machaaa

Hello Ogu! merci à toi, c'est toi qui a fais du bon travail! je suis trop contente, j'ai un moment cru que j'allais de voir réinstaller tout le système pour que ma machine soit propre. bien sûr, je suis ouverte à tes conseils, j'écoute! je constate que je surfe déjà vachement plus vite qu'avant, pourvu que ça dure! bon et puis après cet ordi, je vais m'attaquer à mon laptop.... donc je reviendrais très prochainement sur le forum Bon, j'attend tes conseils et encore une énoooooorme MERCIIIII macha

Salut Ogu! Aaah, c'était donc ça! J'espère que tu as passé de bonnes vancances! Contente que les deux derniers rapports soient sains! Je remarque surtout qu'Antivir ne s'alerte plus pour des Vundos! Avant de poster les deux derniers rapports demandés, j'ai qq petites questions: 1) Dois-je garder VundoFix, et autres soft que j'ai downloadé pour nettoyer mon ordi? (ATF Cleaner, Ewido,..) 2) Antivir a détecté A0000010.exe, je l'ai mis en quarantaine, de quoi s'agit-il? 3) J'ai voulu downloader un soft avec lequel je travaille sur mon portable (VVVV) et directx, mais quand je veux les lancer, une fenêtre me dit que ce n'est pas une application Win32 valide... n'aurais-je pas supprimer un fichier nécessaire dans le Win32 qui permet de lancer de nouvelles application? pour VVVV, il me dit qu'il ne peut pas démarrer car d3dx9_30.dll est introuvable... Je vais encore essayer de le réinstaller, on verra bien, mais cela a-t-il un lien? Sinon voici les deux derniers rapports demandés: Ewido: TrackingCookie.Doubleclick Path: :mozilla.65:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.93:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Onestat Path: :mozilla.109:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Onestat Path: :mozilla.112:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.126:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.127:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrendslive Path: :mozilla.138:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.152:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.153:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.154:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.155:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.156:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.157:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.158:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Pointroll Path: :mozilla.159:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: TrackingCookie.Atdmt Path: :mozilla.163:C:\Documents and Settings\MD\Application Data\Mozilla\Firefox\Profiles\8ws11duk.default\cookies.txt Risk: Medium Name: Adware.Minibug Path: C:\Program Files\Fichiers communs\Real\WeatherBug\MiniBugTransporter.dll Risk: Medium Antivir: AntiVir PersonalEdition Classic Report file date: jeudi 6 mars 2008 08:39 Scanning for 1132684 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: MD Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 22:31:12 ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 20:11:50 ANTIVIR3.VDF : 7.0.2.231 167424 Bytes 04/03/2008 21:11:37 AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 02/03/2008 16:39:33 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 27/01/2008 22:31:13 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: jeudi 6 mars 2008 08:39 Starting search for hidden objects. '35474' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avnotify.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned Scan process 'LastFMHelper.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'NotifyPhoneBook.exe' - '1' Module(s) have been scanned Scan process 'SetIcon.exe' - '1' Module(s) have been scanned Scan process 'hpztsb04.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'VersionCueTray.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'issch.exe' - '1' Module(s) have been scanned Scan process 'stsystra.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 42 processes with 42 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Master boot sector HD1 [NOTE] No virus was found! Master boot sector HD2 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0015 Master boot sector HD3 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0015 Master boot sector HD4 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0015 Master boot sector HD5 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0015 Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '34' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\MD\Bureau\VirtumundoBeGone.exe [DETECTION] Contains detection pattern of the application APPL/Processor [iNFO] The file was moved to '4841a17b.qua'! C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1\A0000010.exe [DETECTION] Contains detection pattern of the application APPL/Processor [iNFO] The file was moved to '47ffb01c.qua'! Begin scan in 'D:\' End of the scan: jeudi 6 mars 2008 09:57 Used time: 1:17:29 min The scan has been done completely. 7270 Scanning directories 352787 Files were scanned 2 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 352785 Files not concerned 9128 Archives were scanned 2 Warnings 0 Notes 35474 Objects were scanned with rootkit scan 0 Hidden objects were found MERCIIII et à+, macha

