;Inventel Access Point USB Rescue Driver;c:\windows\system32\drivers\RESC_DWB.SYS [24/04/2003 11:03 74828] S3 TwoRabts;Two Rabbits Live Bus;c:\windows\system32\DRIVERS\TwoRabts.sys --> c:\windows\system32\DRIVERS\TwoRabts.sys [?] S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [12/03/2008 08:42 50048] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07/08/2007 19:47 685816] . Contenu du dossier 'Tâches planifiées' 2010-01-02 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job - c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2008-02-28 16:57] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wanadoo.fr uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = localhost uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download ALL with IDA IE: Download with IDA IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: { - c:\program files\Messenger\msmsgs.exe TCP: {88729C73-DB8D-4880-B78F-C0A2F3A48A4D} = 192.168.1.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe FF - ProfilePath - c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\evv2y5o6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr FF - component: c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\evv2y5o6.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll FF - plugin: c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\evv2y5o6.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Fichiers communs\mpDRM\NPMPDRM.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file) HKCU-Run-Internet Download Accelerator - c:\program files\IDA\ida.exe AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-05 14:16 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1078081533-329068152-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5DE6991-0B8F-375A-3805-903DD45C1DB3}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\mpDRM\LicenseStore*] @DACL= . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3544) c:\progra~1\Wanadoo\SEARCH~1.DLL c:\program files\Multi_Media\tbMul1.dll c:\windows\System32\msls31.dll c:\windows\System32\shdoclc.dll c:\windows\System32\msimtf.dll c:\windows\System32\MSCTF.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\mes données\OSE.dll c:\program files\mes données\MOSAIC.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe c:\windows\System32\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Raxco\PerfectDisk10\PDAgent.exe c:\program files\Alcohol 52\StarWind\StarWindServiceAE.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\windows\system32\wscntfy.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Heure de fin: 2010-01-05 14:22:23 - La machine a redémarré ComboFix-quarantined-files.txt 2010-01-05 13:22 Avant-CF: 22 520 487 936 octets libres Après-CF: 22 596 874 240 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn - - End Of File - - 4205340D4B2185EB4612E74E497528B1 voila j'attends la suite ! merci de ton aide joel

voila! GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-05 13:21:09 Windows 5.1.2600 Service Pack 2 Running: s4zlyt9y.exe; Driver: C:\DOCUME~1\1\LOCALS~1\Temp\fwxyapod.sys ---- System - GMER 1.0.15 ---- Code 85DAB1B8 ZwEnumerateKey Code 85DAB350 ZwFlushInstructionCache Code 85DA99AE IofCallDriver Code 85DA8A3E IofCompleteRequest ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 861D01E8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \Driver\NetBT \Device\NetBT_Tcpip_{88729C73-DB8D-4880-B78F-C0A2F3A48A4D} 85DC7688 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbuhci \Device\USBPDO-0 85F311E8 Device \Driver\usbuhci \Device\USBPDO-1 85F311E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 861D21E8 Device \Driver\dmio \Device\DmControl\DmConfig 861D21E8 Device \Driver\dmio \Device\DmControl\DmPnP 861D21E8 Device \Driver\dmio \Device\DmControl\DmInfo 861D21E8 Device \Driver\usbuhci \Device\USBPDO-2 85F311E8 Device \Driver\usbuhci \Device\USBPDO-3 85F311E8 Device \Driver\usbehci \Device\USBPDO-4 85F021E8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device ACPI.sys (Pilote ACPI pour NT/Microsoft Corporation) Device \Driver\Ftdisk \Device\HarddiskVolume1 861681E8 Device \Driver\atapi \Device\Ide\IdePort0 861671E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 861671E8 Device \Driver\atapi \Device\Ide\IdePort1 861671E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 861671E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 85DC7688 Device \Driver\PCI_NTPNP8090 \Device\0000004a sptd.sys Device \Driver\PCI_NTPNP8090 \Device\0000004a sptd.sys Device \Driver\NetBT \Device\NetbiosSmb 85DC7688 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\usbuhci \Device\USBFDO-0 85F311E8 Device \Driver\usbuhci \Device\USBFDO-1 85F311E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85A671E8 Device \Driver\usbuhci \Device\USBFDO-2 85F311E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 85A671E8 Device \Driver\usbuhci \Device\USBFDO-3 85F311E8 Device \Driver\usbehci \Device\USBFDO-4 85F021E8 Device \Driver\Ftdisk \Device\FtControl 861681E8 Device \Driver\a7w6gk3y \Device\Scsi\a7w6gk3y1 85EF31E8 Device \Driver\viamraid \Device\Scsi\viamraid1 861D11E8 Device \Driver\a7w6gk3y \Device\Scsi\a7w6gk3y1Port3Path0Target0Lun0 85EF31E8 Device \FileSystem\Cdfs \Cdfs 85D9A1E8 ---- Modules - GMER 1.0.15 ---- Module \systemroot\system32\drivers\H8SRTwqgodovyqm.sys (*** hidden *** ) F4740000-F475D000 (118784 bytes) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [564] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTkktemoqxyu.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [564] 0x00BF0000 Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [796] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [948] 0x00C30000 Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1088] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1172] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1224] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1272] 0x10000000 Library \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1588] 0x10000000 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\H8SRTwqgodovyqm.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTwqgodovyqm.sys Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTwqgodovyqm.sys Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTqsiorbvxub.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTrqtepxmkha.dat Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTkktemoqxyu.dll Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7C 0xBD 0x79 0x17 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2E 0x4D 0x79 0x01 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x98 0xFE 0x88 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTwqgodovyqm.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTwqgodovyqm.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTqsiorbvxub.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTrqtepxmkha.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTbiqxolcvjn.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTkktemoqxyu.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7C 0xBD 0x79 0x17 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2E 0x4D 0x79 0x01 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x98 0xFE 0x88 0x1B ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5DE6991-0B8F-375A-3805-903DD45C1DB3} ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\1\Local Settings\Temp\H8SRT74de.tmp 471664 bytes executable File C:\Documents and Settings\1\Local Settings\Temp\H8SRTd6cf.tmp 343040 bytes executable File C:\Documents and Settings\1\Local Settings\Temp\h8srtmainqt.dll 16474 bytes ---- EOF - GMER 1.0.15 ----

