Kairaut

Enfin, j'ai pu régler mes problèmes de lenteurs. Merci Et Voilà le rapport : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, February 11, 2008 3:41:52 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 11/02/2008 Kaspersky Anti-Virus database records: 556343 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 93014 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 01:54:42 Infected Object Name / Virus Name / Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{8F78B807-DBCA-4E7A-8AA5-8C20A8C12674}.crmlog Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_ba4.dat Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_8c8.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Sharioh\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Sharioh\ntuser.dat Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Temp\~DFAC33.tmp Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Temp\~DFAC40.tmp Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Temp\~DFBC37.tmp Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Temp\Perflib_Perfdata_ccc.dat Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Temp\Perflib_Perfdata_adc.dat Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Temp\Perflib_Perfdata_af4.dat Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Temp\~DFBC43.tmp Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Historique\History.IE5\MSHist012008021120080212\index.dat Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Application Data\Microsoft\Windows Live Contacts\caroline32820@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Application Data\Microsoft\Windows Live Contacts\caroline32820@hotmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\Cache\9812791Ad01 Object is locked skipped C:\Documents and Settings\Sharioh\Local Settings\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\Cache\FDF09C04d01 Object is locked skipped C:\Documents and Settings\Sharioh\Mes documents\Mes fichiers reçus\MsnMsgr.txt Object is locked skipped C:\Documents and Settings\Sharioh\Mes documents\Mes fichiers reçus\lcapi0.log Object is locked skipped C:\Documents and Settings\Sharioh\Mes documents\Mes fichiers reçus\Transport0.log Object is locked skipped C:\Documents and Settings\Sharioh\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Sharioh\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\history.dat Object is locked skipped C:\Documents and Settings\Sharioh\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\parent.lock Object is locked skipped C:\Documents and Settings\Sharioh\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Sharioh\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\cert8.db Object is locked skipped C:\Documents and Settings\Sharioh\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\key3.db Object is locked skipped C:\Documents and Settings\Sharioh\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\search.sqlite Object is locked skipped C:\Documents and Settings\Sharioh\Application Data\Mozilla\Firefox\Profiles\zjk9trsm.default\urlclassifier2.sqlite Object is locked skipped C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP18\change.log Object is locked skipped Scan process completed.

Bonjour ! Je n'ai plus d'alertes pour le moment, et mon PC va globalement bien sauf qu'il est assez lent au démarrage :/ Merci encore Logfile of HijackThis v1.99.1 Scan saved at 14:52, on 2008-02-06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Bonsoir ! Voilà le rapport de ESET, et pardon pour le temps de réaction. Petite précision : j'ai pas cliqué sur "détails tab" à la fin du scan parce que je n'ai pas trouvé de "details tab", c'est important ? ^^ # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=2846 (20080204) # vers_arch_module=1.063 (20080117) # vers_adv_heur_module=1.060 (20070601) # EOSSerial=d1bce59eea14594ea86d9500d9450f7d # end=finished # remove_checked=false # unwanted_checked=false # utc_time=2008-02-04 06:01:11 # local_time=2008-02-04 07:01:11 (+0100, Paris, Madrid) # country="France" # osver=5.1.2600 NT Service Pack 2 # scanned=343709 # found=0 # scan_time=17871

D'accord, merci. ComboFix 08-01-23.1C - Sharioh 2008-01-26 13:30:44.5 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.341 [GMT 1:00] Endroit: C:\Documents and Settings\Sharioh\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Sharioh\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE c:\id44l.exe C:\WINDOWS\\system32\whml.exe C:\WINDOWS\system32\dllcache\spoolms.exe C:\WINDOWS\system32\wnss.exe C:\WINDOWS\TEMP\A33.tmp . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))))))) . 2008-01-25 11:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-24 20:51 . 2008-01-24 20:51 <REP> d-------- C:\Program Files\Windows Live 2008-01-24 20:51 . 2008-01-24 20:51 <REP> d-------- C:\Program Files\Messenger Plus! Live 2008-01-23 17:51 . 2008-01-23 17:52 4,065,896 --a------ C:\upload_moi_BF.tar.gz 2008-01-23 00:53 . 2008-01-23 00:53 <REP> d-------- C:\WINDOWS\ERUNT 2008-01-22 22:27 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-22 02:40 . 2008-01-22 02:40 <REP> d-------- C:\Program Files\Avira 2008-01-20 19:38 . 2008-01-20 19:38 5,632 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-01-20 19:37 . 2008-01-20 19:38 44,032 --ahs---- C:\WINDOWS\Thumbs.db 2008-01-19 18:57 . 2008-01-19 18:57 <REP> d-------- C:\Program Files\Cinema Bizarre Player 2008-01-11 11:08 . 2008-01-11 11:08 1,158 --a------ C:\WINDOWS\mozver.dat 2008-01-10 23:12 . 2008-01-10 23:12 <REP> d-------- C:\Program Files\Veoh Networks 2008-01-10 23:01 . 2008-01-10 23:01 <REP> d-------- C:\WINDOWS\Downloaded Installations 2008-01-10 22:35 . 2008-01-10 22:35 <REP> d-------- C:\Program Files\DivX 2008-01-10 02:15 . 2008-01-10 02:15 <REP> d-------- C:\Program Files\Internet Download Manager 2008-01-08 22:43 . 2008-01-08 22:43 <REP> d-------- C:\Program Files\Azureus 2008-01-08 22:37 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-08 22:36 . 2008-01-08 22:36 <REP> d-------- C:\Program Files\Java 2008-01-08 22:36 . 2008-01-08 22:36 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-01-08 21:59 . 2008-01-08 21:59 118 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-08 12:36 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll 2008-01-08 02:16 . 2008-01-08 02:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax 2008-01-07 00:23 . 2008-01-07 00:23 <REP> d-------- C:\Program Files\VideoLAN 2008-01-06 17:40 . 2008-01-06 17:40 <REP> d-------- C:\Program Files\CCleaner 2008-01-06 13:35 . 2008-01-06 13:35 <REP> d-------- C:\Program Files\Lavasoft 2008-01-06 13:34 . 2008-01-06 13:34 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-01-04 22:59 . 2008-01-04 22:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-01-04 22:59 . 2008-01-04 22:59 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-01-04 22:59 . 