Hello! Je n'ai plus de nouvelles, est-ce que tout est rentré dans l'ordre? Merci!!! macha

cooooOOOOoool!!!! voici le dernier rapport ComboFix: ps: j'ai un fichier texte catchme.log qui s'est crée sur le bureau. de quoi s'agit-il? dois-je le garder? ComboFix 08-02-21 - MD 2008-02-28 16:38:54.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1590 [GMT 1:00] Endroit: C:\Documents and Settings\MD\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))))))) . 2008-02-26 22:26 . 2008-02-26 22:26 <REP> d-------- C:\WINDOWS\ERUNT 2008-02-26 22:12 . 2008-02-26 22:36 <REP> d-------- C:\SDFix . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-28 09:27 --------- d-----w C:\Documents and Settings\MD\Application Data\OpenOffice.org2 2008-02-19 07:52 --------- d-----w C:\Documents and Settings\MD\Application Data\AdobeUM 2008-02-11 12:56 --------- d-----w C:\Program Files\Free Easy Burner 2008-01-27 22:29 --------- d-----w C:\Program Files\Avira 2008-01-27 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-01-27 21:33 --------- d-----w C:\Program Files\Trend Micro 2008-01-26 13:28 --------- d-----w C:\Documents and Settings\MD\Application Data\DivX 2008-01-23 22:31 --------- d-----w C:\Program Files\DivX 2008-01-11 18:30 --------- d-----w C:\Program Files\Last.fm 2008-01-09 22:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-06 18:34 --------- d-----w C:\Program Files\iTunes 2008-01-06 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-07 14:37 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-02-03 13:10 1,931 ----a-w C:\Program Files\README_WINPCAP.txt 2007-02-01 14:12 7,975,963 ----a-w C:\Program Files\packetgarden_1.0_setup.exe 2006-09-25 12:24 467,181 ----a-w C:\Program Files\winpcap_3.1.exe 2006-02-24 16:39 52,855,506 ----a-w C:\Program Files\openofficeorg3.cab 2006-02-24 16:39 2,352,893 ----a-w C:\Program Files\openofficeorg4.cab 2006-02-24 16:34 14,868,750 ----a-w C:\Program Files\openofficeorg2.cab 2006-02-24 16:33 18,306,767 ----a-w C:\Program Files\openofficeorg1.cab 2006-02-24 16:32 5,223,424 ----a-w C:\Program Files\openofficeorg20.msi 2006-02-24 16:32 217 ----a-w C:\Program Files\setup.ini 2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe 2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe 2001-03-28 10:02 122,880 ----a-w C:\WINDOWS\inf\Agfa\message.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "DMX"="C:\Program Files\Dell\Media Experience\DMX.exe" [ ] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 16:37 20053032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "AME_CSA"="csa.cpl" [2003-06-12 11:42 757760 C:\WINDOWS\system32\CSA.cpl] "AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 16:33 1732608] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-05 20:07 180269] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 20:50 196608] "SetIcon"="C:\Program Files\Icons\SetIcon.exe" [2002-12-16 10:02 39936] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18 270648] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-27 23:31 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360] C:\Documents and Settings\MD\Menu D‚marrer\Programmes\D‚marrage\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-06 19:33:46 106496] OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 17:42:22 61440] S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2003-04-04 18:13] S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-05 12:00] S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-05 12:00] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 22:10] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-12 13:59:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-28 16:40:58 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-28 16:41:23 ComboFix-quarantined-files.txt 2008-02-28 15:41:21 ComboFix2.txt 2008-02-26 21:22:13 ComboFix3.txt 2008-02-21 10:47:21 . 2008-02-26 22:45:34 --- E O F ---

hi! merci pour tout ce travail! Et à Angélique! voici les derniers scan: rapport conboFix: ComboFix 08-02-21 - MD 2008-02-26 22:19:40.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1637 [GMT 1:00] Endroit: C:\Documents and Settings\MD\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\MD\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\nGpxx01 C:\WINDOWS\system32\pac.txt . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp C:\Temp\gTiis19\lTig.log C:\VundoFix Backups C:\VundoFix Backups\merde.dll.bad C:\WINDOWS\system32\aee1 C:\WINDOWS\system32\uwcee9 C:\WINDOWS\system32\uwcee9\renamd83122.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))))))) . 2008-02-26 22:12 . 2008-02-25 15:14 <REP> d-------- C:\SDFix 2008-01-27 23:29 . 2008-01-27 23:29 <REP> d-------- C:\Program Files\Avira 2008-01-27 23:29 . 2008-01-27 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-27 22:33 . 2008-01-27 22:33 <REP> d-------- C:\Program Files\Trend Micro 2008-01-26 23:20 . 2008-01-27 23:43 <REP> d-------- C:\Program Files\Dot1XCfg . