Biessaten

ComboFix 09-06-15.01 - Salignac 15/06/2009 21:45.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.447.71 [GMT 2:00] Lancé depuis: c:\users\Salignac\Desktop\Combo-Fix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Salignac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rncsys32.exe c:\users\Salignac\AppData\Roaming\wiaserva.log c:\users\Salignac\Salignac.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-15 au 2009-06-15 )))))))))))))))))))))))))))))))))))) . 2009-06-15 18:57 . 2009-06-15 18:58 -------- d-----w- C:\rsit 2009-06-14 15:11 . 2009-06-14 16:16 -------- d-----w- c:\users\Salignac\AppData\Roaming\vlc 2009-06-10 06:01 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-06-09 05:43 . 2009-06-09 05:43 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbEE2.tmp.exe 2009-05-18 12:23 . 2009-05-18 12:23 -------- d-----w- c:\users\Salignac\AppData\Local\TVU Networks 2009-05-18 12:23 . 2009-05-18 12:23 -------- d-----w- c:\programdata\TVU Networks . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-15 19:29 . 2008-02-20 15:49 -------- d-----w- c:\programdata\GamesBar 2009-06-15 14:45 . 2007-10-30 12:22 12 ----a-w- c:\windows\bthservsdp.dat 2009-06-13 12:13 . 2006-11-02 15:45 669328 ----a-w- c:\windows\system32\perfh00C.dat 2009-06-13 12:13 . 2006-11-02 15:45 123350 ----a-w- c:\windows\system32\perfc00C.dat 2009-05-31 21:35 . 2009-05-31 17:12 0 ----a-w- c:\users\Salignac\errorlog.tmp 2009-05-14 06:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-05-08 06:52 . 2009-05-08 06:52 2082104 ----a-w- c:\users\Salignac\AppData\Roaming\Mozilla\Firefox\Profiles\8q9g78ds.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll 2009-05-03 17:06 . 2007-09-26 11:45 -------- d-----w- c:\program files\Norton Security Scan 2009-05-03 17:06 . 2006-12-15 15:05 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-04-24 16:05 . 2009-06-10 06:00 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 16:02 . 2009-06-10 06:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 13:44 . 2009-06-10 06:00 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-04-23 12:43 . 2009-06-10 06:00 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:42 . 2009-06-10 06:00 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-22 17:45 . 2009-03-21 14:42 -------- d-----w- c:\users\Salignac\AppData\Roaming\Home Sweet Home 2009-04-18 10:52 . 2009-04-18 10:52 -------- d-----w- c:\programdata\SugarGames 2009-03-29 14:45 . 2008-09-07 18:29 680 ----a-w- c:\users\Salignac\AppData\Local\d3d9caps.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "????r"="" [?] "?????????"="??????????????e" [?] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408] "AlcoholAutomount"="d:\alcohol soft\Alcohol 120\axcmd.exe" [2008-02-22 217544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe" [2006-11-24 151552] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080] "tsnp2std"="c:\windows\tsnp2std.exe" [2007-01-05 258048] "snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-14 1695744] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{2030CDB3-E7A6-4BEA-B7A0-9AA5AD631814}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program "{CA64D56B-ED90-4160-ADCA-420399940561}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program "TCP Query User{E5DE59BA-EE2D-46CE-BE46-EC83ECB0437B}d:\\teamscript4\\mirc.exe"= UDP:d:\teamscript4\mirc.exe:mIRC "UDP Query User{98BB6EBF-D7EF-427C-8667-C902FB00670C}d:\\teamscript4\\mirc.exe"= TCP:d:\teamscript4\mirc.exe:mIRC "{E3209CBD-3A4B-4E0D-A67A-CE4A9BE332B6}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{393E5927-8CAC-4A3D-813F-E3831A788F50}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{4C4F96E5-9EF9-42E8-B385-1EFE446449D0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{5BD4E122-B3CC-4636-AAFC-F660C9D220B3}d:\\ppmate\\ppamnet.exe"= UDP:d:\ppmate\ppamnet.exe:ppmnet Module "UDP Query User{75858DAF-908A-43E4-9D84-F17A27736F7C}d:\\ppmate\\ppamnet.exe"= TCP:d:\ppmate\ppamnet.exe:ppmnet Module "TCP Query User{530D7CDF-0223-452E-8E80-11012B1EA3E1}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{E963EFC3-07D4-4575-B318-9ADBDDD5D225}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{12B178E3-C2F9-4524-9D23-F12A50EFA007}d:\\goa\\gunbound\\gunbound.gme"= UDP:d:\goa\gunbound\gunbound.gme:GunBound "UDP Query User{9FDB016F-65E2-4841-ABDE-0C8CB7050379}d:\\goa\\gunbound\\gunbound.gme"= TCP:d:\goa\gunbound\gunbound.gme:GunBound "TCP Query User{E66263DF-6D65-4AA3-A803-6A2DCB64D64C}d:\\tvants\\tvants.exe"= UDP:d:\tvants\tvants.exe:TVAnts "UDP Query User{DE1BBFFD-C417-4E11-975E-D283303BCA6D}d:\\tvants\\tvants.exe"= TCP:d:\tvants\tvants.exe:TVAnts "TCP Query User{FD88A564-5C64-48C9-A2A7-37158927C857}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{4A256535-A461-4008-935B-6A562C2676C2}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{8BF04CFC-1392-43CC-A8BE-B77B7AAECAB8}d:\\goa\\gunbound\\gunbound.gme"= UDP:d:\goa\gunbound\gunbound.gme:GunBound "UDP Query User{CD43E3C4-E30C-4148-B003-979FC3C1C23A}d:\\goa\\gunbound\\gunbound.gme"= TCP:d:\goa\gunbound\gunbound.gme:GunBound "TCP Query User{0721C5FA-8E3B-48A1-B41C-99E0AE5493C1}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{5B116A3C-F984-47C1-ACFC-D86D660B2BF9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{C9A05465-E990-48E3-B51A-45B002F26C06}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{28EE7CB8-4051-4D7E-8378-D0DB05FDAF89}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{CACBBCCA-122A-4301-905E-7243E2EBDFA9}d:\\tvants\\tvants.exe"= UDP:d:\tvants\tvants.exe:TVAnts "UDP Query User{CD31D448-43AD-4D0C-8C0F-FC012B5132C8}d:\\tvants\\tvants.exe"= TCP:d:\tvants\tvants.exe:TVAnts "TCP Query User{CEAB09B6-DDEE-4EA0-A8BE-FDF7B024939B}c:\\users\\salignac\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\salignac\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe "UDP Query User{A57D1B85-47D9-4E77-BF1C-F11C8481064B}c:\\users\\salignac\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\salignac\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe "TCP Query User{5AF1DE73-6C1A-4D62-8B64-16577A911487}c:\\program files\\sports interactive\\football manager 2007\\fm.exe"= UDP:c:\program files\sports interactive\football manager 2007\fm.exe:Football Manager 2007 "UDP Query User{172F0D19-0F60-4161-BA4C-BF7FF351FEB9}c:\\program files\\sports interactive\\football manager 2007\\fm.exe"= TCP:c:\program files\sports interactive\football manager 2007\fm.exe:Football Manager 2007 "TCP Query User{85E26757-CBA6-434E-92E4-F64EB51C77EC}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{2A443D99-B39D-45DD-AB80-7E62F9C2849E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{516EC8D1-3499-450F-9938-FEB56AA0C231}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{2A5AF146-7F75-4668-BC5F-484CA3B3AB6B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{2D47F8EB-E4B5-4DF4-B82C-ED2DADCA4FB7}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{152308B8-FCEF-48C5-9CBC-BEB919503CC2}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{EE917CFB-5516-4CB1-9C3E-F21A20C5FA46}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{E7547D29-3284-482B-A4FF-0184D831E812}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0 "{1C4735DD-7859-4989-BDBC-2C301FB23F88}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{A6FD98EE-476C-4942-A804-CBA75A8FDBF3}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk "{15A2D556-4554-4C5C-9551-686A21EC8EE8}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk "{C18200A8-B581-4308-A719-918101CFB7CB}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{990AA129-5B49-4D0A-B1A6-43BE98ED1AAD}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{3BA3277C-EB6A-45A2-AAEC-74819E44BDCD}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{C54517E0-F923-49FC-B366-1EC15169F3C6}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "TCP Query User{BC78BC7A-7C68-4708-9100-48FCBFF7DB79}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "UDP Query User{517A9338-2A41-4747-8D67-966F4A9B52DC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "TCP Query User{4736CEA9-A5BB-4ACC-8193-DA91F0C48192}d:\\syllabik\\mirc.exe"= UDP:d:\syllabik\mirc.exe:mIRC "UDP Query User{D0915088-9404-431F-B05B-C6294C88585C}d:\\syllabik\\mirc.exe"= TCP:d:\syllabik\mirc.exe:mIRC "{6618C7A0-716C-4F9D-9E1A-DAEFEB0507AE}"= UDP:d:\football manager 2008\fm.exe:Football Manager 2008 "{38A9DC71-93D2-4C14-A1B4-A4367E3BAC98}"= TCP:d:\football manager 2008\fm.exe:Football Manager 2008 "TCP Query User{F31D6993-B773-4DAE-BCFA-2F7431B32C80}d:\\trackmania nations eswc\\tmnationseswc.exe"= UDP:d:\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{368CE820-333C-4258-AAD1-8CD61BB397F1}d:\\trackmania nations eswc\\tmnationseswc.exe"= TCP:d:\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{8BA3DEE5-829D-4896-983E-9C8A4C2291D8}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= UDP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon "UDP Query User{F174102F-BCC5-4BDF-85A4-97F66BAF831D}c:\\program files\\messengerdiscovery\\messengerdiscovery live.exe"= TCP:c:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon "TCP Query User{9098F925-6331-4F49-984C-36E435D6826C}d:\\teamscript4\\mirc.exe"= UDP:d:\teamscript4\mirc.exe:mIRC "UDP Query User{64F7BB6E-F31A-48EC-B121-2BC48582DCD8}d:\\teamscript4\\mirc.exe"= TCP:d:\teamscript4\mirc.exe:mIRC "TCP Query User{68CB852B-270F-4EFD-8B05-3D79325F989D}d:\\skype\\phone\\skype.exe"= UDP:d:\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{82F36EC5-BBE4-4A45-905B-4B842194A413}d:\\skype\\phone\\skype.exe"= TCP:d:\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{EBD48E44-49CB-4A05-8F80-5E1CF7D9CD63}d:\\tvuplayer\\tvuplayer.exe"= UDP:d:\tvuplayer\tvuplayer.exe:TVUPlayer Component "UDP Query User{8499F95F-DD12-460C-9CF3-E644EB93D67F}d:\\tvuplayer\\tvuplayer.exe"= TCP:d:\tvuplayer\tvuplayer.exe:TVUPlayer Component "TCP Query User{7943BC1B-0481-45FE-8ABB-5B48179A677E}c:\\program files\\netscape\\netscape\\netscp.exe"= UDP:c:\program files\netscape\netscape\netscp.exe:Netscape "UDP Query User{EB2C2267-28CB-40CC-8662-0E70D8306FC3}c:\\program files\\netscape\\netscape\\netscp.exe"= TCP:c:\program files\netscape\netscape\netscp.exe:Netscape "TCP Query User{7626BF8B-73A2-421B-99C4-18F1EAEAAFB8}d:\\perfect battle online 1.0b\\perfect battle online.exe"= UDP:d:\perfect battle online 1.0b\perfect battle online.exe:Perfect Battle Online "UDP Query User{51A6B07C-5E49-46E3-914D-5FD5DAE49437}d:\\perfect battle online 1.0b\\perfect battle online.exe"= TCP:d:\perfect battle online 1.0b\perfect battle online.exe:Perfect Battle Online "{614BA8BF-AD3D-420B-9A54-9B1885D7CEEC}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp "{8FF327CE-5386-4ADE-AD93-06B811E5D26E}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp "{8FBC33AA-18DD-4006-83C4-041FC34C4818}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice "{1EC27BEE-258C-48E8-B3FE-2E0DAA5637C0}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice "TCP Query User{7E7517B1-2741-4ABA-91CF-4841AB36EC58}d:\\bsmaxscript[7.0]\\mirc.exe"= UDP:d:\bsmaxscript[7.0]\mirc.exe:mIRC "UDP Query User{2E296385-C7B8-4812-B4FE-DF39FA381F04}d:\\bsmaxscript[7.0]\\mirc.exe"= TCP:d:\bsmaxscript[7.0]\mirc.exe:mIRC "TCP Query User{96F3CC36-B88C-4941-ACF9-BB5B9D58752F}d:\\yu-gi-oh virtual battle 5\\yvb5.exe"= UDP:d:\yu-gi-oh virtual battle 5\yvb5.exe:YVB5 "UDP Query User{05464C87-9051-45A3-957B-196F83E7B61F}d:\\yu-gi-oh virtual battle 5\\yvb5.exe"= TCP:d:\yu-gi-oh virtual battle 5\yvb5.exe:YVB5 "TCP Query User{B34B6204-664A-4959-96BB-C1B7D5376E12}d:\\goa\\gunbound\\gunbound\\gunbound.gme"= UDP:d:\goa\gunbound\gunbound\gunbound.gme:GunBound "UDP Query User{3E20CD24-FE44-4754-B669-A3C6FEE48412}d:\\goa\\gunbound\\gunbound\\gunbound.gme"= TCP:d:\goa\gunbound\gunbound\gunbound.gme:GunBound "{18C5A4A2-74B0-4780-ADFB-F53C93D5B28F}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009 "{F981A7F4-20B8-4792-AF47-A0420DF8BDFB}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009 "{7A1AEBD4-119D-4382-B196-33FC9C35625C}"= Disabled:UDP:d:\sports interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo "{48FBB0E5-9A32-4300-8189-797A3D0D1AE2}"= Disabled:TCP:d:\sports interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo "TCP Query User{8BE8A501-8663-4EDB-B72C-79C646E9FB47}d:\\goa\\gunbound\\gunbound\\gunbound.gme"= UDP:d:\goa\gunbound\gunbound\gunbound.gme:GunBound "UDP Query User{3B178A1D-F3D4-48E8-A066-5611EABBD04E}d:\\goa\\gunbound\\gunbound\\gunbound.gme"= TCP:d:\goa\gunbound\gunbound\gunbound.gme:GunBound "TCP Query User{4C4BAB5E-5E4A-4281-B09D-E475BBB55EBC}d:\\tvuplayer\\tvuplayer.exe"= UDP:d:\tvuplayer\tvuplayer.exe:TVUPlayer Component "UDP Query User{73765BB1-39CC-44EB-A7F9-9EB7B5E2B460}d:\\tvuplayer\\tvuplayer.exe"= TCP:d:\tvuplayer\tvuplayer.exe:TVUPlayer Component "TCP Query User{6F8CD8B1-436C-4550-844D-CBB858BC5F65}d:\\tvup\\tvuplayer.exe"= UDP:d:\tvup\tvuplayer.exe:TVUPlayer Component "UDP Query User{46031905-BD5A-49CC-95B6-BB76CE62CCE9}d:\\tvup\\tvuplayer.exe"= TCP:d:\tvup\tvuplayer.exe:TVUPlayer Component [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu "c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption "c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption "d:\\PPMate\\ppmate.exe"= d:\ppmate\ppmate.exe:*:Enabled:PPMate "d:\\PPMate\\ppamnet.exe"= d:\ppmate\ppamnet.exe:*:Enabled:PPMate R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [04/04/2008 18:57 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [04/04/2008 18:57 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/07/2007 17:45 51792] R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v3.sys [14/02/2009 20:29 227328] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/05/2008 18:37 576680] S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\System32\drivers\WlanUIG.sys [17/06/2005 10:27 379456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Salignac - c:\users\Salignac\Salignac.exe HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://free.fr/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://fr.yahoo.com uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: chat-land.org FF - ProfilePath - c:\users\Salignac\AppData\Roaming\Mozilla\Firefox\Profiles\8q9g78ds.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://webocodes.com FF - prefs.js: keyword.URL - http //fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\users\Salignac\AppData\Roaming\Mozilla\Firefox\Profiles\8q9g78ds.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll FF - plugin: c:\users\Salignac\AppData\Roaming\Mozilla\Firefox\Profiles\8q9g78ds.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll FF - plugin: d:\divx\DivX Web Player\npdivx32.dll ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-15 21:54 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2009-06-15 21:59 ComboFix-quarantined-files.txt 2009-06-15 19:59 Avant-CF: 29 456 826 368 octets libres Après-CF: 30 630 952 960 octets libres 219 --- E O F --- 2009-06-12 06:59