2008-01-04 22:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-01-04 22:58 . 2008-01-04 22:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 22:58 . 2008-01-04 22:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-01-04 22:58 . 2008-01-04 22:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-01-04 22:56 . 2008-01-04 22:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 22:56 . 2008-01-04 22:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-01-04 22:56 . 2008-01-04 22:56 8,835 --a------ C:\WINDOWS\system32\dpufr.qm 2008-01-04 22:56 . 2008-01-04 22:56 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm 2007-12-31 16:09 . 2007-12-31 16:09 <REP> d--hs---- C:\FOUND.011 2007-12-29 20:24 . 2007-12-29 20:24 <REP> d--hs---- C:\FOUND.010 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-16 18:46 --------- d-----w C:\Program Files\SAGEM 2007-12-14 01:42 --------- d-----w C:\Program Files\Windows Live Favorites 2007-12-14 00:01 --------- d-----w C:\Program Files\Orange HSS 2007-12-14 00:01 --------- d-----w C:\Program Files\Fichiers communs\France Telecom 2007-12-11 00:20 --------- d-----w C:\Program Files\Controle Parental 2007-12-10 16:29 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint 2007-12-10 16:25 --------- d-----w C:\Program Files\epson 2007-11-27 00:55 --------- d-----w C:\Program Files\Thomson 2007-11-27 00:54 --------- d-----w C:\Program Files\Wanadoo Messager 2007-11-27 00:53 --------- d-----w C:\Program Files\Wanadoo 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-25_11.34.00.57 ))))))))))))))))))))))))))))))))))))))))) . + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2008-01-26 12:30:20 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000001\NTUSER.DAT + 2008-01-26 12:30:20 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000002\UsrClass.dat + 2008-01-26 12:30:20 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000003\NTUSER.DAT + 2008-01-26 12:30:20 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000004\UsrClass.dat + 2008-01-26 12:30:20 5,607,424 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000005\ntuser.dat + 2008-01-26 12:30:20 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users�000006\UsrClass.dat + 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-08 12:44 2577840] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "LaunchApp"="" [] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168] "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816] "OPTENET_GUI"="C:\PROGRA~1\CONTRO~1\bin\optgui.exe" [2006-12-20 10:14 404536] "ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 19:03 102400] "SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 19:55 94208] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-22 02:44 249896] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14] R2 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2005-12-23 01:13] R2 int15;int15;C:\WINDOWS\system32\drivers\int15.sys [2006-06-02 13:59] R2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 19:15] R2 tvicport;tvicport;C:\WINDOWS\system32\drivers\tvicport.sys [2006-06-02 13:59] S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [] S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3daa9e70-95ea-11dc-8837-0016d41b3ad8}] \Shell\AutoRun\command - F:\ClickMe.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-26 11:49:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Okey merci, c'est fait! Voilà mon rapport : ComboFix 08-01-23.1C - Sharioh 2008-01-25 11:31:09.4 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.475 [GMT 1:00] Endroit: C:\Documents and Settings\Sharioh\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))))))) . 2008-01-25 11:30 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-24 20:51 . 2008-01-24 20:51 <REP> d-------- C:\Program Files\Windows Live 2008-01-24 20:51 . 2008-01-24 20:51 <REP> d-------- C:\Program Files\Messenger Plus! Live 2008-01-23 17:51 . 2008-01-23 17:52 4,065,896 --a------ C:\upload_moi_BF.tar.gz 2008-01-23 00:53 . 2008-01-23 00:53 <REP> d-------- C:\WINDOWS\ERUNT 2008-01-22 22:27 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-22 02:40 . 2008-01-22 02:40 <REP> d-------- C:\Program Files\Avira 2008-01-20 19:38 . 2008-01-20 19:38 5,632 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-01-20 19:37 . 2008-01-20 19:38 44,032 --ahs---- C:\WINDOWS\Thumbs.db 2008-01-19 18:57 . 2008-01-19 18:57 <REP> d-------- C:\Program Files\Cinema Bizarre Player 2008-01-11 11:08 . 2008-01-11 11:08 1,158 --a------ C:\WINDOWS\mozver.dat 2008-01-10 23:12 . 2008-01-10 23:12 <REP> d-------- C:\Program Files\Veoh Networks 2008-01-10 23:01 . 2008-01-10 23:01 <REP> d-------- C:\WINDOWS\Downloaded Installations 2008-01-10 22:35 . 2008-01-10 22:35 <REP> d-------- C:\Program Files\DivX 2008-01-10 02:15 . 2008-01-10 02:15 <REP> d-------- C:\Program Files\Internet Download Manager 2008-01-08 22:43 . 2008-01-08 22:43 <REP> d-------- C:\Program Files\Azureus 2008-01-08 22:37 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-08 22:36 . 2008-01-08 22:36 <REP> d-------- C:\Program Files\Java 2008-01-08 22:36 . 2008-01-08 22:36 <REP> d-------- C:\Program Files\Fichiers communs\Java 2008-01-08 21:59 . 2008-01-08 21:59 118 --a------ C:\WINDOWS\system32\MRT.INI 2008-01-08 12:36 . 2008-01-08 13:13 202,160 --a------ C:\WINDOWS\system32\idmmbc.dll 2008-01-08 02:16 . 2008-01-08 02:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax 2008-01-07 00:23 . 2008-01-07 00:23 <REP> d-------- C:\Program Files\VideoLAN 2008-01-06 17:40 . 2008-01-06 17:40 <REP> d-------- C:\Program Files\CCleaner 2008-01-06 13:35 . 2008-01-06 13:35 <REP> d-------- C:\Program Files\Lavasoft 2008-01-06 13:34 . 2008-01-06 13:34 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-01-04 22:59 . 2008-01-04 22:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-01-04 22:59 . 2008-01-04 22:59 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm 2008-01-04 22:59 . 2008-01-04 22:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-01-04 22:58 . 2008-01-04 22:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 22:58 . 2008-01-04 22:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-01-04 22:58 . 2008-01-04 22:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-01-04 22:56 . 2008-01-04 22:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 22:56 . 2008-01-04 22:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-01-04 22:56 . 2008-01-04 22:56 8,835 --a------ C:\WINDOWS\system32\dpufr.qm 2008-01-04 22:56 . 2008-01-04 22:56 3,162 --a------ C:\WINDOWS\system32\dtu_fr.qm 2007-12-31 16:09 . 2007-12-31 16:09 <REP> d--hs---- C:\FOUND.011 2007-12-29 20:24 . 