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-26 20:59 --------- d-----w C:\Documents and Settings\MD\Application Data\OpenOffice.org2 2008-02-19 07:52 --------- d-----w C:\Documents and Settings\MD\Application Data\AdobeUM 2008-02-11 12:56 --------- d-----w C:\Program Files\Free Easy Burner 2008-01-26 13:28 --------- d-----w C:\Documents and Settings\MD\Application Data\DivX 2008-01-23 22:31 --------- d-----w C:\Program Files\DivX 2008-01-11 18:30 --------- d-----w C:\Program Files\Last.fm 2008-01-09 22:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-06 18:34 --------- d-----w C:\Program Files\iTunes 2008-01-06 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm 2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys 2007-12-07 14:37 3,080,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-12-06 13:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll 2007-02-03 13:10 1,931 ----a-w C:\Program Files\README_WINPCAP.txt 2007-02-01 14:12 7,975,963 ----a-w C:\Program Files\packetgarden_1.0_setup.exe 2006-09-25 12:24 467,181 ----a-w C:\Program Files\winpcap_3.1.exe 2006-02-24 16:39 52,855,506 ----a-w C:\Program Files\openofficeorg3.cab 2006-02-24 16:39 2,352,893 ----a-w C:\Program Files\openofficeorg4.cab 2006-02-24 16:34 14,868,750 ----a-w C:\Program Files\openofficeorg2.cab 2006-02-24 16:33 18,306,767 ----a-w C:\Program Files\openofficeorg1.cab 2006-02-24 16:32 5,223,424 ----a-w C:\Program Files\openofficeorg20.msi 2006-02-24 16:32 217 ----a-w C:\Program Files\setup.ini 2006-02-08 11:01 266,240 ----a-w C:\Program Files\setup.exe 2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe 2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe 2001-03-28 10:02 122,880 ----a-w C:\WINDOWS\inf\Agfa\message.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "DMX"="C:\Program Files\Dell\Media Experience\DMX.exe" [ ] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 16:37 20053032] "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ] "Router"="C:\Program Files\Router\Router.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "AME_CSA"="csa.cpl" [2003-06-12 11:42 757760 C:\WINDOWS\system32\CSA.cpl] "AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 16:33 1732608] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-05 20:07 180269] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 20:50 196608] "SetIcon"="C:\Program Files\Icons\SetIcon.exe" [2002-12-16 10:02 39936] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18 270648] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-27 23:31 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360] C:\Documents and Settings\MD\Menu D‚marrer\Programmes\D‚marrage\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-06 19:33:46 106496] OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 17:42:22 61440] S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2003-04-04 18:13] S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-05 12:00] S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-05 12:00] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 22:10] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-12 13:59:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-26 22:21:48 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-02-26 22:22:12 ComboFix-quarantined-files.txt 2008-02-26 21:22:10 ComboFix2.txt 2008-02-21 10:47:21 . 2008-02-26 07:46:52 --- E O F --- Rapport SDFix SDFix: Version 1.147 Run by MD on mar. 26/02/2008 at 22:29 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Program Files\Setup.exe - Deleted Folder C:\Program Files\Dot1XCfg - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-26 22:33:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Finished! Et le dernier Rapport HijackThis! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:39:12, on 26/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\NotifyPhoneBook.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Icons\SetIcon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\zebulon.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=fr&s=gen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AME_CSA] rundll32 csa.cpl,RUN_DLL O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [setIcon] C:\Program Files\Icons\SetIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DMX] C:\Program Files\Dell\Media Experience\DMX.exe -sys O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 7160 bytes

Hello Ogu, oui c'était bien cette dll là. merci pour la suite! voici le nouveau rapport hijack-this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:06:25, on 25/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\zebulon.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=fr&s=gen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {02F50A32-3119-4186-BD6E-CBF41F5E6390} - C:\WINDOWS\system32\mljge.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {59C945D3-881D-481B-A347-3633DE13CB78} - C:\WINDOWS\system32\geedc.dll (file missing) O2 - BHO: {59e9cbf6-30c7-786b-a194-478f34e1e167} - {761e1e43-f874-491a-b687-7c036fbc9e95} - C:\WINDOWS\system32\fjufvdmr.dll (file missing) O2 - BHO: (no name) - {A066A570-6FD6-4B1D-A65D-0AE61E5F8D46} - C:\Program Files\MSN Gaming Zone\horevocC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll (file missing) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {D422CDBE-2D38-45A7-B283-8FF3E278F87D} - C:\WINDOWS\system32\ssqpq.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AME_CSA] rundll32 csa.cpl,RUN_DLL O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [setIcon] C:\Program Files\Icons\SetIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DMX] C:\Program Files\Dell\Media Experience\DMX.exe -sys O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 6579 bytes