bonjour! tout d'abord je vous souhaite tous mes voeux pour 2010 ! voila je pense avoir un bestiole sur mon ordi qui m'enpeche de m'en servir correctement . je poste le rapport: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55:27, on 05/01/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe C:\Documents and Settings\1\Mes documents\HiJackThis.exe C:\Program Files\Internet Explorer\Iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [NoTraceAUTO] "C:\Documents and Settings\1\Mes documents\NoTrace.exe" /Automatique O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/ O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206025881933 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{88729C73-DB8D-4880-B78F-C0A2F3A48A4D}: NameServer = 192.168.1.1 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 9870 bytes merci d'avance de votre aide ! joel

encore merci pour ton aide je vais bien prendre le temps de lire tous tes conseils pour la sécurité de mon ordi pour revenir le plus tard possible demander de l'aide merci aussi à tous ceux qui aide les pôvres gars comme moi A+ joel25 oups : comment qu'on fait pour mettre résolu

re ! voila je pense avoir tout fait bon dans le doute voila mon dernier hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:37:24, on 22/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [NoTraceAUTO] "C:\Documents and Settings\1\Mes documents\NoTrace.exe" /Automatique O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Contrôle en arrière-plan.lnk = C:\Program Files\Fichiers communs\EPSON\EBAPI\Stms.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136588082328 O17 - HKLM\System\CCS\Services\Tcpip\..\{88729C73-DB8D-4880-B78F-C0A2F3A48A4D}: NameServer = 192.168.1.1 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 6594 bytes en ce qui concerne le parefeu , bin quand je fait un teste sur zebulon il me dit que je suis bien proteger "Félicitation ! Votre sécurité semble optimale ! La totalité des ports TCP testés sont masqués, votre ordinateur ne donne donc aucune réponse aux tests de ports effectués. Votre machine est donc invisible aux yeux de pirates potentiels. " alors faut-il vraimment mettre un autre firewall ? en tout cas merci pour ton aide joel25

salut apollo.01 ! me revoila ! j'ai commencer les manoeuvres , mais je suis sur le dossier boonty shared , tu me dit de suprimer le dossier ecrit en gras mais sur l'ordi il est ecrit normalement !! doit-je le supprimer quand meme ? quand j'ouvre le sous-dossier service il y a dedans boonty.exe !! au fait je peut aussi enlever sans risque, les lignes 015 de canalplay , car je ne l'utilise pas ce programme !! merci ! A+ joel25