2007-12-29 20:24 <REP> d--hs---- C:\FOUND.010 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-16 18:46 --------- d-----w C:\Program Files\SAGEM 2007-12-14 01:42 --------- d-----w C:\Program Files\Windows Live Favorites 2007-12-14 00:01 --------- d-----w C:\Program Files\Orange HSS 2007-12-14 00:01 --------- d-----w C:\Program Files\Fichiers communs\France Telecom 2007-12-11 00:20 --------- d-----w C:\Program Files\Controle Parental 2007-12-10 16:29 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint 2007-12-10 16:25 --------- d-----w C:\Program Files\epson 2007-11-27 00:55 --------- d-----w C:\Program Files\Thomson 2007-11-27 00:54 --------- d-----w C:\Program Files\Wanadoo Messager 2007-11-27 00:53 --------- d-----w C:\Program Files\Wanadoo 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-08 12:44 2577840] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "LaunchApp"="" [] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168] "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816] "OPTENET_GUI"="C:\PROGRA~1\CONTRO~1\bin\optgui.exe" [2006-12-20 10:14 404536] "ORAHSSSessionManager"="C:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 19:03 102400] "SystrayORAHSS"="C:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 19:55 94208] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-22 02:44 249896] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360] "Windows Network Security Service"="C:\WINDOWS\system32\wnss.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 16:14] R2 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2005-12-23 01:13] R2 int15;int15;C:\WINDOWS\system32\drivers\int15.sys [2006-06-02 13:59] R2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe [2006-12-21 19:15] R2 tvicport;tvicport;C:\WINDOWS\system32\drivers\tvicport.sys [2006-06-02 13:59] S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [] S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [] S2 wnss;Windows Network Security Service;C:\WINDOWS\system32\wnss.exe [] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3daa9e70-95ea-11dc-8837-0016d41b3ad8}] \Shell\AutoRun\command - F:\ClickMe.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-24 23:49:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Hey! J'ai rencontré un problème avec Combofix. Après l'avoir télécharger et installer sur mon bureau, je double clique dessus et là... j'ai trois fenêtre d'antivir exactement identique qui s'ouvrent pour m'alerter que j'ai un virus (comme ceci) ensuite je clique sur "mettre en quarantaine" pour chaque fenêtre, les trois disparaissent et à la place je me retrouve avec ça. Je clique sur OK mais la fenêtre réapparaît à chaque fois, et y'en a une autre qui apparaît peu après, là. C'est un truc sérieux ou j'ai juste fait une fausse manip' quelque part ? Merci encore et toujours pour l'aide =)

Voilà le rapport. D'ailleurs j'ai essayé plusieurs fois d'envoyer le fichier "upload me" à l'adresse demandée mais ça me faisait "le fichier est invalide" , je dois m'en préoccuper ou... ? Merci encore pour l'aide et la rapidité ! DiagHelp version v1.4 - http://www.malekal.com excute le 23/01/2008 à 17:50:16,95 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->23/01/2008 17:50:10 C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->23/01/2008 17:50:04 C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf -->23/01/2008 17:49:56 C:\WINDOWS\prefetch\RUNDLL32.EXE-6974B1C9.pf -->23/01/2008 17:49:52 C:\WINDOWS\prefetch\DESKBOARD.EXE-0EF12850.pf -->23/01/2008 17:49:14 C:\WINDOWS\prefetch\LAUNCHER.EXE-2B5A4FC3.pf -->23/01/2008 17:49:12 C:\WINDOWS\prefetch\SYSTRAYAPP.EXE-20804D28.pf -->23/01/2008 17:49:12 C:\WINDOWS\prefetch\MSNTBUP.EXE-05EA1CAC.pf -->23/01/2008 17:49:02 C:\WINDOWS\prefetch\TASKMGR.EXE-06144C13.pf -->23/01/2008 17:48:58 C:\WINDOWS\prefetch\DWWIN.EXE-2C373FB7.pf -->23/01/2008 17:46:52 C:\WINDOWS\System32\drivers\avipbb.sys -->22/01/2008 02:44:34 C:\WINDOWS\System32\drivers\cdr4_xp.sys -->04/01/2008 22:58:46 C:\WINDOWS\System32\drivers\cdralw2k.sys -->04/01/2008 22:58:46 C:\WINDOWS\System32\drivers\pxhelp20.sys -->04/01/2008 22:58:46 C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54 C:\WINDOWS\System32\drivers\tcpip.sys -->30/10/2007 18:20:56 C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:12 C:\WINDOWS\System32\wpa.dbl -->22/01/2008 22:18:40 C:\WINDOWS\System32\CONFIG.NT -->22/01/2008 02:31:44 C:\WINDOWS\System32\Thumbs.db -->20/01/2008 19:38:02 C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->14/01/2008 21:52:22 C:\WINDOWS\System32\MRT.INI -->08/01/2008 21:59:12 C:\WINDOWS\System32\idmmbc.dll -->08/01/2008 13:13:46 C:\WINDOWS\System32\divxdec.ax -->08/01/2008 02:16:38 C:\WINDOWS\System32\DivXsm.exe -->04/01/2008 22:59:04 C:\WINDOWS\System32\dsm_fr.qm -->04/01/2008 22:59:04 C:\WINDOWS\System32\divxsm.tlb -->04/01/2008 22:59:04 C:\WINDOWS\System32\qt-dx331.dll -->04/01/2008 22:58:50 C:\WINDOWS\System32\pxmas.dll -->04/01/2008 22:58:48 C:\WINDOWS\System32\pxcpyi64.exe -->04/01/2008 22:58:46 C:\WINDOWS\System32\pxcpya64.exe -->04/01/2008 22:58:46 C:\WINDOWS\System32\pxinsi64.exe -->04/01/2008 22:58:46 C:\WINDOWS\System32\pxinsa64.exe -->04/01/2008 22:58:46 C:\WINDOWS\System32\pxhpinst.exe -->04/01/2008 22:58:46 C:\WINDOWS\System32\pxafs.dll -->04/01/2008 22:58:46 C:\WINDOWS\System32\pxsfs.dll -->04/01/2008 22:58:46 C:\WINDOWS\System32\pxdrv.dll -->04/01/2008 22:58:46 C:\WINDOWS\System32\vxblock.dll -->04/01/2008 22:58:46 C:\WINDOWS\System32\pxwave.dll -->04/01/2008 22:58:46 C:\WINDOWS\System32\px.dll -->04/01/2008 22:58:46 C:\WINDOWS\System32\ssldivx.dll -->04/01/2008 22:58:42 C:\WINDOWS\System32\libdivx.dll -->04/01/2008 22:58:42 C:\WINDOWS\WindowsUpdate.log -->23/01/2008 11:44:28 C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt -->23/01/2008 11:35:56 C:\WINDOWS\wiadebug.log -->23/01/2008 11:35:30 C:\WINDOWS.log -->23/01/2008 11:35:30 C:\WINDOWS\bootstat.dat -->23/01/2008 11:33:02 C:\WINDOWS\SchedLgU.Txt -->23/01/2008 03:36:20 C:\WINDOWS\wiaservc.log -->23/01/2008 03:36:18 C:\WINDOWS\ntbtlog.txt -->23/01/2008 01:13:20 C:\WINDOWS\wmsetup.log -->22/01/2008 14:12:06 C:\WINDOWS\setupact.log -->21/01/2008 23:13:24 C:\WINDOWS\setuperr.log -->21/01/2008 23:12:30 C:\WINDOWS\win.ini -->21/01/2008 19:07:48 C:\WINDOWS\system.ini -->21/01/2008 19:07:48 C:\WINDOWS\Thumbs.db -->20/01/2008 19:38:02 C:\WINDOWS\mozver.dat -->11/01/2008 11:08:22 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ Explorer.EXE pid: 1936 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll 0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x00d30000 0x8000 0.09.0007.0003 C:\Acer\Empowering Technology\ePower\SysHook.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x10000000 0x7000 4.00.0000.0001 C:\Program Files\Internet Download Manager\idmmkb.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x012b0000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll 0x024b0000 0x17000 5.12.0002.0000 C:\Program Files\Internet Download Manager\IDMIECC.