flowstylz

aprés de multiples analyses j'ai fait une analyse avec trend micro qui m'a trouvé ceci E:\DOCUME~1\florent\LOCALS~1\Temp\VS0DMHU6.0QH probablement une variante de Win32/Spy.Agent cheval de Troie mis en Quarantaine - supprimé INTEGRA\florent Un évènement s'est produit sur un nouveau fichier créé par l'application: E:\Program Files\Java\jre6\bin\java.exe. Le fichier a été déplacé en Quarantaine. Vous pouvez fermer cette fenêtre. nod32 qui ne bougeait pas d'un poil me l'a détecté en même tempq que trendmicro! voici mon rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:34, on 2009-01-08 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe E:\Program Files\COMODO\Firewall\cmdagent.exe E:\Program Files\Java\jre6\bin\jqs.exe E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe E:\Program Files\Eset\nod32krn.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\IoctlSvc.exe E:\WINDOWS\system32\HPZipm12.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\MSN Messenger\usnsvc.exe E:\WINDOWS\Explorer.EXE E:\Program Files\HP\HP Software Update\HPWuSchd2.exe E:\Program Files\COMODO\Firewall\cfp.exe E:\WINDOWS\system32\LVCOMSX.EXE E:\Program Files\Eset\nod32kui.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe E:\Program Files\Messenger\msmsgs.exe E:\Program Files\MSN Messenger\MsnMsgr.Exe E:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe E:\Documents and Settings\florent\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe E:\Documents and Settings\florent\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Documents and Settings\florent\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [unlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = E:\Documents and Settings\florent\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe -- End of file - 8762 bytes merci de votre aide!

Résolu!!!

et je lui ai fait également désactivé tea-timer de spybot voilà c'est tout!

ne retélécharge pas antimalwares bytes karlito je te l'avais fait téléchargé avant ton post! par contre fais une mise à jour comme te le demande Qc001 par contre Qc001, je l'avais aider avant son post et il avait fait une analyse rapide et antimalwarebytes ne lui avait rien trouvé! peut-être faudrait t'il faire une analyse compléte je tiens à dire que je lui ai fait faire une analyse en ligne avc ESET nod32 qui avait trouvé quelques fichiers infectés avant son post donc si ça peut t'aider demande lui le rapport ESET voilà je me mêle de rien d'autre maintenant lol, c'était juste pour te donner quelques indications de ce qui avait était entamer!

ah d'accord merci

non je n'ai plus de problémes! que dois-je faire je réactive les autoruns? si oui comment faire?

qu'est ce que je dois faire maintenant? merci

merci j'ai réussi à les virer!

je ne sais pas quoi faire pourrais tu me venir en aide?

quand je fais la manip pour autorun.inf ça me mets dans cmd: le format du paramétre est incorrect -"utorun.inf" alors que j'ai réessayé plusieurs fois en mettant bien autorun.inf mais ça me mets ce message avc utorun.inf et pour host.exe ça me mets option non valide - "host.exe"

les dossiers sont vides apparament mais présent tous les deux à la racine du disque dur

========== PROCESSES ========== Unable to kill process: explorer.exe Unable to kill process: host.exe ========== FILES ========== Folder move failed. E:\autorun.inf scheduled to be moved on reboot. Folder move failed. E:\host.exe scheduled to be moved on reboot. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. E:\WINDOWS\temp\exp8BB.tmp scheduled to be deleted on reboot. File delete failed. E:\WINDOWS\temp\Perflib_Perfdata_6f4.dat scheduled to be deleted on reboot. File delete failed. E:\WINDOWS\temp\Perflib_Perfdata_740.dat scheduled to be deleted on reboot. File delete failed. E:\WINDOWS\temp\Perflib_Perfdata_e0.dat scheduled to be deleted on reboot. File delete failed. E:\WINDOWS\temp\WGAErrLog.txt scheduled to be deleted on reboot. Windows Temp folder emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12122008_153140

aprés le passage de clean.zip apparament j'ai deux dossiers un qui s'appelle autorun.inf et host.exe qui sont tous les deux vides apparament j'ai pas cliqué dessus j'ai juste mis le pointeur de la souris dessus ces deux dossiers se trouve bien à la racine du disque dur je te fournis les rapports de clean.zip au cas ou tu en aurais besoin voici le premier rapport Script execute en mode sans echec Rapport clean par Malekal_morte - http://www.malekal.com Script execute en mode sans echec 12/12/2008 a 13:24:34,64 Microsoft Windows XP [version 5.1.2600] *** Suppression des fichiers dans E: tentative de suppression de E:\autorun.inf Impossible de supprimer E:\autorun.inf tentative de suppression de E:\host.exe Impossible de supprimer E:\host.exe tentative de suppression de E:\host.exe Impossible de supprimer E:\host.exe *** Suppression des fichiers dans E:\WINDOWS\ *** Suppression des fichiers dans E:\WINDOWS\system32 *** Suppression des fichiers dans E:\Program Files *** Suppression des clefs du registre effectuee.. voici le 2éme rapport Veuillez svp envoyer le fichier C:\upload_moi_INTEGRA.tar.gz a l'adresse http://upload.malekal.com Veuillez svp envoyer le fichier C:\upload_moi_INTEGRA.tar.gz a l'adresse http://upload.malekal.com