re ! ok je ferai tout ça demain car je doit partir bosser merci de ton aide rapide et précieuse !! A+ joel25

re apollo.01 ! merci de ta rapidité voila le rapport : Clean Navipromo version 3.3.6 commencé le 21/11/2007 à 20:56:40,57 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Mode suppression automatique *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans C:\WINDOWS\System32 * * Suppression dans C:\DOCUME~1\1\LOCALS~1\APPLIC~1 * *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\1\Application Data *** *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Suppression fichiers *** C:\WINDOWS\system32\nvs2.inf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\1\Local Settings\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche, création sauvegardes et suppression Heuristique : C:\DOCUME~1\1\LOCALS~1\APPLIC~1\abzmodb.dat trouvé ! Copie C:\DOCUME~1\1\LOCALS~1\APPLIC~1\abzmodb.dat réalisé avec succès ! C:\DOCUME~1\1\LOCALS~1\APPLIC~1\abzmodb.dat supprimé ! C:\DOCUME~1\1\LOCALS~1\APPLIC~1\abzmodb_nav.dat trouvé ! Copie C:\DOCUME~1\1\LOCALS~1\APPLIC~1\abzmodb_nav.dat réalisé avec succès ! C:\DOCUME~1\1\LOCALS~1\APPLIC~1\abzmodb_nav.dat supprimé ! C:\DOCUME~1\1\LOCALS~1\APPLIC~1\abzmodb_navps.dat trouvé ! Copie C:\DOCUME~1\1\LOCALS~1\APPLIC~1\abzmodb_navps.dat réalisé avec succès ! C:\DOCUME~1\1\LOCALS~1\APPLIC~1\abzmodb_navps.dat supprimé ! *** Sauvegarde du Registre vers dossier Backupnavi *** sauvegarde du Registre réalisé avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! *** Nettoyage terminé le 21/11/2007 à 20:58:28,35 *** je met aussi le nouveau hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:01:00, on 21/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\notepad.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\RocketDock\RocketDock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [NoTraceAUTO] "C:\Documents and Settings\1\Mes documents\NoTrace.exe" /Automatique O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Contrôle en arrière-plan.lnk = C:\Program Files\Fichiers communs\EPSON\EBAPI\Stms.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/ O15 - Trusted Zone: *.canalplay.com O15 - Trusted Zone: *.canalplusactive.com O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://clubmoucheephemeradanica.spaces.liv...ad/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136588082328 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://www.bobtv.fr/download/cfweb_www.bob..._instmodule.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{88729C73-DB8D-4880-B78F-C0A2F3A48A4D}: NameServer = 192.168.1.1 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 8016 bytes voilà ! joel25

salut Apollo.01 ! voilà le rapport : Search Navipromo version 3.3.6 commencé le 21/11/2007 à 20:43:07,35 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 *** Recherche Programmes installés *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\1\Application Data *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun fichier trouvé dans : - C:\WINDOWS\system32 - C:\DOCUME~1\1\LOCALS~1\APPLIC~1 *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\WINDOWS\system32 * * Recherche dans C:\DOCUME~1\1\LOCALS~1\APPLIC~1 * *** Recherche fichiers *** C:\WINDOWS\system32\nvs2.inf trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : C:\DOCUME~1\1\LOCALS~1\APPLIC~1\abzmodb.dat trouvé ! C:\DOCUME~1\1\LOCALS~1\APPLIC~1\abzmodb_nav.dat trouvé ! 3)Recherche Certificats : Certificat Egroup trouvé ! *** Analyse terminée le 21/11/2007 à 20:43:34,21 *** j'attends la suite ! joel25

salut zonk ! depuis le scan d'antivir apparament plus de probleme de pub !! il a trouver ça : TR/Pakes.bpo que j'ai suprimer ! voilà ! joel25