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x01360000 0xe000 7.00.0007.0142 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 0x024d0000 0x11a000 1.05.0000.0008 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x029b0000 0x5b000 1.01.0000.0000 C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll 0x02c80000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 0x02df0000 0x2e000 C:\Program Files\WinRAR\rarext.dll 0x02d40000 0x13000 1.00.0000.0000 C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll 0x03320000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll 0x03360000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x03480000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL 0x036b0000 0x13000 1.00.0000.0001 C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll 0x14070000 0x1b000 11.00.5721.5145 C:\WINDOWS\system32\wmpshell.dll 0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL 0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll 0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 736 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x10000000 0x17000 6.14.0010.4138 C:\WINDOWS\system32\Ati2evxx.dll 0x02030000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 3D3F-7DA4 Répertoire de C:\WINDOWS\system 25/12/1998 08:15 345 983 RCDsetup.exe 1 fichier(s) 345 983 octets 0 Rép(s) 23 323 541 504 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 3D3F-7DA4 Répertoire de C:\WINDOWS\system32 10/08/2004 20:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 23 323 541 504 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 3D3F-7DA4 Répertoire de C:\WINDOWS\Downloaded Program Files 23/09/2006 05:18 <REP> . 23/09/2006 05:18 <REP> .. 21/06/2006 11:44 65 desktop.ini 09/11/2006 14:36 5 019 swflash.inf 22/02/2007 23:41 304 544 MessengerStatsPAClient.dll 25/07/2002 17:05 172 032 isusweb.dll 25/07/2002 17:13 196 608 dwusplay.exe 25/07/2002 17:13 24 576 dwusplay.dll 6 fichier(s) 702 844 octets Total des fichiers listés : 6 fichier(s) 702 844 octets 2 Rép(s) 23 323 541 504 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\System32\\rundll32.exe"="C:\\WINDOWS\\System32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\system32\\dllcache\\spoolms.exe"="C:\\WINDOWS\\system32\\dllcache\\spoolms.exe:*:Enabled:Windows Sharing" "C:\\WINDOWS\\system32\\whml.exe"="C:\\WINDOWS\\system32\\whml.exe:*:Enabled:WHML" "c:\\id44l.exe"="c:\\id44l.exe:*:Enabled:WHML" "C:\\WINDOWS\\system32\\spoolsv.exe"="C:\\WINDOWS\\system32\\spoolsv.exeC:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:WHML" "C:\\WINDOWS\\System32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exeC:\\WINDOWS\\system32\\svchost:*:Enabled:WHML" "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"="C:\\WINDOWS\\system32\\wbem\\wmiprvse.exeC:\\WINDOWS\\system32\\wbem\\wmiprvse.exe:*:Enabled:WHML" "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS" "C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exelogonui.exe:*:Enabled:WHML" "C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"="C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exeC:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe:*:Enabled:WHML" "C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exeC:\\WINDOWS\\system32\\services.exe:*:Enabled:WHML" "C:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"="C:\\WINDOWS\\system32\\wbem\\wmiapsrv.exeC:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe:*:Enabled:WHML" "C:\\Program Files\\Controle Parental\\bin\\optproxy.exe"="C:\\Program Files\\Controle Parental\\bin\\optproxy.exeC:\\Program Files\\Controle Parental\\bin\\optproxy.exe:*:Enabled:WHML" "C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe"="C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exeC:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe:*:Enabled:WHML" "C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exeC:\\WINDOWS\\system32\\lsass.exe:*:Enabled:WHML" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\WINDOWS\\TEMP\\A33.tmp"="C:\\WINDOWS\\TEMP\\A33.tmpC:\\WINDOWS\\TEMP\\A33.tmp:*:Enabled:WHML" "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exeC:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe:*:Enabled:WHML" "C:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe"="C:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exeC:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe:*:Enabled:WHML" "C:\\WINDOWS\\system32\\wnss.exe"="C:\\WINDOWS\\system32\\wnss.exe:*:Enabled:Windows Network Security Service" "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exewinlogon.exe:*:Enabled:Windows Network Security Service" "C:\\WINDOWS\\EXPLORER.EXE"="C:\\WINDOWS\\EXPLORER.EXE:*:Enabled:Explorateur Windows" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-23 17:51:04 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... IPC error: 2 Le fichier spécifié est introuvable. scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 240 - aawservice.exe 268 - sched.exe 284 - guard.exe 352 - ehRecvr.exe 372 - ehSched.exe 404 - FTRTSVC.exe 540 - IEMonitor.exe 608 - optproxy.exe 700 - svchost.exe 708 - csrss.exe 736 - winlogon.exe 780 - services.exe 792 - lsass.exe 872 - CLI.EXE 900 - svchost.exe 936 - Ati2evxx.exe 956 - svchost.exe 1036 - svchost.exe 1104 - svchost.exe 1188 - Ati2evxx.exe 1252 - mcrdsvc.exe 1256 - svchost.exe 1380 - IDMan.exe 1440 - CLI.EXE 1564 - TeaTimer.exe 1580 - avguard.exe 1936 - Explorer.EXE 2120 - ctfmon.exe 2488 - wmiprvse.exe 2604 - Launcher.exe 2688 - dllhost.exe 2844 - alg.exe 3020 - ehtray.exe 3156 - firefox.exe 3228 - ePower_DMC.exe 3264 - wmiprvse.exe 3316 - unsecapp.exe 3376 - ehmsas.exe 3404 - SynTPEnh.exe 3412 - LManager.exe 3432 - CLI.EXE 3488 - eRAgent.exe 3544 - HPWuSchd2.exe 3664 - Dragdiag.exe 3756 - optgui.exe 3848 - SystrayApp.exe 3932 - avgnt.exe 4012 - AlertModule.exe 4072 - avgas.exe 5228 - wuauclt.exe 6580 - connectivityman 6636 - CoreCom.exe 6796 - OraConfigRecove 6808 - FTCOMModule.exe 7616 - cmd.exe Total number of processes = 56 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll F7987000 - \WINDOWS\system32\KDCOM.DLL F7897000 - \WINDOWS\system32\BOOTVID.dll F7357000 - ACPI.sys F7989000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F7346000 - pci.sys F7487000 - isapnp.sys F7497000 - ohci1394.sys F74A7000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F789B000 - compbatt.sys F789F000 - \WINDOWS\system32\DRIVERS\BATTC.SYS F7A4F000 - pciide.sys F7707000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F798B000 - aliide.sys F798D000 - intelide.sys F798F000 - toside.sys F7991000 - viaide.sys F7993000 - cmdide.sys F7328000 - pcmcia.sys F74B7000 - MountMgr.sys F7309000 - ftdisk.sys F7995000 - dmload.sys F72E3000 - dmio.sys F78A3000 - ACPIEC.sys F7A50000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS F770F000 - PartMgr.sys F78A7000 - UBHelper.sys F74C7000 - VolSnap.sys F78AB000 - cpqarray.sys