L'étape 10 est terminée et mon pc est en train de planter, ça arrête pas de dire "blabla a cessé de fonctionner"... Et toujours pas de rapport en vu... edit: ah non les étapes défilent toujours bien que a part ce logiciel tout le reste a planter (bureau vide, pas de barre de tache...)

info.txt logfile of random's system information tool 1.06 2009-06-15 20:58:13 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall 3-D Ultra Minigolf Adventures Deluxe-->"C:\Program Files\orange\jeux\3-D Ultra Minigolf Adventures Deluxe\Uninstall.exe" "C:\Program Files\orange\jeux\3-D Ultra Minigolf Adventures Deluxe\install.log" Acer eMode Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c -removeonly Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A712D29-DBE3-4381-A331-AF4AE5BEB244}\setup.exe" -l0x40c avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup AVS DVD Player version 2.4-->"C:\Program Files\AVSMedia\DVDPlayer\unins000.exe" Battle for Wesnoth 1.4.1-->"D:\Program Files\Wesnoth 1.4.1\unins000.exe" Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe BSmax ScripT 7.0-->"D:\BSmaxScripT[7.0]\uninstall.exe" Burger Island-->"C:\Program Files\orange\jeux\Burger Island\Uninstall.exe" "C:\Program Files\orange\jeux\Burger Island\install.log" CamStudio-->D:\CamStudio\uninstall.exe Cathys Caribbean Club-->"C:\Program Files\orange\jeux\Cathys Caribbean Club\Uninstall.exe" "C:\Program Files\orange\jeux\Cathys Caribbean Club\install.log" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Dofus 1.26.0-->D:\Dofus\uninstall.exe Eurobarre-->C:\PROGRA~1\EUROBA~1\uninstall.exe Fashion Rush-->"C:\Program Files\orange\jeux\Fashion Rush\Uninstall.exe" "C:\Program Files\orange\jeux\Fashion Rush\install.log" Fashion Star-->"C:\Program Files\orange\jeux\Fashion Star\Uninstall.exe" "C:\Program Files\orange\jeux\Fashion Star\install.log" Football Manager 2009-->"C:\Program Files\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe" Fourmis v1.2-->0:\Program Files\Fourmis v1.2\Uninstal.exe GamesBar 1.1.0.5-->C:\Program Files\GamesBar\uninst.exe Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8} Go-Go Gourmet-->"C:\Program Files\orange\jeux\Go-Go Gourmet\Uninstall.exe" "C:\Program Files\orange\jeux\Go-Go Gourmet\install.log" Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe" Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Gunbound-->"D:\GOA\GunBound\unins000.exe" HijackThis 2.0.2-->"C:\Users\Salignac\Desktop\HijackThis.exe" /uninstall Java 2 Runtime Environment, SE v1.4.1_02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe" Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Jojo’s Fashion Show-->"C:\Program Files\orange\jeux\Jojo’s Fashion Show\Uninstall.exe" "C:\Program Files\orange\jeux\Jojo’s Fashion Show\install.log" Ma-Config.com-->MsiExec.exe /X{05B3F57E-036B-4999-BAE4-E60E82F75442} Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} mIRC-->"D:\BSmaxScripT[7.0]\mirc.exe" -uninstall Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144} Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x0409 Norton Security Scan-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}_2_0_0\NSSSetup.exe" /X Norton Security Scan-->MsiExec.exe /I{1A8A214F-6BAC-4E01-A27D-25C19A484908} NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7 Perfect Battle Online 1.0b-->D:\Perfect Battle Online 1.0b\Uninstal.exe PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Poney Rancher -->C:\Program Files\DTP\Poney Rancher\uninst.exe PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} TeamScripT 4-->D:\TeamScripT4\desinstaller.exe Téléfoot World Of Soccer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F40734D-0E2C-4693-9385-84EAED8FBAF8}\setup.exe" -l0x40c TVAnts 1.0-->D:\TVAnts\UNWISE.EXE D:\TVAnts\INSTALL.LOG TVUPlayer 2.4.5.3-->D:\TVUP\uninst.exe USB2.0 PC Camera (SN9C201&202)-->C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x040c -removeonly -u VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 ViaMichelin Navigation PND-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47FF921C-E834-47A6-8CE4-F0A99CDE347F}\setup.exe" -l0x40c -removeonly VLC media player 0.9.9-->D:\VideoLAN\VLC\uninstall.exe Westward-->"C:\Program Files\Gamenext\Westward\Uninstall.exe" "C:\Program Files\Gamenext\Westward\install.log" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinISO 5.3-->D:\WinISO\unins000.exe WinRAR archiver-->D:\WinRaR\uninstall.exe Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe ======Security center information====== AV: avast! antivirus 4.8.1229 [VPS 081203-0] AS: Windows Defender AS: avast! antivirus 4.8.1229 [VPS 081203-0] ======System event log====== Computer Name: PC-de-Salignac Event Code: 4226 Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. Record Number: 266446 Source Name: Tcpip Time Written: 20090615183050.577585-000 Event Type: Avertissement User: Computer Name: PC-de-Salignac Event Code: 6008 Message: L'arrêt système précédant à 20:40:39 le 15/06/2009 n'était pas prévu. Record Number: 266451 Source Name: EventLog Time Written: 20090615184206.000000-000 Event Type: Erreur User: Computer Name: PC-de-Salignac Event Code: 15016 Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur. Record Number: 266462 Source Name: Microsoft-Windows-HttpEvent Time Written: 20090615184227.396792-000 Event Type: Erreur User: Computer Name: PC-de-Salignac Event Code: 1048 Message: Échec du démarrage des services Terminal Server. Le code d’état approprié était Les données de configuration de ce produit sont endommagées. Contactez votre support technique. . Record Number: 266464 Source Name: Microsoft-Windows-TerminalServices-LocalSessionManager Time Written: 20090615184321.000000-000 Event Type: Erreur User: Computer Name: PC-de-Salignac Event Code: 4226 Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées. Record Number: 266567 Source Name: Tcpip Time Written: 20090615184955.906192-000 Event Type: Avertissement User: =====Application event log===== Computer Name: PC-de-Salignac Event Code: 1530 Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. DÉTAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-497292552-2310223704-98928452-1000: Process 964 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-497292552-2310223704-98928452-1000 Record Number: 73704 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20090615144421.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-Salignac Event Code: 1530 Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. DÉTAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-497292552-2310223704-98928452-1000_Classes: Process 964 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-497292552-2310223704-98928452-1000_CLASSES Record Number: 73705 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20090615144423.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: PC-de-Salignac Event Code: 1000 Message: Application défaillante svchost.exe, version 6.0.6001.18000, horodatage 0x4a314f85, module défaillant ntdll.dll, version 6.0.6001.18000, horodatage 0x4791a7a6, code d’exception 0xc0000005, décalage d’erreur 0x000658c8, ID du processus 0xac0, heure de début de l’application 0x01c9edd4e6ea8ef1. Record Number: 73816 Source Name: Application Error Time Written: 20090615164020.000000-000 Event Type: Erreur User: Computer Name: PC-de-Salignac Event Code: 1000 Message: Application défaillante svchost.exe, version 6.0.6001.18000, horodatage 0x4a314f85, module défaillant ntdll.dll, version 6.0.6001.18000, horodatage 0x4791a7a6, code d’exception 0xc0000005, décalage d’erreur 0x000658c8, ID du processus 0x1698, heure de début de l’application 0x01c9edd82b9fc351. Record Number: 73818 Source Name: Application Error Time Written: 20090615164454.000000-000 Event Type: Erreur User: Computer Name: PC-de-Salignac Event Code: 1002 Message: Le programme Explorer.EXE version 6.0.6001.18164 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 768 Heure de début : 01c9edd4485fb464 Heure de fin : 7972 Record Number: 73820 Source Name: Application Hang Time Written: 20090615180004.000000-000 Event Type: Erreur User: =====Security event log===== Computer Name: PC-de-Salignac Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-20 Nom du compte : SERVICE RÉSEAU Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e4 Privilèges : SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege Record Number: 72454 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081102110139.178686-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Salignac Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-SALIGNAC$ Domaine du compte : MSHOME ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x27c Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 72455 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081102110139.334687-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Salignac Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-SALIGNAC$ Domaine du compte : MSHOME ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x27c Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 72456 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081102110139.334687-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Salignac Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 72457 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081102110139.334687-000 Event Type: Succès de l'audit User: Computer Name: PC-de-Salignac Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-SALIGNAC$ Domaine du compte : MSHOME ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-19 Nom du compte : SERVICE LOCAL Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e5 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x27c Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 72458 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20081102110139.787090-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel "PROCESSOR_REVISION"=0605 "NUMBER_OF_PROCESSORS"=2 -----------------EOF-----------------

Le fichier info.txt ne s'ouvre pas... Je sais pas comment faire...