hello! me revoilà (après une semaine de boulot non-stop), je peux enfin m'occuper de ma machine et vous envoyer le rapport de conbo-fix! j'espère que c'est reparti pour de bon! et merci encore pour votre aide!!!! ComboFix 08-02-21 - 2008-02-21 11:37:41.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1626 [GMT 1:00] Endroit: C:\Documents and Settings\...\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\inetget2 C:\Program Files\Router C:\Program Files\Temporary C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\system32\nGpxx01 C:\WINDOWS\system32\pac.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))))))) . 2008-01-31 11:26 . 2008-02-13 19:41 <REP> d-------- C:\VundoFix Backups 2008-01-27 23:29 . 2008-01-27 23:29 <REP> d-------- C:\Program Files\Avira 2008-01-27 23:29 . 2008-01-27 23:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-27 22:33 . 2008-01-27 22:33 <REP> d-------- C:\Program Files\Trend Micro 2008-01-26 23:20 . 2008-01-27 23:43 <REP> d-------- C:\Program Files\Dot1XCfg 2008-01-26 23:08 . 2008-01-26 23:08 <REP> d-------- C:\WINDOWS\system32\uwcee9 2008-01-26 23:08 . 2008-01-26 23:08 <REP> d-------- C:\Temp\gTiis19 2008-01-26 23:07 . 2008-01-26 23:08 <REP> d-------- C:\WINDOWS\system32\aee1 2008-01-26 23:07 . 2008-01-26 23:07 <REP> d-------- C:\Temp\cXzz9 2008-01-26 23:07 . 2008-02-21 11:37 <REP> d-------- C:\Temp 2008-01-24 13:31 . 2008-01-26 14:28 <REP> d-------- C:\Documents and Settings\...\Application Data\DivX 2008-01-23 23:31 . 2008-01-04 22:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-01-23 23:31 . 2008-01-04 22:58 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-01-23 23:31 . 2008-01-04 22:58 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-21 10:44 --------- d-----w C:\Documents and Settings\...\Application Data\OpenOffice.org2 2008-02-19 07:52 --------- d-----w C:\Documents and Settings\...\Application Data\AdobeUM 2008-02-11 12:56 --------- d-----w C:\Program Files\Free Easy Burner 2008-01-23 22:31 --------- d-----w C:\Program Files\DivX 2008-01-11 18:30 --------- d-----w C:\Program Files\Last.fm 2008-01-09 22:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-06 18:34 --------- d-----w C:\Program Files\iTunes 2008-01-06 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm 2008-01-04 21:58 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-02-03 13:10 1,931 ----a-w C:\Program Files\README_WINPCAP.txt 2007-02-01 14:12 7,975,963 ----a-w C:\Program Files\packetgarden_1.0_setup.exe 2006-09-25 12:24 467,181 ----a-w C:\Program Files\winpcap_3.1.exe 2006-02-24 16:39 52,855,506 ----a-w C:\Program Files\openofficeorg3.cab 2006-02-24 16:39 2,352,893 ----a-w C:\Program Files\openofficeorg4.cab 2006-02-24 16:34 14,868,750 ----a-w C:\Program Files\openofficeorg2.cab 2006-02-24 16:33 18,306,767 ----a-w C:\Program Files\openofficeorg1.cab 2006-02-24 16:32 5,223,424 ----a-w C:\Program Files\openofficeorg20.msi 2006-02-24 16:32 217 ----a-w C:\Program Files\setup.ini 2006-02-08 11:01 266,240 ----a-w C:\Program Files\setup.exe 2002-03-11 09:06 1,822,520 ----a-w C:\Program Files\instmsiw.exe 2002-03-11 08:45 1,708,856 ----a-w C:\Program Files\instmsia.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02F50A32-3119-4186-BD6E-CBF41F5E6390}] C:\WINDOWS\system32\mljge.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59C945D3-881D-481B-A347-3633DE13CB78}] C:\WINDOWS\system32\geedc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761e1e43-f874-491a-b687-7c036fbc9e95}] C:\WINDOWS\system32\fjufvdmr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A066A570-6FD6-4B1D-A65D-0AE61E5F8D46}] C:\Program Files\MSN Gaming Zone\horevocC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D422CDBE-2D38-45A7-B283-8FF3E278F87D}] C:\WINDOWS\system32\ssqpq.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "DMX"="C:\Program Files\Dell\Media Experience\DMX.exe" [ ] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-08-21 16:37 20053032] "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ] "Router"="C:\Program Files\Router\Router.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 00:20 339968 C:\WINDOWS\stsystra.exe] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920] "AME_CSA"="csa.cpl" [2003-06-12 11:42 757760 C:\WINDOWS\system32\CSA.cpl] "AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 16:33 1732608] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-05 20:07 180269] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 20:50 196608] "SetIcon"="C:\Program Files\Icons\SetIcon.exe" [2002-12-16 10:02 39936] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18 270648] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-27 23:31 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360] S3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2003-04-04 18:13] S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-05 12:00] S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-05 12:00] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 22:10] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\Auto\command - AdobeR.exe e \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-12 13:59:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-21 11:45:33 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\NotifyPhoneBook.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe . ************************************************************************** . Temps d'accomplissement: 2008-02-21 11:47:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-21 10:47:18 . 2008-02-21 09:56:47 --- E O F ---