F72CB000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F72B3000 - atapi.sys F78AF000 - aha154x.sys F7717000 - sparrow.sys F78B3000 - symc810.sys F74D7000 - aic78xx.sys F78B7000 - dac960nt.sys F74E7000 - ql10wnt.sys F78BB000 - amsint.sys F771F000 - asc.sys F78BF000 - asc3550.sys F7727000 - mraid35x.sys F772F000 - i2omp.sys F78C3000 - ini910u.sys F74F7000 - ql1240.sys F7507000 - aic78u2.sys F7737000 - symc8xx.sys F773F000 - sym_hi.sys F7747000 - sym_u3.sys F774F000 - ABP480N5.SYS F7757000 - asc3350p.sys F7997000 - cd20xrnt.sys F7517000 - ultra.sys F729A000 - adpu160m.sys F775F000 - dpti2o.sys F7527000 - ql1080.sys F7537000 - ql1280.sys F7547000 - ql12160.sys F7767000 - perc2.sys F7999000 - perc2hib.sys F776F000 - hpn.sys F78C7000 - cbidf2k.sys F726E000 - dac2w2k.sys F7557000 - disk.sys F7567000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F724E000 - fltMgr.sys F723C000 - sr.sys F7577000 - PxHelp20.sys F7219000 - Fastfat.sys F7202000 - KSecDD.sys F71D5000 - NDIS.sys F7587000 - sisagp.sys F7597000 - viaagp.sys F71BA000 - Mup.sys F75A7000 - alim1541.sys F75B7000 - amdagp.sys F75C7000 - agp440.sys F75D7000 - agpCPQ.sys F75F7000 - \SystemRoot\system32\DRIVERS\AmdK8.sys F794B000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys F6F10000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F6EFC000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F77D7000 - \SystemRoot\system32\DRIVERS\usbohci.sys F6ED9000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F77DF000 - \SystemRoot\system32\DRIVERS\usbehci.sys F7607000 - \SystemRoot\system32\DRIVERS\imapi.sys F7617000 - \SystemRoot\system32\DRIVERS\cdrom.sys F7627000 - \SystemRoot\system32\DRIVERS\redbook.sys F6EB6000 - \SystemRoot\system32\DRIVERS\ks.sys F799B000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys F6E91000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F7637000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F77E7000 - \SystemRoot\system32\DRIVERS\DKbFltr.sys F77EF000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F6E61000 - \SystemRoot\system32\DRIVERS\SynTP.sys F799D000 - \SystemRoot\system32\DRIVERS\USBD.SYS F77F7000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7953000 - \SystemRoot\system32\DRIVERS\CmBatt.sys F6E4C000 - \SystemRoot\system32\DRIVERS\Rtnicxp.sys F6DE4000 - \SystemRoot\system32\DRIVERS\bcmwl5.sys F7647000 - \SystemRoot\system32\DRIVERS\EMS7SK.sys F6DD3000 - \SystemRoot\system32\DRIVERS\sdbus.sys F6DC0000 - \SystemRoot\system32\DRIVERS\ESM7SK.sys F7657000 - \SystemRoot\system32\DRIVERS\ESD7SK.sys F7B30000 - \SystemRoot\system32\DRIVERS\audstub.sys F77FF000 - \SystemRoot\system32\DRIVERS\rasirda.sys F7807000 - \SystemRoot\system32\DRIVERS\TDI.SYS F7667000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F795B000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F6D09000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F7677000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F7687000 - \SystemRoot\system32\DRIVERS\raspptp.sys F6CD0000 - \SystemRoot\system32\DRIVERS\psched.sys F7697000 - \SystemRoot\system32\DRIVERS\msgpc.sys F780F000 - \SystemRoot\system32\DRIVERS\ptilink.sys F7817000 - \SystemRoot\system32\DRIVERS\raspti.sys F6C9F000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F76A7000 - \SystemRoot\system32\DRIVERS\termdd.sys F799F000 - \SystemRoot\system32\DRIVERS\swenum.sys F6C6B000 - \SystemRoot\system32\DRIVERS\update.sys F796B000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F76B7000 - \SystemRoot\System32\Drivers\NDProxy.SYS F76E7000 - \SystemRoot\system32\DRIVERS\usbhub.sys EE778000 - \SystemRoot\system32\drivers\RtkHDAud.sys EE754000 - \SystemRoot\system32\drivers\portcls.sys F76F7000 - \SystemRoot\system32\drivers\drmk.sys EE721000 - \SystemRoot\system32\DRIVERS\HSFHWAZL.sys EE62F000 - \SystemRoot\system32\DRIVERS\HSF_DPV.sys EE57D000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys F781F000 - \SystemRoot\System32\Drivers\Modem.SYS F79A5000 - \SystemRoot\System32\Drivers\i2omgmt.SYS F79A7000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7B6A000 - \SystemRoot\System32\Drivers\Null.SYS F79A9000 - \SystemRoot\System32\Drivers\Beep.SYS F7B6B000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F783F000 - \SystemRoot\System32\drivers\vga.sys F79AB000 - \SystemRoot\System32\Drivers\mnmdd.SYS F79AD000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7847000 - \SystemRoot\System32\Drivers\Msfs.SYS F784F000 - \SystemRoot\System32\Drivers\Npfs.SYS F70D2000 - \SystemRoot\system32\DRIVERS\rasacd.sys EE531000 - \SystemRoot\system32\DRIVERS\ipsec.sys EE4D9000 - \SystemRoot\system32\DRIVERS\tcpip.sys EE4B1000 - \SystemRoot\system32\DRIVERS\netbt.sys EE468000 - \SystemRoot\system32\DRIVERS\ipnat.sys F70C6000 - \SystemRoot\System32\drivers\ws2ifsl.sys EE446000 - \SystemRoot\System32\drivers\afd.sys F71AA000 - \SystemRoot\system32\DRIVERS\wanarp.sys F719A000 - \SystemRoot\system32\DRIVERS\netbios.sys F7857000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys EE32B000 - \SystemRoot\system32\DRIVERS\rdbss.sys EE2BC000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F717A000 - \SystemRoot\System32\Drivers\Fips.SYS F716A000 - \SystemRoot\system32\DRIVERS\avipbb.sys F79AF000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys F7B82000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F70AA000 - \SystemRoot\system32\DRIVERS\hidusb.sys F714A000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F785F000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F713A000 - \SystemRoot\System32\Drivers\Cdfs.SYS EE1F7000 - \SystemRoot\System32\Drivers\BisonCam.sys F712A000 - \SystemRoot\System32\Drivers\STREAM.SYS F6D05000 - \SystemRoot\system32\DRIVERS\mouhid.sys EE19E000 - \SystemRoot\System32\Drivers\dump_atapi.sys F79B1000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F6CF1000 - \SystemRoot\System32\drivers\Dxapi.sys F786F000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7BDE000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\ati2dvag.dll BFA18000 - \SystemRoot\System32\ati2cqag.dll BFA5E000 - \SystemRoot\System32\atikvmag.dll BFAA0000 - \SystemRoot\System32\ati3duag.dll BFD3C000 - \SystemRoot\System32\ativvaxx.dll EBD68000 - \SystemRoot\system32\DRIVERS\irda.sys EBF46000 - \SystemRoot\system32\DRIVERS\ndisuio.sys EBC23000 - \SystemRoot\system32\DRIVERS\mrxdav.sys EBB1E000 - \SystemRoot\system32\drivers\wdmaud.sys EBEA6000 - \SystemRoot\system32\drivers\sysaudio.sys EB903000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys EB8D7000 - \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys EB782000 - \SystemRoot\System32\Drivers\HTTP.sys EB721000 - \??\C:\WINDOWS\system32\drivers\int15.sys EB6CF000 - \SystemRoot\system32\DRIVERS\srv.sys EB762000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys EB6C7000 - \??\C:\WINDOWS\system32\drivers\tvicport.sys F7BC5000 - \??