Logfile of random's system information tool 1.06 (written by random/random) Run by Salignac at 2009-06-15 21:13:46 Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1 System drive C: has 28 GB (39%) free of 73 GB Total RAM: 447 MB (19% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:14:55, on 15/06/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\tsnp2std.exe C:\Windows\vsnp2std.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\system32\taskeng.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Windows\system32\netsh.exe C:\Windows\system32\conime.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\svchost.exe C:\Users\Salignac\Desktop\RSIT.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Salignac\Desktop\Salignac.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Users\Salignac\Salignac.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.cherche.us/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe O4 - HKCU\..\Run: [?????????] ??????????????e O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [salignac] C:\Users\Salignac\Salignac.exe /i O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: rncsys32.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: *.chat-land.org O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 10010 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}] GamesBar - C:\Program Files\GamesBar\oberontb.dll [2007-06-19 380928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-09 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-16 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-01 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-03-24 352256] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400] {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - GamesBar - C:\Program Files\GamesBar\oberontb.dll [2007-06-19 380928] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-09 259696] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704] "Acer Empowering Technology Monitor"=C:\Windows\system32\SysMonitor.exe [2006-11-23 319488] "Acer Tour"= [] "WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344] "eRecoveryService"= [] "PCMService"=C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe [2006-11-25 151552] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdc.exe [2007-01-24 563080] "tsnp2std"=C:\Windows\tsnp2std.exe [2007-01-05 258048] "snp2std"=C:\Windows\vsnp2std.exe [2006-09-15 675840] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "????r"= [] "?????????"=??????????????e [] "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] ""= [] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-20 39408] "AlcoholAutomount"=D:\Alcohol Soft\Alcohol 120\axcmd.exe [2008-02-22 217544] "Salignac"=C:\Users\Salignac\Salignac.exe [2009-06-15 21090] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Users\Salignac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup rncsys32.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"="C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu" "C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption" "C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"="C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption" "D:\PPMate\ppmate.exe"="D:\PPMate\ppmate.exe:*:Enabled:PPMate" "D:\PPMate\ppamnet.exe"="D:\PPMate\ppamnet.exe:*:Enabled:PPMate" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01b09106-8ec6-11dd-9a43-0060b3b6b6c3}] shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6bbde36-a85f-11dd-801c-0060b3b6b6c3}] shell\AutoRun\command - J:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cabffae3-b308-11dd-946b-0060b3b6b6c3}] shell\AutoRun\command - J:\autorun.exe ======List of files/folders created in the last 1 months====== 2009-06-15 20:57:30 ----D---- C:\rsit 2009-06-14 17:11:45 ----D---- C:\Users\Salignac\AppData\Roaming\vlc 2009-06-10 08:00:34 ----A---- C:\Windows\system32\localspl.dll 2009-06-10 08:00:26 ----A---- C:\Windows\system32\rpcrt4.dll 2009-06-10 08:00:13 ----A---- C:\Windows\system32\mshtml.dll 2009-06-10 08:00:08 ----A---- C:\Windows\system32\ieframe.dll 2009-06-10 08:00:07 ----A---- C:\Windows\system32\urlmon.dll 2009-06-10 08:00:06 ----A---- C:\Windows\system32\wininet.dll 2009-06-10 08:00:05 ----A---- C:\Windows\system32\iertutil.dll 2009-06-10 08:00:04 ----A---- C:\Windows\system32\msfeeds.dll 2009-06-10 08:00:04 ----A---- C:\Windows\system32\iedkcs32.dll 2009-06-10 08:00:03 ----A---- C:\Windows\system32\occache.dll 2009-06-10 08:00:03 ----A---- C:\Windows\system32\ieaksie.dll 2009-06-10 08:00:02 ----A---- C:\Windows\system32\ieUnatt.exe 2009-06-10 08:00:01 ----A---- C:\Windows\system32\ieencode.dll 2009-06-10 07:59:58 ----A---- C:\Windows\system32\mstime.dll 2009-06-10 07:59:53 ----A---- C:\Windows\system32\jsproxy.dll 2009-05-18 14:23:40 ----D---- C:\ProgramData\TVU Networks ======List of files/folders modified in the last 1 months====== 2009-06-15 21:13:50 ----D---- C:\Windows\Temp 2009-06-15 16:49:31 ----D---- C:\Windows\Prefetch 2009-06-15 10:43:29 ----SHD---- C:\System Volume Information 2009-06-13 14:13:55 ----D---- C:\Windows\System32 2009-06-13 14:13:55 ----D---- C:\Windows\inf 2009-06-13 14:13:55 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-06-11 09:21:07 ----D---- C:\Windows\winsxs 2009-06-11 09:10:38 ----D---- C:\Windows\system32\catroot 2009-06-11 09:10:09 ----D---- C:\Windows\system32\catroot2 2009-06-11 09:04:52 ----D---- C:\Program Files\Internet Explorer 2009-06-11 08:58:04 ----SHD---- C:\Windows\Installer 2009-06-01 18:51:12 ----A---- C:\Windows\system32\mrt.exe 2009-05-24 14:51:07 ----D---- C:\Program Files\Mozilla Firefox 2009-05-18 14:25:29 ----SD---- C:\Windows\Downloaded Program Files 2009-05-18 14:23:40 ----D---- C:\ProgramData ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792] R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584] R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-12-15 6144] R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 2085888] R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v3.sys [2007-04-23 227328] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 278528] S3 aegoiwv4;aegoiwv4; C:\Windows\system32\drivers\aegoiwv4.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-05-23 15352] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-04-27 12039552] S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2008-01-19 31616] S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\Windows\system32\DRIVERS\WlanUIG.sys [2005-06-17 379456] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-11-12 24576] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2006-11-24 557056] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe [2006-11-25 274520] R2 CLSched;CyberLink Task Scheduler (CTS); C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe [2006-11-25 118870] R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-12-08 45056] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-11-24 262247] R2 StarWindServiceAE;StarWind AE Service; D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-05-23 576680] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF-----------------

Pour info mon antivirus détecte le cheval de troie a l'adresse : C:\Users\"MonNom"\AppData\Local\Temp\BN7D90.tmp et a chaque fois que je mets en quarantaine le nom du fichier change mais toujours dans le même dossier. Il semblerait que le nom du cheval de troie est un cutwail.

Bonsoir, deja generé : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:46:36, on 15/06/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\SysMonitor.exe C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\system32\taskeng.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\tsnp2std.exe C:\Windows\vsnp2std.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Salignac\Desktop\HiJackThis.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Salignac\Salignac.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.cherche.us/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe O4 - HKCU\..\Run: [?????????] ??????????????e O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [salignac] C:\Users\Salignac\Salignac.exe /i O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: rncsys32.exe O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: *.chat-land.org O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 9847 bytes

Bonsoir, Je suis infecté par un cheval de troie que me détecte mon antivirus. Plus je supprime, plus ça revient. Il semblerait que c'est un rootkit. Je suis obligé de désactiver mon antivirus mon venir ici. Je mets le rapport dans 5min.