C'est vraiment si grave docteur? vundofix indique que j'ai encore une old version de java, mais je l'ai pourtant mise à jour comme conseillé. meeerciiii pour ton aide!!! voici les rapports: HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:31:13, on 13/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\zebulon.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=fr&s=gen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {02F50A32-3119-4186-BD6E-CBF41F5E6390} - C:\WINDOWS\system32\mljge.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {59C945D3-881D-481B-A347-3633DE13CB78} - C:\WINDOWS\system32\geedc.dll (file missing) O2 - BHO: {59e9cbf6-30c7-786b-a194-478f34e1e167} - {761e1e43-f874-491a-b687-7c036fbc9e95} - C:\WINDOWS\system32\fjufvdmr.dll (file missing) O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\khfdbya.dll (file missing) O2 - BHO: (no name) - {A066A570-6FD6-4B1D-A65D-0AE61E5F8D46} - C:\Program Files\MSN Gaming Zone\horevocC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll (file missing) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {D422CDBE-2D38-45A7-B283-8FF3E278F87D} - C:\WINDOWS\system32\ssqpq.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AME_CSA] rundll32 csa.cpl,RUN_DLL O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [setIcon] C:\Program Files\Icons\SetIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DMX] C:\Program Files\Dell\Media Experience\DMX.exe -sys O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\nmyjpfbp.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 6862 bytes VirtumundoBeGone: [02/13/2008, 16:45:13] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Marie-Laure Delaby\Bureau\VirtumundoBeGone.exe" ) [02/13/2008, 16:45:23] - Detected System Information: [02/13/2008, 16:45:23] - Windows Version: 5.1.2600, Service Pack 2 [02/13/2008, 16:45:23] - Current Username: (Admin) [02/13/2008, 16:45:23] - Windows is in SAFE mode with Networking. [02/13/2008, 16:45:23] - Searching for Browser Helper Objects: [02/13/2008, 16:45:23] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [02/13/2008, 16:45:23] - BHO 2: {02F50A32-3119-4186-BD6E-CBF41F5E6390} () [02/13/2008, 16:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 16:45:23] - Checking for HKLM\...\Winlogon\Notify\mljge [02/13/2008, 16:45:23] - Key not found: HKLM\...\Winlogon\Notify\mljge, continuing. [02/13/2008, 16:45:23] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/13/2008, 16:45:23] - BHO 4: {59C945D3-881D-481B-A347-3633DE13CB78} () [02/13/2008, 16:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 16:45:23] - Checking for HKLM\...\Winlogon\Notify\geedc [02/13/2008, 16:45:23] - Key not found: HKLM\...\Winlogon\Notify\geedc, continuing. [02/13/2008, 16:45:23] - BHO 5: {761e1e43-f874-491a-b687-7c036fbc9e95} () [02/13/2008, 16:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 16:45:23] - Checking for HKLM\...\Winlogon\Notify\fjufvdmr [02/13/2008, 16:45:23] - Key not found: HKLM\...\Winlogon\Notify\fjufvdmr, continuing. [02/13/2008, 16:45:23] - BHO 6: {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} () [02/13/2008, 16:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 16:45:23] - Checking for HKLM\...\Winlogon\Notify\khfdbya [02/13/2008, 16:45:23] - Key not found: HKLM\...\Winlogon\Notify\khfdbya, continuing. [02/13/2008, 16:45:23] - BHO 7: {A066A570-6FD6-4B1D-A65D-0AE61E5F8D46} () [02/13/2008, 16:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 16:45:23] - Checking for HKLM\...\Winlogon\Notify\renamd83122.exe [02/13/2008, 16:45:23] - Key not found: HKLM\...\Winlogon\Notify\renamd83122.exe, continuing. [02/13/2008, 16:45:23] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class) [02/13/2008, 16:45:23] - BHO 9: {D422CDBE-2D38-45A7-B283-8FF3E278F87D} () [02/13/2008, 16:45:23] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 16:45:23] - Checking for HKLM\...\Winlogon\Notify\ssqpq [02/13/2008, 16:45:23] - Key not found: HKLM\...\Winlogon\Notify\ssqpq, continuing. [02/13/2008, 16:45:23] - Finished Searching Browser Helper Objects [02/13/2008, 16:45:23] - Finishing up... [02/13/2008, 16:45:23] - Nothing found! Exiting... [02/13/2008, 16:49:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Marie-Laure Delaby\Bureau\VirtumundoBeGone.exe" ) [02/13/2008, 16:49:42] - Detected System Information: [02/13/2008, 16:49:42] - Windows Version: 5.1.2600, Service Pack 2 [02/13/2008, 16:49:42] - Current Username: (Admin) [02/13/2008, 16:49:42] - Windows is in SAFE mode with Networking. [02/13/2008, 16:49:42] - Searching for Browser Helper Objects: [02/13/2008, 16:49:42] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [02/13/2008, 16:49:42] - BHO 2: {02F50A32-3119-4186-BD6E-CBF41F5E6390} () [02/13/2008, 16:49:42] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 16:49:42] - Checking for HKLM\...\Winlogon\Notify\mljge [02/13/2008, 16:49:42] - Key not found: HKLM\...