\C:\WINDOWS\system32\drivers\zntport.sys F7BC8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys F7A4D000 - \SystemRoot\System32\Drivers\hiber_WMILIB.SYS F787F000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS EE36E000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS Total number of drivers = 192 Liste des programmes installes 1600_Help 1600Trb ABBYY FineReader 6.0 Sprint Acer Empowering Technology Acer ePerformance Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer GridVista Acer OrbiCam Acer Screensaver Ad-Aware 2007 Adobe Flash Player 9 ActiveX Adobe Reader 7.0.8 AiO_Scan AiOSoftware Archiveur WinRAR ATI - Utilitaire de désinstallation du logiciel ATI Catalyst Control Center ATI Display Driver ATI Parental Control & Encoder ATI Parental Control & Encoder AutoUpdate AVG Anti-Spyware 7.5 Avira AntiVir PersonalEdition Classic Azureus Barre d'outils Outlook de Windows Live (Windows Live Toolbar) Bloqueur de fenêtres pop-up (Windows Live Toolbar) BufferChm CCleaner (remove only) Cinema Bizarre Player Contrôle Parental Copy Correctif n° 2 pour Windows XP Édition Media Center 2005 Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB888795) Correctif pour Windows XP (KB891593) Correctif pour Windows XP (KB899337) Correctif pour Windows XP (KB899510) Correctif pour Windows XP (KB902841) Correctif pour Windows XP (KB914440) Correctif pour Windows XP (KB935448) Correctif Windows XP - KB873339 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885855 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888239 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Correctif Windows XP - KB895961 CP_AtenaShokunin1Config cp_dwShrek2Albums1 cp_dwShrek2Cards1 CreativeProjects CreativeProjectsTemplates CueTour Destinations Director DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DocProc DocumentViewer Détecteur de flux Windows Live Toolbar (Windows Live Toolbar) EPSON Attach To Email EPSON Attach To Email EPSON Copy Utility 3 EPSON Easy Photo Print EPSON File Manager EPSON Logiciel imprimante EPSON Scan EPSON Scan Assistant EPSON Web-To-Page ESDX5000_CX4900 Guide d’utilisation Extension de Windows Live Toolbar (Windows Live Toolbar) Fax GemMaster Mystic Google Earth Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB888111 HijackThis 1.99.1 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Extended Capabilities 4.7 HP Image Zone 4.7 HP Product Assistant HP PSC & OfficeJet 4.7 HP Software Update HPSystemDiagnostics InstantShare Internet Download Manager Java 6 Update 3 Java SE Development Kit 6 Java SE Runtime Environment 6 JourneySoftwarePromo Launch Manager Lecteur Windows Media 11 LightScribe 1.4.74.1 livebox Logiciel Photo Orange MarketResearch Menus intelligents (Windows Live Toolbar) Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 SR-1 Small Business Microsoft Office PowerPoint Viewer 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901190) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922760) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923789) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937894) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB941568) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB941644) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour de sécurité pour Windows XP (KB943485) Mise à jour de sécurité pour Windows XP (KB944653) Mise à jour pour Lecteur Windows Media 10 (KB913800) Mise à jour pour Lecteur Windows Media 10 (KB926251) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB912945) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB938828) Mise à jour pour Windows XP (KB942763) Mozilla Firefox (2.0.0.11) MSN MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Navigateur Orange NTI Backup NOW! 4 NTI Backup NOW! 4 NTI CD & DVD-Maker NTI CD & DVD-Maker OneCare Advisor (Windows Live Toolbar) Orange - Logiciels Internet Otto Outil de mise à jour Google Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) PanoStandAlone PhotoGallery PIF DESIGNER PowerDVD PowerProducer ProductContext QFolder Readme Realtek High Definition Audio Driver Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update pour Microsoft .NET Framework 2.0 (KB928365) SkinsHP1 Skype™ 3.2 SMSC IrCC V5.1.3600.7 Soft Data Fax Modem with SmartCP Sonic Encoders SpeedTouch USB Software Spybot - Search & Destroy Synaptics Pointing Device Driver TrayApp Unload VeohTV BETA VeohTV BETA VideoLAN VLC media player 0.8.6d Wanadoo Messager WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Favorites pour Windows Live Toolbar Windows Live Messenger Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows XP Media Center Edition 2005 KB925766 Worms World Party Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 3D3F-7DA4 Répertoire de C:\Program Files 23/09/2006 05:19 <REP> . 23/09/2006 05:19 <REP> .. 10/12/2007 17:29 <REP> ABBYY FineReader 6.0 Sprint 21/06/2006 12:08 <REP> Acer Inc 21/06/2006 12:08 <REP> Adobe 02/03/2007 20:00 <REP> Alwil Software 21/06/2006 11:52 <REP> ATI Technologies 22/01/2008 02:40 <REP> Avira 08/01/2008 22:43 <REP> Azureus 06/01/2008 17:40 <REP> CCleaner 19/01/2008 18:57 <REP> Cinema Bizarre Player 21/06/2006 11:41 <REP> ComPlus Applications 21/06/2006 12:05 <REP> CONEXANT 11/12/2007 01:20 <REP> Controle Parental 21/06/2006 12:10 <REP> CyberLink 21/06/2006 12:51 <REP> DIFX 10/01/2008 22:35 <REP> DivX 10/12/2007 17:25 <REP> epson 21/06/2006 11:36 <REP> Fichiers communs 21/06/2006 13:01 <REP> FrenchOtto 21/06/2006 13:01 <REP> GemMasterFrench 29/01/2007 19:10 <REP> Google 22/01/2008 22:27 <REP> Grisoft 03/12/2006 18:33 <REP> Hewlett-Packard 22/01/2008 02:05 <REP> HijackThis 03/12/2006 18:30 <REP> HP 10/01/2008 02:15 <REP> Internet Download Manager 21/06/2006 11:43 <REP> Internet Explorer 08/01/2008 22:36 <REP> Java 03/12/2006 16:48 <REP> Launch Manager 06/01/2008 13:35 <REP> Lavasoft 24/12/2006 20:07 <REP> Logiciel Photo Orange 21/06/2006 11:40 <REP> Messenger 25/07/2007 22:31 <REP> Microsoft CAPICOM 2.1.0.2 21/06/2006 11:45 <REP> microsoft frontpage 10/12/2006 10:45 <REP> Microsoft Office 21/06/2006 11:41 <REP> Movie Maker 10/01/2008 22:41 <REP> Mozilla Firefox 21/06/2006 11:40 <REP> MSN 21/06/2006 11:40 <REP> MSN Gaming Zone 24/07/2007 19:55 <REP> MSN Messenger 05/12/2006 12:27 <REP> MSXML 4.0 21/06/2006 11:43 <REP> NetMeeting 21/06/2006 12:16 <REP> NewTech Infosystems 21/06/2006 11:41 <REP> Online Services 14/12/2007 01:01 <REP> Orange HSS 21/06/2006 11:43 <REP> Outlook Express 21/06/2006 12:01 <REP> Realtek 16/12/2007 19:46 <REP> SAGEM 21/06/2006 11:43 <REP> Services en ligne 20/07/2007 00:00 <REP> Skype 06/01/2008 15:51 <REP> Spybot - Search & Destroy 03/12/2006 16:47 <REP> Synaptics 27/11/2007 01:55 <REP> Thomson 10/01/2008 23:12 <REP> Veoh Networks 07/01/2008 00:23 <REP> VideoLAN 27/11/2007 01:53 <REP> Wanadoo 27/11/2007 01:54 <REP> Wanadoo Messager 14/12/2007 02:42 <REP> Windows Live Favorites 24/07/2007 19:57 <REP> Windows Live Toolbar 13/09/2007 21:53 <REP> Windows Media Connect 2 21/06/2006 11:41 <REP> Windows Media Player 21/06/2006 11:40 <REP> Windows NT 21/06/2006 11:41 <REP> Windows Plus 06/01/2008 13:19 <REP> WinRAR 21/06/2006 11:45 <REP> xerox 0 fichier(s) 0 octets 66 Rép(s) 23 321 182 208 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 3D3F-7DA4 Répertoire de C:\Program Files\fichiers communs 23/09/2006 05:19 <REP> . 