Fichier BTSetBootKey.exe reçu le 2008.09.06 21:16:06 (CET)Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.9.6.0 2008.09.06 - AntiVir 7.8.1.28 2008.09.05 - Authentium 5.1.0.4 2008.09.06 - Avast 4.8.1195.0 2008.09.06 - AVG 8.0.0.161 2008.09.05 - BitDefender 7.2 2008.09.06 - CAT-QuickHeal 9.50 2008.09.06 - ClamAV 0.93.1 2008.09.06 - DrWeb 4.44.0.09170 2008.09.06 - eSafe 7.0.17.0 2008.09.03 - eTrust-Vet 31.6.6072 2008.09.05 - Ewido 4.0 2008.09.06 - F-Prot 4.4.4.56 2008.09.06 - F-Secure 8.0.14332.0 2008.09.06 Suspicious:W32/Runner.h!Gemini Fortinet 3.112.0.0 2008.09.06 - GData 19 2008.09.06 - Ikarus T3.1.1.34.0 2008.09.06 - K7AntiVirus 7.10.443 2008.09.05 - Kaspersky 7.0.0.125 2008.09.06 - McAfee 5378 2008.09.05 - Microsoft 1.3903 2008.09.06 - NOD32v2 3423 2008.09.06 - Norman 5.80.02 2008.09.05 - Panda 9.0.0.4 2008.09.06 - PCTools 4.4.2.0 2008.09.06 - Prevx1 V2 2008.09.06 - Rising 20.60.52.00 2008.09.06 - Sophos 4.33.0 2008.09.06 - Sunbelt 3.1.1610.1 2008.09.05 - Symantec 10 2008.09.06 - TheHacker 6.3.0.8.072 2008.09.04 - TrendMicro 8.700.0.1004 2008.09.05 - VBA32 3.12.8.5 2008.09.06 - ViRobot 2008.9.5.1365 2008.09.06 - VirusBuster 4.5.11.0 2008.09.06 - Webwasher-Gateway 6.6.2 2008.09.05 - Information additionnelle File size: 36864 bytes MD5...: 8db01bd0de2969335f66bacfaaa18ce8 SHA1..: 8bbd2aa2fe95db8ac41acc84a1716c1c080d146d SHA256: cf9150d5e421dc745fef13f643d7d1427f80e07cdf5bbf4df55a8480a55d6f41 SHA512: ef1ac0d5fc5d7a39870d6c48e2a026ef972f2c540168e5dc94a0987a832efdb7<BR>149299edc19121f95724f1853ed9f1deadd8ec968752ef491a1eff85ddc531dc PEiD..: Armadillo v1.71 TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4012f0<BR>timedatestamp.....: 0x3e9af443 (Mon Apr 14 17:47:47 2003)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x389e 0x4000 6.14 c0b8b787b52fefa73c20fba9a4e07378<BR>.rdata 0x5000 0x996 0x1000 3.76 79035b2a9d04e4968df43abe44c3dbcc<BR>.data 0x6000 0x2a5c 0x3000 0.46 5b90a00cc32ecb43a0e3c9400a246232<BR><BR>( 3 imports ) <BR>> KERNEL32.dll: SetEvent, GetVersionExA, GetStringTypeA, LCMapStringW, LCMapStringA, CreateThread, LoadLibraryA, GetProcAddress, HeapReAlloc, VirtualAlloc, HeapAlloc, CreateEventA, WaitForSingleObject, MultiByteToWideChar, CloseHandle, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, GetStringTypeW<BR>> USER32.dll: RegisterClassExA, CreateWindowExA, ShowWindow, UpdateWindow, GetMessageA, TranslateMessage, DispatchMessageA, DefWindowProcA, PostQuitMessage<BR>> ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegCreateKeyExA<BR><BR>( 0 exports ) <BR> Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.9.6.0 2008.09.06 - AntiVir 7.8.1.28 2008.09.05 - Authentium 5.1.0.4 2008.09.06 - Avast 4.8.1195.0 2008.09.06 - AVG 8.0.0.161 2008.09.05 - BitDefender 7.2 2008.09.06 - CAT-QuickHeal 9.50 2008.09.06 - ClamAV 0.93.1 2008.09.06 - DrWeb 4.44.0.09170 2008.09.06 - eSafe 7.0.17.0 2008.09.03 - eTrust-Vet 31.6.6072 2008.09.05 - Ewido 4.0 2008.09.06 - F-Prot 4.4.4.56 2008.09.06 - F-Secure 8.0.14332.0 2008.09.06 Suspicious:W32/Runner.h!Gemini Fortinet 3.112.0.0 2008.09.06 - GData 19 2008.09.06 - Ikarus T3.1.1.34.0 2008.09.06 - K7AntiVirus 7.10.443 2008.09.05 - Kaspersky 7.0.0.125 2008.09.06 - McAfee 5378 2008.09.05 - Microsoft 1.3903 2008.09.06 - NOD32v2 3423 2008.09.06 - Norman 5.80.02 2008.09.05 - Panda 9.0.0.4 2008.09.06 - PCTools 4.4.2.0 2008.09.06 - Prevx1 V2 2008.09.06 - Rising 20.60.52.00 2008.09.06 - Sophos 4.33.0 2008.09.06 - Sunbelt 3.1.1610.1 2008.09.05 - Symantec 10 2008.09.06 - TheHacker 6.3.0.8.072 2008.09.04 - TrendMicro 8.700.0.1004 2008.09.05 - VBA32 3.12.8.5 2008.09.06 - ViRobot 2008.9.5.1365 2008.09.06 - VirusBuster 4.5.11.0 2008.09.06 - Webwasher-Gateway 6.6.2 2008.09.05 - Information additionnelle File size: 36864 bytes MD5...: 8db01bd0de2969335f66bacfaaa18ce8 SHA1..: 8bbd2aa2fe95db8ac41acc84a1716c1c080d146d SHA256: cf9150d5e421dc745fef13f643d7d1427f80e07cdf5bbf4df55a8480a55d6f41 SHA512: ef1ac0d5fc5d7a39870d6c48e2a026ef972f2c540168e5dc94a0987a832efdb7<BR>149299edc19121f95724f1853ed9f1deadd8ec968752ef491a1eff85ddc531dc PEiD..: Armadillo v1.71 TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4012f0<BR>timedatestamp.....: 0x3e9af443 (Mon Apr 14 17:47:47 2003)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x389e 0x4000 6.14 c0b8b787b52fefa73c20fba9a4e07378<BR>.rdata 0x5000 0x996 0x1000 3.76 79035b2a9d04e4968df43abe44c3dbcc<BR>.data 0x6000 0x2a5c 0x3000 0.46 5b90a00cc32ecb43a0e3c9400a246232<BR><BR>( 3 imports ) <BR>> KERNEL32.dll: SetEvent, GetVersionExA, GetStringTypeA, LCMapStringW, LCMapStringA, CreateThread, LoadLibraryA, GetProcAddress, HeapReAlloc, VirtualAlloc, HeapAlloc, CreateEventA, WaitForSingleObject, MultiByteToWideChar, CloseHandle, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, GetStringTypeW<BR>> USER32.dll: RegisterClassExA, CreateWindowExA, ShowWindow, UpdateWindow, GetMessageA, TranslateMessage, DispatchMessageA, DefWindowProcA, PostQuitMessage<BR>> ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegCreateKeyExA<BR><BR>( 0 exports ) <BR>

Le problème a été réglé merci beaucoup mais au cas où: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:56:20, on 04/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Motive\McciCMService.exe C:\WINDOWS\SOUNDMAN.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\BtUsrBdg.exe C:\WINDOWS\system32\BTSetBootKey.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Orange\LiveAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe D:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\TeamScripT4\mirc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Bureau\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O15 - Trusted Zone: http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) -- End of file - 12132 bytes