\Winlogon\Notify\mljge, continuing. [02/13/2008, 16:49:42] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/13/2008, 16:49:42] - BHO 4: {59C945D3-881D-481B-A347-3633DE13CB78} () [02/13/2008, 16:49:42] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 16:49:42] - Checking for HKLM\...\Winlogon\Notify\geedc [02/13/2008, 16:49:42] - Key not found: HKLM\...\Winlogon\Notify\geedc, continuing. [02/13/2008, 16:49:42] - BHO 5: {761e1e43-f874-491a-b687-7c036fbc9e95} () [02/13/2008, 16:49:42] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 16:49:42] - Checking for HKLM\...\Winlogon\Notify\fjufvdmr [02/13/2008, 16:49:42] - Key not found: HKLM\...\Winlogon\Notify\fjufvdmr, continuing. [02/13/2008, 16:49:42] - BHO 6: {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} () [02/13/2008, 16:49:42] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 16:49:42] - Checking for HKLM\...\Winlogon\Notify\khfdbya [02/13/2008, 16:49:42] - Key not found: HKLM\...\Winlogon\Notify\khfdbya, continuing. [02/13/2008, 16:49:42] - BHO 7: {A066A570-6FD6-4B1D-A65D-0AE61E5F8D46} () [02/13/2008, 16:49:42] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 16:49:42] - Checking for HKLM\...\Winlogon\Notify\renamd83122.exe [02/13/2008, 16:49:42] - Key not found: HKLM\...\Winlogon\Notify\renamd83122.exe, continuing. [02/13/2008, 16:49:42] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class) [02/13/2008, 16:49:42] - BHO 9: {D422CDBE-2D38-45A7-B283-8FF3E278F87D} () [02/13/2008, 16:49:42] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 16:49:42] - Checking for HKLM\...\Winlogon\Notify\ssqpq [02/13/2008, 16:49:42] - Key not found: HKLM\...\Winlogon\Notify\ssqpq, continuing. [02/13/2008, 16:49:42] - Finished Searching Browser Helper Objects [02/13/2008, 16:49:42] - Finishing up... [02/13/2008, 16:49:42] - Nothing found! Exiting... [02/13/2008, 17:20:21] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Marie-Laure Delaby\Bureau\VirtumundoBeGone.exe" ) [02/13/2008, 17:20:27] - Detected System Information: [02/13/2008, 17:20:27] - Windows Version: 5.1.2600, Service Pack 2 [02/13/2008, 17:20:27] - Current Username: (Admin) [02/13/2008, 17:20:27] - Windows is in SAFE mode with Networking. [02/13/2008, 17:20:27] - Searching for Browser Helper Objects: [02/13/2008, 17:20:27] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [02/13/2008, 17:20:27] - BHO 2: {02F50A32-3119-4186-BD6E-CBF41F5E6390} () [02/13/2008, 17:20:27] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 17:20:27] - Checking for HKLM\...\Winlogon\Notify\mljge [02/13/2008, 17:20:27] - Key not found: HKLM\...\Winlogon\Notify\mljge, continuing. [02/13/2008, 17:20:27] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/13/2008, 17:20:27] - BHO 4: {59C945D3-881D-481B-A347-3633DE13CB78} () [02/13/2008, 17:20:27] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 17:20:27] - Checking for HKLM\...\Winlogon\Notify\geedc [02/13/2008, 17:20:27] - Key not found: HKLM\...\Winlogon\Notify\geedc, continuing. [02/13/2008, 17:20:27] - BHO 5: {761e1e43-f874-491a-b687-7c036fbc9e95} () [02/13/2008, 17:20:27] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 17:20:27] - Checking for HKLM\...\Winlogon\Notify\fjufvdmr [02/13/2008, 17:20:27] - Key not found: HKLM\...\Winlogon\Notify\fjufvdmr, continuing. [02/13/2008, 17:20:27] - BHO 6: {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} () [02/13/2008, 17:20:27] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 17:20:27] - Checking for HKLM\...\Winlogon\Notify\khfdbya [02/13/2008, 17:20:27] - Key not found: HKLM\...\Winlogon\Notify\khfdbya, continuing. [02/13/2008, 17:20:27] - BHO 7: {A066A570-6FD6-4B1D-A65D-0AE61E5F8D46} () [02/13/2008, 17:20:27] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 17:20:27] - Checking for HKLM\...\Winlogon\Notify\renamd83122.exe [02/13/2008, 17:20:27] - Key not found: HKLM\...\Winlogon\Notify\renamd83122.exe, continuing. [02/13/2008, 17:20:27] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class) [02/13/2008, 17:20:27] - BHO 9: {D422CDBE-2D38-45A7-B283-8FF3E278F87D} () [02/13/2008, 17:20:27] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 17:20:27] - Checking for HKLM\...\Winlogon\Notify\ssqpq [02/13/2008, 17:20:27] - Key not found: HKLM\...\Winlogon\Notify\ssqpq, continuing. [02/13/2008, 17:20:27] - Finished Searching Browser Helper Objects [02/13/2008, 17:20:27] - Finishing up... [02/13/2008, 17:20:27] - Nothing found! Exiting... [02/13/2008, 17:51:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Marie-Laure Delaby\Bureau\VirtumundoBeGone.exe" ) [02/13/2008, 17:51:12] - Detected System Information: [02/13/2008, 17:51:12] - Windows Version: 5.1.2600, Service Pack 2 [02/13/2008, 17:51:12] - Current Username: (Admin) [02/13/2008, 17:51:12] - Windows is in NORMAL mode. [02/13/2008, 17:51:12] - Searching for Browser Helper Objects: [02/13/2008, 17:51:12] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [02/13/2008, 17:51:12] - BHO 2: {02F50A32-3119-4186-BD6E-CBF41F5E6390} () [02/13/2008, 17:51:12] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 17:51:12] - Checking for HKLM\...\Winlogon\Notify\mljge [02/13/2008, 17:51:12] - Key not found: HKLM\...