bin ça va je commence à comprendre , c'est exactement ce que j'ai fait ensuite j'ai fait un scan en mode sans echec et voila le nouveau rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:21:45, on 21/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RocketDock\RocketDock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [NoTraceAUTO] "C:\Documents and Settings\1\Mes documents\NoTrace.exe" /Automatique O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [abzmodb] c:\documents and settings\1\local settings\application data\abzmodb.exe abzmodb O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Contrôle en arrière-plan.lnk = C:\Program Files\Fichiers communs\EPSON\EBAPI\Stms.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/ O15 - Trusted Zone: *.canalplay.com O15 - Trusted Zone: *.canalplusactive.com O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://clubmoucheephemeradanica.spaces.liv...ad/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136588082328 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://www.bobtv.fr/download/cfweb_www.bob..._instmodule.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{88729C73-DB8D-4880-B78F-C0A2F3A48A4D}: NameServer = 192.168.1.1 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 8022 bytes c'est bon ou bien !! joel25

salut zonk ! oui je suis sous un routeur livebox et le parefeu de windows et activé ! je suis en train d'installer antivir ! joel25

bonjour ! et oui je revient encore une fois car les pubs sont revenues ! je suis pas seul a utiliser mon ordi , alos si je pouvais avoir un indice sur les programmes ou les sites qu'il faut pas installer pour eviter de revenir vous demandez de l'aide à chaque fois , je vous remerci d'avance ! voila le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:19:32, on 21/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\RocketDock\RocketDock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [NoTraceAUTO] "C:\Documents and Settings\1\Mes documents\NoTrace.exe" /Automatique O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: EPSON Contrôle en arrière-plan.lnk = C:\Program Files\Fichiers communs\EPSON\EBAPI\Stms.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/ O15 - Trusted Zone: *.canalplay.com O15 - Trusted Zone: *.canalplusactive.com O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://clubmoucheephemeradanica.spaces.liv...ad/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136588082328 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://www.bobtv.fr/download/cfweb_www.bob..._instmodule.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{88729C73-DB8D-4880-B78F-C0A2F3A48A4D}: NameServer = 192.168.1.1 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 8060 bytes ps: j'ai deja fait une analyse avec antivir en mode sans echec avant de poster mon rapport ! merci joel25 !

salut ! styx si c'est important pour toi je le ferai mais pas avant la semaine prochaine ! voila ! a bientot ! joel

salut styx ! comme je te l'ai dit ce n'est pas mon ordi et là je suis pas chez le pôte ! mais hiers aprés avoir fait la manip avec genproc ! tout marche normalement les pages sur le net s'affichent super vite !!! alors voila ma question est-ce necessaire de faire les manips ? si oui je pense les faire que demain ! j'attends ta réponse ! merci pour ton aide

salut! me revoila ! je poste le rapport : Rapport GenProc 0.72 [1] effectué le 01/10/2007 à 17:26:11,31 - SystemRoot = C:\WINDOWS Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout. # Etape 1/ Télécharge : - FixWareout d'un de ces deux sites sur le bureau: http://downloads.subratam.org/Fixwareout.exe http://swandog46.geekstogo.com/Fixwareout.exe Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish. Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal. Quand ton système aura redémarré, suis les invites des messages. A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC. # Etape 2/ Lance CCleaner > "Nettoyeur" > "Lancer le nettoyage" et c'est tout. # Etape 3/ Poste le contenu du fichier C:\fixwareout\report.txt, un nouveau rapport HijackThis et un nouveau rapport GenProc. voila j'attend la suite des événements ! merci de ton aide ! joel

salut! c'est un peu long car je suis pas toujours devant l'ordi du copain ! je suis chez lui encore env. 1 heure ensuite ça va reporter à la semaine prochaine c'est pas grave c'est juste plus long , merci pour l'aide ! je viens de faire la manip voila le rapport : Search Navipromo version 3.1.2 commencé le 28/09/2007 à 16:00:04,28 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 27.09.2007 a 18h00 by IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html Fichier(s) caché(s) : Processus caché(s) : *** Recherche avec GenericNaviSearch *** !!! Tous Ces résultats peuvent révéler des fichiers légitimes !!! !!! A verifier impérativement avant toute suppression manuelle !!! * Scan C:\WINDOWS\system32 * * Scan C:\Documents and Settings\Administrateur\local settings\application data * *** Recherche fichiers *** *** Recherche cles registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : 3)Recherche Certificats : Certificat Egroup absent ! *** Analyse Terminé le 28/09/2007 à 16:02:46,76 *** j'attends la suite ! merci joel