ComboFix 08-09-01.01 - SALIGNAC 2008-09-02 15:52:26.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.462 [GMT 2:00] Endroit: D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Bureau\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\GamesBar\oberontb.dll C:\Program Files\Helper C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\explorer.exe.tmp D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\macromedia\Flash Player\#SharedObjects\N6TQDDND\bin.clearspring.com D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\macromedia\Flash Player\#SharedObjects\N6TQDDND\bin.clearspring.com\clearspring.sol D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\macromedia\Flash Player\#SharedObjects\N6TQDDND\iforex.com D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\macromedia\Flash Player\#SharedObjects\N6TQDDND\iforex.com\Emerp\Events\flash_object.swf\user_data.sol D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Cookies\salignac@bluestreak[2].txt D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Cookies\salignac@clickintext[2].txt D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Cookies\salignac@serving-sys[2].txt . ((((((((((((((((((((((((((((( Fichiers créés 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))))))) . 2008-08-31 22:06 . 2008-08-31 22:06 <REP> d-------- D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Thunderbird 2008-08-31 22:06 . 2008-09-01 08:36 <REP> d-------- C:\Program Files\Mozilla Thunderbird 2008-08-28 12:39 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-02 13:52 --------- d-----w C:\Program Files\GamesBar 2008-09-01 16:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-31 07:47 --------- d-----w C:\Program Files\eMule 2008-08-28 10:39 --------- d-----w C:\Program Files\Java 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-25 12:47 52,376 ----a-w D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\GDIPFONTCACHEV1.DAT 2008-04-19 14:46 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-04-05 19:40 457 ----a-w C:\Program Files\Raccourci vers eMule.lnk 2008-01-29 21:15 1,751 ----a-w D:\Documents and Settings\SALIGNAC.CHAMBRE.001\clean.reg 2008-01-29 15:08 736,338 -csha-r C:\Program Files\serial.tde 2006-11-02 13:34 81,920 -c--a-w D:\Documents and Settings\SALIGNAC\Application Data\ezpinst.exe 2006-11-02 13:34 47,360 -c--a-w D:\Documents and Settings\SALIGNAC\Application Data\pcouffin.sys 2006-05-28 16:46 397,306 -csha-r C:\Program Files\wunauclt.zip 2006-05-28 16:46 397,306 -csha-r C:\Program Files\wunauclt.tbe 2004-06-18 09:05 45,056 -c--a-w C:\WINDOWS\inf\Slntinst.exe 2003-08-22 09:09 45,056 -c--a-w C:\WINDOWS\inf\slntinst_staticW2k.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 19:59 68856] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45 1211176] "Veoh"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 15:15 3664944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 22:05 339968] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-03-24 21:45 185896] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-02 19:30 196608] "tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2007-01-05 17:12 258048] "snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-15 13:21 675840] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 12:43 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-28 12:26 266497] "ORAHSSSessionManager"="C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe" [2008-01-22 23:28 107248] "Orange_McciTrayApp"="C:\Program Files\Orange\LiveAssistant.exe" [2007-12-21 15:07 1476608] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 19:48 77824 C:\WINDOWS\SOUNDMAN.EXE] "BTUSRBDG"="BtUsrBdg.exe" [2003-11-05 22:21 53248 C:\WINDOWS\system32\BtUsrBdg.exe] "BTSETBOOTKEY"="BTSetBootKey.exe" [2003-04-15 10:48 36864 C:\WINDOWS\system32\BTSetBootKey.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\PeerTV\\PeerCast.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "D:\\Documents and Settings\\SALIGNAC.CHAMBRE.001\\Application Data\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\adslTV\\adsltv.exe"= "D:\\TeamScripT4\\mirc.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "D:\\Program Files\\Football Manager 2008\\fm.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "D:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "C:\\Program Files\\OrangeHSS\\Browser\\Browser.exe"= "D:\\Program Files\\GOA\\Gunbound\\GunBound.gme"= "D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "D:\\Program Files\\BZFlag2.0.10\\bzflag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 17:18] R2 McciCMService;McciCMService;C:\Program Files\Fichiers communs\Motive\McciCMService.exe [2007-10-23 10:29] R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-03 12:25] R3 BTCOMM;BTCOMM;C:\WINDOWS\system32\drivers\Btcomm.sys [2004-09-28 16:18] R3 BTKRNBDG;Bluetooth COM Bridge;C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [2003-03-18 11:31] R3 vad_multi;Windigo Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vadmulti.sys [2005-04-13 17:02] S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50.SYS [2008-03-09 23:22] S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MREMP50a64.SYS [] S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50.SYS [2008-03-09 23:22] S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\FICHIE~1\Motive\MRESP50a64.SYS [] S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-04-09 11:38] S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 16:49] S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 16:50] S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 16:50] S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 16:50] S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 16:50] S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys [2005-08-01 14:46] S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [2005-08-01 14:46] S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys [2005-08-01 14:46] S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2005-06-17 10:27] *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' . - - - - ORPHANS REMOVED - - - - HKCU-Run-TheTurtle - C:\Program Files\TheTurtle\TheTurtle.exe HKCU-Run-Slide.exe - C:\Program Files\Slide\Slide.exe HKCU-Run-AlcoholAutomount - D:\Alcohol Soft\Alcohol 120\axcmd.exe . ------- Supplementary Scan ------- . FireFox -: Profile - D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Firefox\Profiles\gxpgkim3.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.find-jeux.com . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-02 15:55:36 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-09-02 15:56:52 ComboFix-quarantined-files.txt 2008-09-02 13:56:35 Pre-Run: 10,173,321,216 octets libres Post-Run: 10,161,758,208 octets libres 172 --- E O F --- 2008-08-28 21:46:45

J'ai supprimé un virus avec Avira mais maintenant en allumant mon pc j'ai un message d'erreur. "Impossible de trouver le fichier script "C:\WINDOWS\system32\killVBS.vbs". voici le rapport de hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:04:45, on 01/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscript.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Motive\McciCMService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\BtUsrBdg.exe C:\WINDOWS\system32\BTSetBootKey.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Orange\LiveAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe D:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Bureau\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Orange_Install] "D:\DOCUME~1\SALIGN~1.001\LOCALS~1\Temp\KIT2.tmp\Installation\Tempcomponents\LIVEASSISTANT\Live Assistant 2.0.exe" O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O15 - Trusted Zone: http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) -- End of file - 12798 bytes

Oui oui, merci encore ^^

C'est bon Merci pour tout, vous avez fait un travail remarquable

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:40:00, on 30/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\BtUsrBdg.exe C:\WINDOWS\system32\BTSetBootKey.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Bureau\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) -- End of file - 11049 bytes

Tout marche juste que au demarrage du bureau, j'ai la fenetre "Mes Documents" qui s'ouvre

en cliquant sur rem.bat, j'ai eut 2 message d'erreur "del key incorrect" avant que ca reboot. Cependant apres le reboot, la connexion est redevenu normal, avant elle etait tres fortement ralenti. GMER 1.0.14.14116 - http://www.gmer.net Rootkit scan 2008-01-30 15:21:13 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT sptd.sys ZwCreateKey [0xF73B20D0] SSDT sptd.sys ZwEnumerateKey [0xF73B7FB2] SSDT sptd.sys ZwEnumerateValueKey [0xF73B8340] SSDT sptd.sys ZwOpenKey [0xF73B20B0] SSDT sptd.sys ZwQueryKey [0xF73B8418] SSDT sptd.sys ZwQueryValueKey [0xF73B8298] SSDT sptd.sys ZwSetValueKey [0xF73B84AA] ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. .text USBPORT.SYS!DllUnload F695C62C 5 Bytes JMP 8510A770 ---- User code sections - GMER 1.0.14 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F2C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4451166F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 445115F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44511634 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4451157C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 445115B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 445116AA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A1676 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73B2AD4] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73B2C1A] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73B2B9C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73B3748] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73B361E] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73C829A] sptd.sys ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 855421E8 AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \Driver\USBSTOR \Device0000cd 84C191E8 Device \Driver\usbohci \Device\USBPDO-0 85109790 Device \Driver\usbohci \Device\USBPDO-1 85109790 Device \Driver\usbehci \Device\USBPDO-2 8510B790 Device \Driver\Ftdisk \Device\HarddiskVolume1 855CC1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 855CC1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 855CB1E8 Device \Driver\atapi \Device\Ide\IdePort0 855CB1E8 Device \Driver\atapi \Device\Ide\IdePort1 855CB1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 855CB1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{47A361C5-DE96-40F9-BAC3-529481C30379} 84FA9678 Device \Driver\NetBT \Device\NetBT_Tcpip_{72362948-B946-4AB6-80AF-76B798C48087} 84FA9678 Device \Driver\NetBT \Device\NetBt_Wins_Export 84FA9678 Device \Driver\NetBT \Device\NetbiosSmb 84FA9678 Device \Driver\USBSTOR \Device0000c9 84C191E8 Device \Driver\usbohci \Device\USBFDO-0 85109790 Device \Driver\usbohci \Device\USBFDO-1 85109790 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8507D790 Device \Driver\usbehci \Device\USBFDO-2 8510B790 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8507D790 Device \Driver\Ftdisk \Device\FtControl 855CC1E8 Device \Driver\USBSTOR \Device0000ca 84C191E8 Device \Driver\USBSTOR \Device0000cb 84C191E8 Device \Driver\USBSTOR \Device0000cc 84C191E8 Device \Driver\SI3112r \Device\Scsi\SI3112r1 855441E8 Device \Driver\SI3112r \Device\Scsi\SI3112r2 855441E8 Device \FileSystem\Cdfs \Cdfs 84ED51E8 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@p0 D:\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@ujdew 0x84 0x5C 0x65 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xBF 0xA5 0x6A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@p0 D:\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@ujdew 0x84 0x5C 0x65 0xC9 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xBF 0xA5 0x6A ... ---- EOF - GMER 1.0.14 ----

j'ai fait ce qu'a dit makelal, je m'occupe du reste

Lorsque je tente d'uploader, cela me dit que le fichier qwer78 est invalide. Mais pour kmi32 ca a marché.