\Winlogon\Notify\mljge, continuing. [02/13/2008, 17:51:12] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/13/2008, 17:51:12] - BHO 4: {59C945D3-881D-481B-A347-3633DE13CB78} () [02/13/2008, 17:51:12] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 17:51:12] - Checking for HKLM\...\Winlogon\Notify\geedc [02/13/2008, 17:51:12] - Key not found: HKLM\...\Winlogon\Notify\geedc, continuing. [02/13/2008, 17:51:12] - BHO 5: {761e1e43-f874-491a-b687-7c036fbc9e95} () [02/13/2008, 17:51:12] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 17:51:12] - Checking for HKLM\...\Winlogon\Notify\fjufvdmr [02/13/2008, 17:51:12] - Key not found: HKLM\...\Winlogon\Notify\fjufvdmr, continuing. [02/13/2008, 17:51:12] - BHO 6: {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} () [02/13/2008, 17:51:12] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 17:51:12] - Checking for HKLM\...\Winlogon\Notify\khfdbya [02/13/2008, 17:51:12] - Key not found: HKLM\...\Winlogon\Notify\khfdbya, continuing. [02/13/2008, 17:51:12] - BHO 7: {A066A570-6FD6-4B1D-A65D-0AE61E5F8D46} () [02/13/2008, 17:51:12] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 17:51:12] - Checking for HKLM\...\Winlogon\Notify\renamd83122.exe [02/13/2008, 17:51:12] - Key not found: HKLM\...\Winlogon\Notify\renamd83122.exe, continuing. [02/13/2008, 17:51:12] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class) [02/13/2008, 17:51:12] - BHO 9: {D422CDBE-2D38-45A7-B283-8FF3E278F87D} () [02/13/2008, 17:51:12] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/13/2008, 17:51:12] - Checking for HKLM\...\Winlogon\Notify\ssqpq [02/13/2008, 17:51:12] - Key not found: HKLM\...\Winlogon\Notify\ssqpq, continuing. [02/13/2008, 17:51:12] - Finished Searching Browser Helper Objects [02/13/2008, 17:51:12] - Finishing up... [02/13/2008, 17:51:12] - Nothing found! Exiting... VundoFix: VundoFix V6.7.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 11:26:48 31/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\AudFile.dll C:\WINDOWS\system32\khfdbya.dll C:\WINDOWS\system32\miktokev.dll C:\WINDOWS\system32\nmyjpfbp.exe C:\WINDOWS\system32\qpqss.ini C:\WINDOWS\system32\qpqss.ini2 C:\WINDOWS\system32\ssqpq.dll C:\WINDOWS\system32\WMAFile.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\AudFile.dll C:\WINDOWS\system32\AudFile.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\khfdbya.dll C:\WINDOWS\system32\khfdbya.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\miktokev.dll C:\WINDOWS\system32\miktokev.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nmyjpfbp.exe C:\WINDOWS\system32\nmyjpfbp.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qpqss.ini C:\WINDOWS\system32\qpqss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\qpqss.ini2 C:\WINDOWS\system32\qpqss.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqpq.dll C:\WINDOWS\system32\ssqpq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\WMAFile.dll C:\WINDOWS\system32\WMAFile.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.7.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 12:02:58 31/01/2008 Listing files found while scanning.... VundoFix V6.7.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 12:48:15 11/02/2008 Listing files found while scanning.... C:\WINDOWS\system32\cdeeg.ini C:\WINDOWS\system32\cdeeg.ini2 C:\WINDOWS\system32\geedc.dll C:\WINDOWS\system32\khfdbya.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\cdeeg.ini C:\WINDOWS\system32\cdeeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\cdeeg.ini2 C:\WINDOWS\system32\cdeeg.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\geedc.dll C:\WINDOWS\system32\geedc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\khfdbya.dll C:\WINDOWS\system32\khfdbya.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\khfdbya.dll C:\WINDOWS\system32\khfdbya.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... VundoFix V6.7.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 16:50:21 13/02/2008 Listing files found while scanning.... C:\WINDOWS\system32\egjlm.ini C:\WINDOWS\system32\egjlm.ini2 C:\WINDOWS\system32\fjufvdmr.dll C:\WINDOWS\system32\khfdbya.dll C:\WINDOWS\system32\mljge.dll C:\WINDOWS\system32\rcsvhfsx.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\egjlm.ini C:\WINDOWS\system32\egjlm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\egjlm.ini2 C:\WINDOWS\system32\egjlm.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\fjufvdmr.dll C:\WINDOWS\system32\fjufvdmr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\khfdbya.dll C:\WINDOWS\system32\khfdbya.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\mljge.dll C:\WINDOWS\system32\mljge.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rcsvhfsx.dll C:\WINDOWS\system32\rcsvhfsx.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\khfdbya.dll C:\WINDOWS\system32\khfdbya.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.7.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 17:21:23 13/02/2008 Listing files found while scanning.... C:\WINDOWS\system32\khfdbya.dll Beginning removal... Performing Repairs to the registry. Done! VundoFix V6.7.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 17:54:53 13/02/2008 Listing files found while scanning.... C:\WINDOWS\system32\merde.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\merde.dll C:\WINDOWS\system32\merde.dll Has been deleted! Performing Repairs to the registry. Done!