23/09/2006 05:19 <REP> .. 21/06/2006 11:36 <REP> Microsoft Shared 21/06/2006 11:36 <REP> SpeechEngines 21/06/2006 11:36 <REP> ODBC 21/06/2006 11:43 <REP> System 21/06/2006 11:43 <REP> MSSoap 21/06/2006 11:43 <REP> Services 21/06/2006 11:52 <REP> InstallShield 21/06/2006 11:56 <REP> ATI Technologies 21/06/2006 12:08 <REP> Adobe 21/06/2006 12:16 <REP> NewTech Infosystems 21/06/2006 12:16 <REP> muvee Technologies 21/06/2006 12:16 <REP> LightScribe 03/12/2006 18:33 <REP> Hewlett-Packard 03/12/2006 18:35 <REP> HP 03/12/2006 19:08 <REP> Symantec Shared 10/12/2006 10:47 <REP> Designer 20/07/2007 00:00 <REP> Skype 14/12/2007 01:01 <REP> France Telecom 06/01/2008 13:34 <REP> Wise Installation Wizard 08/01/2008 22:36 <REP> Java 0 fichier(s) 0 octets 22 Rép(s) 23 321 182 208 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 3D3F-7DA4 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 23/09/2006 05:19 <REP> . 23/09/2006 05:19 <REP> .. 18/05/2001 15:57 561 209 MSONSEXT.DLL 07/03/2001 07:00 127 033 MSOWS40c.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 18/03/1999 05:37 593 977 RAGENT.DLL 4 fichier(s) 1 405 156 octets 2 Rép(s) 23 321 182 208 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 3D3F-7DA4 Répertoire de C:\ c:\Documents and Settings\BERNADETTE FLIEGER\Local Settings\Temp\_is190.exe c:\Documents and Settings\BERNADETTE FLIEGER\Local Settings\Temp\_is191.exe c:\Documents and Settings\BERNADETTE FLIEGER\Local Settings\Temp\_is192.exe c:\Documents and Settings\BERNADETTE FLIEGER\Local Settings\Temp\_is9.exe c:\Documents and Settings\BERNADETTE FLIEGER\Local Settings\Temp\rbSolnUpdateFRA.2.3.1.exe c:\Documents and Settings\BERNADETTE FLIEGER\Local Settings\Temp\SkypeSetup.exe c:\Documents and Settings\BERNADETTE FLIEGER\Bureau\avast_avast_4.7.892_francais_anglais_11113.exe c:\Documents and Settings\BERNADETTE FLIEGER\Bureau\GoogleEarthWin_EARW.exe c:\Documents and Settings\Sharioh\Mes documents\Downloads\Programs\avgas-setup-7.5.1.43-3339.exe c:\Documents and Settings\Sharioh\Mes documents\Downloads\IDM\Downloads\Programs\install_flash_player.exe c:\Documents and Settings\Sharioh\Mes documents\Downloads\IDM\Downloads\Programs\registrybooster.exe c:\Documents and Settings\Sharioh\Mes documents\Downloads\IDM\Downloads\Programs\registryboosterplib1.exe c:\Documents and Settings\Sharioh\Mes documents\MSNFix\MSNFix\msnchk.exe c:\Documents and Settings\Sharioh\Mes documents\MSNFix\MSNFix\incl\MD5File.exe c:\Documents and Settings\Sharioh\Mes documents\MSNFix\MSNFix\incl\msnchk.exe c:\Documents and Settings\Sharioh\Mes documents\MSNFix\MSNFix\incl\Process.exe c:\Documents and Settings\Sharioh\Mes documents\MSNFix\MSNFix\incl\swreg.exe c:\Documents and Settings\Sharioh\Mes documents\MSNFix\MSNFix\incl\zip.exe c:\Documents and Settings\Sharioh\Mes documents\bric a brac\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\Sharioh\Mes documents\bric a brac\SDFix.exe c:\Documents and Settings\Sharioh\Mes documents\bric a brac\Downloads\Programs\DivXInstaller.exe c:\Documents and Settings\Sharioh\Mes documents\bric a brac\Downloads\Programs\Firefox Setup 2.0.0.11.exe c:\Documents and Settings\Sharioh\Mes documents\bric a brac\Downloads\Programs\VeohSetup-3.8.0.1051.exe c:\Documents and Settings\Sharioh\Mes documents\bric a brac\Downloads\Programs\VeohSetup-3.8.0.1051_2.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Sharioh\Bureau\DiagHelp\tar.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\catchme.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\dummy.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\cliptext.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\download.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\dummy.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\ERUNT.EXE c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\FixPath.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\isadmin.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\LS.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\MD5File.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\Process.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\procs.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\psservice.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\RegDACL.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\regedit.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\RestartIt!.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\sc.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\SF.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\shutdown.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\swreg.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\swsc.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\unzip.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\WINMSG.EXE c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\zip.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\Replace\W2K.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\apps\Replace\XP.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\backups\attrib.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\backups\find.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\backups\findstr.exe c:\Documents and Settings\Sharioh\Bureau\SDFix\backups\regedit.exe c:\Documents and Settings\Sharioh\Application Data\Azureus\plugins\azemp\azmplay.exe c:\Documents and Settings\Sharioh\Application Data\IDM\DwnlData\Sharioh\DivXInstaller_12\DivXInstaller.exe c:\Documents and Settings\Sharioh\Application Data\IDM\DwnlData\Sharioh\DivXInstaller_12\DivXInstaller.exe1 c:\Documents and Settings\Sharioh\Application Data\IDM\DwnlData\Sharioh\DivXInstaller_12\DivXInstaller.exe2 c:\Documents and Settings\Sharioh\Application Data\IDM\DwnlData\Sharioh\DivXInstaller_12\DivXInstaller.exe3 c:\Documents and Settings\Sharioh\Application Data\IDM\DwnlData\Sharioh\DivXInstaller_12\DivXInstaller.exe4 c:\Documents and Settings\Sharioh\Application Data\IDM\DwnlData\Sharioh\DivXInstaller_12\DivXInstaller.exe5 c:\Documents and Settings\Sharioh\Application Data\IDM\DwnlData\Sharioh\DivXInstaller_12\DivXInstaller.exe6 c:\Documents and Settings\Sharioh\Application Data\IDM\DwnlData\Sharioh\DivXInstaller_12\DivXInstaller.exe7 c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\BERNADETTE FLIEGER\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\Sharioh\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\Sharioh\Application Data\IDM\idmmzcc2\components\idmmzcc.dll c:\Documents and Settings\Sharioh\Application Data\DesktopPlayer\Cinema Bizarre Player\presets.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_BF.tar.gz a l'adresse http://upload.malekal.com