GMER 1.0.14.14116 - http://www.gmer.net Rootkit scan 2008-01-30 14:14:50 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \??\C:\WINDOWS\system32\drivers\qwer78.sys ZwCreateKey [0xF762DA4F] <-- ROOTKIT !!! SSDT sptd.sys ZwEnumerateKey [0xF73B7FB2] <-- ROOTKIT !!! SSDT sptd.sys ZwEnumerateValueKey [0xF73B8340] <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\drivers\qwer78.sys ZwOpenKey [0xF762DB03] <-- ROOTKIT !!! SSDT sptd.sys ZwQueryKey [0xF73B8418] <-- ROOTKIT !!! SSDT sptd.sys ZwQueryValueKey [0xF73B8298] <-- ROOTKIT !!! SSDT sptd.sys ZwSetValueKey [0xF73B84AA] <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\drivers\qwer78.sys ZwTerminateProcess [0xF762F7C9] <-- ROOTKIT !!! ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. PAGENDSM NDIS.sys!NdisMIndicateStatus F71DCA5F 11 Bytes [ 58, 68, 30, DE, 6A, 84, 50, ... ] .text USBPORT.SYS!DllUnload F6EF362C 5 Bytes JMP 8555A1C8 .text qwer78.sys F762D0F4 630 Bytes CALL F762D0F9 \??\C:\WINDOWS\system32\drivers\qwer78.sys .text qwer78.sys F762D36B 281 Bytes [ 75, 02, 8B, 0F, 89, CF, 03, ... ] .text qwer78.sys F762D485 4 Bytes [ AB, 87, F7, 30 ] .text qwer78.sys F762D48A 345 Bytes [ F2, AE, 87, F7, 80, 3E, 00, ... ] .text qwer78.sys F762D5E4 95 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text ... .text C:\WINDOWS\system32\drivers\qwer78.sys section is writeable [0xF762D000, 0x7050, 0xE8000020] ? C:\WINDOWS\system32\drivers\qwer78.sys Le fichier spécifié est introuvable. ---- User code sections - GMER 1.0.14 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F2C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4451166F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 445115F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44511634 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4451157C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 445115B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 445116AA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[220] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A1676 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 28001CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 28001B00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 28001A80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] kernel32.dll!FindResourceA 7C80BE89 7 Bytes JMP 28001B90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 28001DF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] kernel32.dll!FindResourceExA 7C835F78 7 Bytes JMP 28001C20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] kernel32.dll!OutputDebugStringW 7C85A42D 5 Bytes JMP 28001E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] ADVAPI32.dll!CryptDeriveKey 77DBA685 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] ADVAPI32.dll!CryptDecrypt 77DBA7B1 2 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] ADVAPI32.dll!CryptDecrypt + 3 77DBA7B4 4 Bytes [ 24, B0, CC, CC ] .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 28003F90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] USER32.dll!CreateWindowExW 7E39FC25 5 Bytes JMP 280037C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] USER32.dll!SetWindowRgn 7E39FFB2 7 Bytes JMP 28005880 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] USER32.dll!LoadIconW 7E3A0894 5 Bytes JMP 28006240 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] USER32.dll!LoadImageW 7E3A2CFE 5 Bytes JMP 28006050 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] USER32.dll!CreateDialogParamW 7E3A7D4F 5 Bytes JMP 28005A50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] USER32.dll!SetWindowPlacement 7E3AD84C 5 Bytes JMP 28005740 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 28005C40 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] USER32.dll!TrackPopupMenuEx 7E3ECD28 5 Bytes JMP 28004870 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] WS2_32.dll!send 719F428A 5 Bytes JMP 2800A360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] WS2_32.dll!WSARecv 719F4318 5 Bytes JMP 2800A140 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] WS2_32.dll!recv 719F615A 5 Bytes JMP 28009FA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] WS2_32.dll!WSASend 719F6233 5 Bytes JMP 2800A540 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] WS2_32.dll!closesocket 719F9639 5 Bytes JMP 2800A780 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] SHELL32.dll!Shell_NotifyIconW 7CA361F5 5 Bytes JMP 28002FE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] ole32.dll!CoInitializeEx 774BEF6B 5 Bytes JMP 28002100 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] ole32.dll!CoRegisterClassObject 774D8720 5 Bytes JMP 28002200 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] WININET.dll!InternetCloseHandle 4408DAC1 5 Bytes JMP 280091A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] WININET.dll!HttpOpenRequestA 44094399 5 Bytes JMP 28008E60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] WININET.dll!InternetReadFile 4409ABF4 5 Bytes JMP 28008FF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3844] WININET.dll!HttpSendRequestA 4409CD78 5 Bytes JMP 280090D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou) .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F2C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4451166F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 445115F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44511634 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4451157C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 445115B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 445116AA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4056] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A1676 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73B2AD4] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73B2C1A] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73B2B9C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73B3748] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73B361E] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73C829A] sptd.sys ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs qwer78.sys Device \FileSystem\Ntfs \Ntfs 8553B1E8 AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) Device \Driver\USBSTOR \Device0000cd 84FBE790 Device \Driver\USBSTOR \Device0000ce 84FBE790 Device \Driver\Tcpip \Device\Ip qwer78.sys Device \Driver\usbohci \Device\USBPDO-0 855C71E8 Device \Driver\usbohci \Device\USBPDO-1 855C71E8 Device \Driver\usbehci \Device\USBPDO-2 855C81E8 Device \Driver\Tcpip \Device\Tcp qwer78.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 8555B1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8555B1E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 855C91E8 Device \Driver\atapi \Device\Ide\IdePort0 855C91E8 Device \Driver\atapi \Device\Ide\IdePort1 855C91E8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 855C91E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{47A361C5-DE96-40F9-BAC3-529481C30379} 8502E1E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{72362948-B946-4AB6-80AF-76B798C48087} 8502E1E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8502E1E8 Device \Driver\NetBT \Device\NetbiosSmb 8502E1E8 Device \Driver\Tcpip \Device\Udp qwer78.sys Device \Driver\Tcpip \Device\RawIp qwer78.sys Device \Driver\usbohci \Device\USBFDO-0 855C71E8 Device \Driver\usbohci \Device\USBFDO-1 855C71E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84FC3790 Device \Driver\Tcpip \Device\IPMULTICAST qwer78.sys Device \Driver\usbehci \Device\USBFDO-2 855C81E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 84FC3790 Device \Driver\Ftdisk \Device\FtControl 8555B1E8 Device \Driver\USBSTOR \Device0000ca 84FBE790 Device \Driver\USBSTOR \Device0000cb 84FBE790 Device \Driver\USBSTOR \Device0000cc 84FBE790 Device \Driver\SI3112r \Device\Scsi\SI3112r1 8553D1E8 Device \Driver\SI3112r \Device\Scsi\SI3112r2 8553D1E8 Device \FileSystem\Cdfs \Cdfs 84FB4490 ---- Services - GMER 1.0.14 ---- Service (*** hidden *** ) [bOOT] Kmi42 <-- ROOTKIT !!! Service C:\WINDOWS\system32\drivers\qwer78.sys (*** hidden *** ) [sYSTEM] qwer78 <-- ROOTKIT !!! ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\Kmi42 Reg HKLM\SYSTEM\CurrentControlSet\Services\Kmi42@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Kmi42@Tag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Kmi42@Group System Reserved?Boot Bus Extender?System Bus Extender?SCSI miniport?Port?Primary Disk?SCSI Class?SCSI CDROM Class?FSFilter Infrastructure?FSFilter System?FSFilter Bottom?FSFilter Copy Protection?FSFilter Security Enhancer?FSFilter Open File?FSFilter Physical Quota Management?FSFilter Encryption?FSFilter Compression?FSFilter HSM?FSFilter Cluster File System?FSFilter System Recovery?FSFilter Quota Management?FSFilter Content Screener?FSFilter Continuous Backup?FSFilter Replication?FSFilter Anti-Virus?FSFilter Undelete?FSFilter Activity Monitor?FSFilter Top?Filter?Boot File System?Base?Pointer Port?Keyboard Port?Pointer Class?Keyboard Class?Video Init?Video?Video Save?File System?Event Log?Streams Drivers?NDIS Wrapper?COM Infrastructure?UIGroup?LocalValidation?PlugPlay?PNP_TDI?NDIS?TDI?NetBIOSGroup?ShellSvcGroup?SchedulerGroup?SpoolerGroup?AudioGroup?SmartCardGroup?NetworkProvider?RemoteValidation?NetDDEGroup?Parallel arbitrator?Extended Base?PCI Configuration?MS Transactions? Reg HKLM\SYSTEM\CurrentControlSet\Services\Kmi42@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\Kmi42@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\qwer78@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\qwer78@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\qwer78@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\qwer78@ImagePath \??\C:\WINDOWS\system32\drivers\qwer78.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\qwer78\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\qwer78\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@p0 D:\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@ujdew 0x84 0x5C 0x65 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xBF 0xA5 0x6A ... Reg HKLM\SYSTEM\ControlSet003\Services\Kmi42 Reg HKLM\SYSTEM\ControlSet003\Services\Kmi42@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\Kmi42@Tag 1 Reg HKLM\SYSTEM\ControlSet003\Services\Kmi42@Group System Reserved?Boot Bus Extender?System Bus Extender?SCSI miniport?Port?Primary Disk?SCSI Class?SCSI CDROM Class?FSFilter Infrastructure?FSFilter System?FSFilter Bottom?FSFilter Copy Protection?FSFilter Security Enhancer?FSFilter Open File?FSFilter Physical Quota Management?FSFilter Encryption?FSFilter Compression?FSFilter HSM?FSFilter Cluster File System?FSFilter System Recovery?FSFilter Quota Management?FSFilter Content Screener?FSFilter Continuous Backup?FSFilter Replication?FSFilter Anti-Virus?FSFilter Undelete?FSFilter Activity Monitor?FSFilter Top?Filter?Boot File System?Base?Pointer Port?Keyboard Port?Pointer Class?Keyboard Class?Video Init?Video?Video Save?File System?Event Log?Streams Drivers?NDIS Wrapper?COM Infrastructure?UIGroup?LocalValidation?PlugPlay?PNP_TDI?NDIS?TDI?NetBIOSGroup?ShellSvcGroup?SchedulerGroup?SpoolerGroup?AudioGroup?SmartCardGroup?NetworkProvider?RemoteValidation?NetDDEGroup?Parallel arbitrator?Extended Base?PCI Configuration?MS Transactions? Reg HKLM\SYSTEM\ControlSet003\Services\Kmi42@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet003\Services\Kmi42@Start 0 Reg HKLM\SYSTEM\ControlSet003\Services\qwer78@Type 1 Reg HKLM\SYSTEM\ControlSet003\Services\qwer78@Start 1 Reg HKLM\SYSTEM\ControlSet003\Services\qwer78@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet003\Services\qwer78@ImagePath \??\C:\WINDOWS\system32\drivers\qwer78.sys Reg HKLM\SYSTEM\ControlSet003\Services\qwer78\Security Reg HKLM\SYSTEM\ControlSet003\Services\qwer78\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@p0 D:\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04@ujdew 0x84 0x5C 0x65 0xC9 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xBF 0xA5 0x6A ... ---- Files - GMER 1.0.14 ---- File C:\WINDOWS\system32\drivers\Kmi42.sys 167424 bytes ---- EOF - GMER 1.0.14 ----