clair, je me disais aussi... j'ai finalement réussi à le télécharger avec internet explorer, car il était vraiment bloqué avec mozilla... j'ai donc suivi la procédure avec virtumundobegone mais il ne trouve rien de rien (je poste le rapport asap), par contre vundofix en trouve pas mal, je les ai éliminé. Il restait malgré tout un coriace, que vundofix ne pouvait pas deleter, bon et (en espérant que je n'ai rien abîmé dans mon system32) je l'ai renommé et vundofix a enfin pût s'en débarrasser. là je termine un dernier scan d'antivir avant de lancer un rapport HijackThis je poste le tout asap! thanks!!!!!!! macha

hello ogu, je ne sais pas ce qui c'est passé, mais quand j'ai voulu télécharger virtumundoBeGone, antivir, l'a détecté comme virus et j'ai dû le deleter. du coup (je ne sais vraiment pas pourquoi), je n'ai plus accès à la page de téléchargement de secured2k, si j'essaye il me dit "impossible de trouver l'emplacement..." et les vundo se reproduise comme des fous (je deviens dingue) si j'essaye de les mettre en quarantaine ou de les deleter, ils reviennent aussitôt. j'ai alors refais un coup de vundofix en mode safe mais c'est quand même revenu... help!!! qu'est ce que je peux faire???? merci pour votre aide! macha

hello! j'ai fais tout ce que vous m'avez conseillé, sauf avg anti-spiware, que je ferais si ça peut me sauver. j'ai bien sûr encore des détections de A0026519.exe A0026520.exe A0026521.exe dans le C\system volume information (il se renome ou quoi?) je les ai mis en quarantaine, de quoi s'agit-il? je ne suis pas trop le genre à aller sur des sites douteux, donc je me demande bien d'où ça vient... Encore merci pour votre aide!!! macha voici le rapport de VundoFix: VundoFix V6.7.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 11:26:48 31/01/2008 Listing files found while scanning.... C:\WINDOWS\system32\AudFile.dll C:\WINDOWS\system32\khfdbya.dll C:\WINDOWS\system32\miktokev.dll C:\WINDOWS\system32\nmyjpfbp.exe C:\WINDOWS\system32\qpqss.ini C:\WINDOWS\system32\qpqss.ini2 C:\WINDOWS\system32\ssqpq.dll C:\WINDOWS\system32\WMAFile.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\AudFile.dll C:\WINDOWS\system32\AudFile.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\khfdbya.dll C:\WINDOWS\system32\khfdbya.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\miktokev.dll C:\WINDOWS\system32\miktokev.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nmyjpfbp.exe C:\WINDOWS\system32\nmyjpfbp.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qpqss.ini C:\WINDOWS\system32\qpqss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\qpqss.ini2 C:\WINDOWS\system32\qpqss.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqpq.dll C:\WINDOWS\system32\ssqpq.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\WMAFile.dll C:\WINDOWS\system32\WMAFile.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.7.7 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 12:02:58 31/01/2008 Listing files found while scanning.... Et de HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:47:44, on 2/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\NotifyPhoneBook.exe C:\Program Files\Icons\SetIcon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\zebulon.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=fr&s=gen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: {9ff60fe4-6a9b-03a9-5c24-be579dd4b2f3} - {3f2b4dd9-75eb-42c5-9a30-b9a64ef06ff9} - C:\WINDOWS\system32\miktokev.dll (file missing) O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\khfdbya.dll O2 - BHO: (no name) - {A066A570-6FD6-4B1D-A65D-0AE61E5F8D46} - C:\Program Files\MSN Gaming Zone\horevocC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll (file missing) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {D422CDBE-2D38-45A7-B283-8FF3E278F87D} - C:\WINDOWS\system32\ssqpq.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AME_CSA] rundll32 csa.cpl,RUN_DLL O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [setIcon] C:\Program Files\Icons\SetIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DMX] C:\Program Files\Dell\Media Experience\DMX.exe -sys O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: khfdbya - C:\WINDOWS\SYSTEM32\khfdbya.dll O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\nmyjpfbp.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe -- End of file - 8224 bytes

waaaw! super sympa, merci! bon, je fais tout ça et j'espère que s'en sera fini de ces vilains virus. comme protection, dois-je installer autre chose qu'antivir et avg anti-spyware? merci merci merci merci!!!!

Salut! Mon pc à signalé un virus, et depuis que j'ai installé Antivir, il en détecte plein d'autres (j'avais avast avant) J'ai suivi la procédure anti-virus postée sur ce forum et voici le résultat de Hijackthis: Merci pour votre aide!!! macha Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:22:31, on 28/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Icons\SetIcon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=fr&s=gen R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default....;l=fr&s=gen R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\khfdbya.dll O2 - BHO: (no name) - {A066A570-6FD6-4B1D-A65D-0AE61E5F8D46} - C:\Program Files\MSN Gaming Zone\horevocC:\WINDOWS\system32\uwcee9\renamd83122.exe.dll (file missing) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AME_CSA] rundll32 csa.cpl,RUN_DLL O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [setIcon] C:\Program Files\Icons\SetIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DMX] C:\Program Files\Dell\Media Experience\DMX.exe -sys O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: khfdbya - C:\WINDOWS\SYSTEM32\khfdbya.dll O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 7674 bytes