Voilà les rapports. Merci pour l'aide ! --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 00:36:35 23/01/2008 + Résultat de l'analyse: Rien à signaler. Fin du rapport SDFix: Version 1.130 Run by Sharioh on 23/01/2008 at 00:57 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\Sharioh\Bureau\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\antiv.exe - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-23 01:19:37 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\System32\\rundll32.exe"="C:\\WINDOWS\\System32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application" "C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\WINDOWS\\system32\\dllcache\\spoolms.exe"="C:\\WINDOWS\\system32\\dllcache\\spoolms.exe:*:Enabled:Windows Sharing" "C:\\WINDOWS\\system32\\whml.exe"="C:\\WINDOWS\\system32\\whml.exe:*:Enabled:WHML" "c:\\id44l.exe"="c:\\id44l.exe:*:Enabled:WHML" "C:\\WINDOWS\\system32\\spoolsv.exe"="C:\\WINDOWS\\system32\\spoolsv.exeC:\\WINDOWS\\system32\\spoolsv.exe:*:Enabled:WHML" "C:\\WINDOWS\\System32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exeC:\\WINDOWS\\system32\\svchost:*:Enabled:WHML" "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"="C:\\WINDOWS\\system32\\wbem\\wmiprvse.exeC:\\WINDOWS\\system32\\wbem\\wmiprvse.exe:*:Enabled:WHML" "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS" "C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exelogonui.exe:*:Enabled:WHML" "C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"="C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exeC:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe:*:Enabled:WHML" "C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exeC:\\WINDOWS\\system32\\services.exe:*:Enabled:WHML" "C:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe"="C:\\WINDOWS\\system32\\wbem\\wmiapsrv.exeC:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe:*:Enabled:WHML" "C:\\Program Files\\Controle Parental\\bin\\optproxy.exe"="C:\\Program Files\\Controle Parental\\bin\\optproxy.exeC:\\Program Files\\Controle Parental\\bin\\optproxy.exe:*:Enabled:WHML" "C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe"="C:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exeC:\\Program Files\\Fichiers communs\\LightScribe\\LSSrvc.exe:*:Enabled:WHML" "C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exeC:\\WINDOWS\\system32\\lsass.exe:*:Enabled:WHML" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\WINDOWS\\TEMP\\A33.tmp"="C:\\WINDOWS\\TEMP\\A33.tmpC:\\WINDOWS\\TEMP\\A33.tmp:*:Enabled:WHML" "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exeC:\\Program Files\\Lavasoft\\Ad-Aware 2007\\aawservice.exe:*:Enabled:WHML" "C:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe"="C:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exeC:\\Acer\\Empowering Technology\\ePerformance\\MemCheck.exe:*:Enabled:WHML" "C:\\WINDOWS\\system32\\wnss.exe"="C:\\WINDOWS\\system32\\wnss.exe:*:Enabled:Windows Network Security Service" "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exewinlogon.exe:*:Enabled:Windows Network Security Service" "C:\\WINDOWS\\EXPLORER.EXE"="C:\\WINDOWS\\EXPLORER.EXE:*:Enabled:Explorateur Windows" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- File Backups: - C:\DOCUME~1\Sharioh\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes: Wed 21 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll" Wed 21 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll" Wed 21 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll" Wed 21 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll" Wed 21 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll" Sun 9 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 13 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Fri 14 Dec 2007 19,456 ...H. --- "C:\Documents and Settings\BERNADETTE FLIEGER\Application Data\Microsoft\Word\~WRL0004.tmp" Fri 14 Dec 2007 19,968 ...H. --- "C:\Documents and Settings\BERNADETTE FLIEGER\Application Data\Microsoft\Word\~WRL1622.tmp" Fri 14 Dec 2007 20,480 ...H. --- "C:\Documents and Settings\BERNADETTE FLIEGER\Application Data\Microsoft\Word\~WRL1216.tmp" Fri 14 Dec 2007 21,504 ...H. --- "C:\Documents and Settings\BERNADETTE FLIEGER\Application Data\Microsoft\Word\~WRL3686.tmp" Mon 14 Jun 2004 304,128 A..H. --- "C:\Documents and Settings\BERNADETTE FLIEGER\Mes documents\SYSTDOC EHPAD\LES DOCUMENTS3\~WRL0922.tmp" Finished! Logfile of HijackThis v1.99.1 Scan saved at 01:27:45, on 23/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Controle Parental\bin\optproxy.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\CONTRO~1\bin\optgui.exe C:\Program Files\Orange HSS\Systray\SystrayApp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Orange HSS\Launcher\Launcher.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\AlertModule.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\FTCOMModule.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wnss.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S8C.tmp" /EF "HKLM" O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Windows Network Security Service (wnss) - Unknown owner - C:\WINDOWS\system32\wnss.exe (file missing)

Bonsoir, J'ai été infecté par des cheval de troie (mon antivirus était avast) Je suis venu ici et ai suivis la procedure de pré-néttoyage du PC. Voilà maintenant mon rapport HijackThis. Merci d'avance pour votre aide Logfile of HijackThis v1.99.1 Scan saved at 02:07:55, on 22/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Controle Parental\bin\optproxy.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE C:\PROGRA~1\CONTRO~1\bin\optgui.exe C:\Program Files\Orange HSS\Systray\SystrayApp.exe C:\Program Files\Orange HSS\Launcher\Launcher.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\AlertModule.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\WINDOWS\system32\ctfmon.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\FTCOMModule.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wnss.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S8C.tmp" /EF "HKLM" O4 - HKLM\..\Run: [OPTENET_GUI] C:\PROGRA~1\CONTRO~1\bin\optgui.exe O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O11 - Options group: [iNTERNATIONAL] International* O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Orange - C:\Program Files\Controle Parental\bin\optproxy.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Windows Network Security Service (wnss) - Unknown owner - C:\WINDOWS\system32\wnss.exe (file missing)