SDFix: Version 1.133 Run by SALIGNAC on 29/01/2008 at 21:54 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Name: khtml protect Path: \??\C:\WINDOWS\system32\drivers\khtml.sys System32\drivers\protect.sys khtml - Deleted protect - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:20:34, on 30/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\System32\FTRTSVC.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\BtUsrBdg.exe C:\WINDOWS\system32\BTSetBootKey.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe D:\TeamScripT4\mirc.exe D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Bureau\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) -- End of file - 11105 bytes

__________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: Adware.HiWire Path: HKU\S-1-5-21-1657009865-547434910-570102344-1006\Software\Hiwire Risk: Medium Name: Adware.HiWire Path: HKU\S-1-5-21-1657009865-547434910-570102344-1006\Software\Hiwire\MusicMatch Risk: Medium Name: Adware.HiWire Path: HKU\S-1-5-21-1657009865-547434910-570102344-1006\Software\Hiwire\MusicMatch\Browser Risk: Medium Name: Adware.HiWire Path: HKU\S-1-5-21-1657009865-547434910-570102344-1006\Software\Hiwire\MusicMatch\Faceplate Risk: Medium Name: Adware.HiWire Path: HKU\S-1-5-21-1657009865-547434910-570102344-1006\Software\Hiwire\MusicMatch\History Risk: Medium Name: Adware.HiWire Path: HKU\S-1-5-21-1657009865-547434910-570102344-1006\Software\Hiwire\MusicMatch\Resources Risk: Medium Name: Adware.HiWire Path: HKU\S-1-5-21-1657009865-547434910-570102344-1006\Software\Hiwire\MusicMatch\Stations Risk: Medium Name: Adware.HiWire Path: HKU\S-1-5-21-1657009865-547434910-570102344-1006\Software\Hiwire\MusicMatch\WebUpdate Risk: Medium Name: Dropper.Small.azk Path: C:\6.tmp Risk: High Name: Trojan.Agent.asu Path: C:\Program Files\Alwil Software\Avast4\DATA\moved\DefLib.sys.2.vir Risk: High Name: Trojan.Agent.asu Path: C:\Program Files\Alwil Software\Avast4\DATA\moved\DefLib.sys.vir Risk: High Name: Adware.Generic Path: C:\Program Files\serial.zip Risk: Medium Name: Trojan.Sinowal.gf Path: C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP314\A0185418.exe Risk: High Name: Trojan.Agent.asu Path: C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP314\A0185442.sys Risk: High Name: Rootkit.Agent.jj Path: C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP314\A0185447.sys Risk: High Name: Worm.Mydoom.bj Path: C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP314\A0185453.exe Risk: High Name: Trojan.Agent.asu Path: C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP314\A0185454.sys Risk: High Name: Rootkit.Agent.jj Path: C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP314\A0185455.sys Risk: High Name: TrackingCookie.2o7 Path: :mozilla.8:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.9:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.10:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.29:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.30:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.31:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Overture Path: :mozilla.34:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Bluestreak Path: :mozilla.35:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Estat Path: :mozilla.50:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.58:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.59:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.60:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.61:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.62:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.63:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.64:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.65:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Serving-sys Path: :mozilla.66:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Mediaplex Path: :mozilla.78:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.79:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium Name: TrackingCookie.Adviva Path: :mozilla.80:D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Application Data\Mozilla\Profiles\default\768kr8iw.slt\cookies.txt Risk: Medium SDFfix n'a quant a lui pas générer de rapport

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:29:57, on 29/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\system32\BtUsrBdg.exe C:\WINDOWS\system32\BTSetBootKey.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe D:\DOCUME~1\SALIGN~1.001\LOCALS~1\Temp\winlogon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\TeamScripT4\mirc.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe D:\Documents and Settings\SALIGNAC.CHAMBRE.001\Bureau\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socksys.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [i downloaded pirated Software from P2P ] FIFA Football 2007 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bTUSRBDG] BtUsrBdg.exe O4 - HKLM\..\Run: [bTSETBOOTKEY] BTSetBootKey.exe O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Firewall auto setup] D:\DOCUME~1\SALIGN~1.001\LOCALS~1\Temp\winlogon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version= O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) -- End of file - 11406 bytes

Bonjour, Au demarrage de mon pc, Avast me fait remarquer que "deflib.sys" est infecté mais a chaque fois que je le supprime, le mets en quarantaine ou le renomme le fichier revient toujours. Merci d'avance.