il n'y a aucuns fichiers portant les noms indiqués je lance donc cleanzip? oui j'ai pu faire la modification de registre au fait

j'ai toujours le même probléme avec flash disinfector tout ce qui est dans mon bureau disparaît mais flash disinfector ne se lance pas. mon pc est lent depuis un certain temps, j'avais fait énormément d'analyses mais rien y faisait alors je m'alarmais plus j'avais même utilisé combofix mais sans la console de récupération car je savais pas comment faire, maintenant je saurais comment faire mais je suis pratiquement sûr que ce qu'à trouvé combofix sont des infections antérieurs à autorun.inf. et pour ce qui est d'autorun.inf j'ai su d'où ça venait c'était le ipod qui était infecté par contre flash disinfector a encore dû mal à fonctionner peut-être d'autres salopris empêche t'il son fonctionnement, enfin je dis ça mais t'y connais beaucoup plus de choses que moi lol merci pour ton aide

voici le rapport log.txt ComboFix 08-12-11.01 - florent 2008-12-11 21:08:19.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.119 [GMT 1:00] Lancé depuis: e:\documents and settings\florent\Bureau\Combo-Fix.exe Commutateurs utilisés :: e:\documents and settings\florent\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe * Un nouveau point de restauration a été créé * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . e:\windows\system32\404Fix.exe e:\windows\system32\dumphive.exe e:\windows\system32\IEDFix.C.exe e:\windows\system32\IEDFix.exe e:\windows\system32\o4Patch.exe e:\windows\system32\Process.exe e:\windows\system32\SrchSTS.exe e:\windows\system32\tmp.reg e:\windows\system32\VACFix.exe e:\windows\system32\VCCLSID.exe e:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-11 au 2008-12-11 )))))))))))))))))))))))))))))))))))) . 2008-12-11 03:04 . 2008-12-11 03:05 1,393 --a------ e:\windows\imsins.BAK 2008-12-09 21:14 . 2008-12-09 21:14 <REP> d-------- e:\documents and settings\florent\Application Data\Samsung 2008-12-09 20:44 . 2006-05-03 22:53 174,592 --a------ e:\windows\system32\framedyn.dll 2008-12-09 20:41 . 2008-12-09 20:55 5,632 --a------ e:\windows\system32\drivers\StarOpen.sys 2008-12-09 20:39 . 2007-07-03 16:58 106,792 --a------ e:\windows\system32\drivers\sscdmdm.sys 2008-12-09 20:39 . 2007-07-03 16:54 80,552 --a------ e:\windows\system32\drivers\sscdbus.sys 2008-12-09 20:39 . 2007-07-03 16:57 11,944 --a------ e:\windows\system32\drivers\sscdmdfl.sys 2008-12-09 20:39 . 2007-07-03 17:00 9,256 --a------ e:\windows\system32\drivers\sscdwhnt.sys 2008-12-09 20:39 . 2007-07-03 17:00 9,256 --a------ e:\windows\system32\drivers\sscdwh.sys 2008-12-09 20:39 . 2007-07-03 16:56 9,256 --a------ e:\windows\system32\drivers\sscdcmnt.sys 2008-12-09 20:39 . 2007-07-03 16:56 9,256 --a------ e:\windows\system32\drivers\sscdcm.sys 2008-12-09 20:37 . 2008-12-09 20:43 <REP> d-------- e:\windows\system32\Samsung_USB_Drivers 2008-12-09 20:37 . 2008-12-09 20:37 <REP> d-------- e:\program files\Samsung 2008-12-09 20:37 . 2005-08-28 20:51 766 --a------ e:\windows\system32\Uninstall.ico 2008-12-09 02:05 . 2008-12-09 02:05 <REP> d-------- e:\documents and settings\florent\Application Data\Desktopicon 2008-12-09 02:04 . 2008-12-09 03:19 <REP> d-------- e:\program files\Unlocker 2008-12-09 01:04 . 2008-12-09 01:05 <REP> d-------- e:\documents and settings\Administrateur\Application Data\Notepad++ 2008-12-08 21:23 . 2008-12-08 21:22 512,096 --a------ e:\windows\system32\drivers\amon.sys 2008-12-08 21:23 . 2008-12-08 21:22 298,104 --a------ e:\windows\system32\imon.dll 2008-12-08 21:23 . 2008-12-08 21:22 15,424 --a------ e:\windows\system32\drivers\nod32drv.sys 2008-12-08 21:22 . 2008-12-08 23:36 <REP> d-------- e:\program files\ESET 2008-12-06 18:20 . 2008-12-06 18:20 <REP> d-------- e:\program files\Lavalys 2008-12-04 19:32 . 2008-05-23 15:40 <REP> d--h----- e:\documents and settings\TEMP\Voisinage réseau 2008-12-04 19:32 . 2008-05-23 15:40 <REP> d--h----- e:\documents and settings\TEMP\Voisinage d'impression 2008-12-04 19:32 . 2008-05-23 19:19 <REP> d--h----- e:\documents and settings\TEMP\Modèles 2008-12-04 19:32 . 2008-12-04 19:33 <REP> dr------- e:\documents and settings\TEMP\Mes documents 2008-12-04 19:32 . 2008-05-23 15:40 <REP> dr------- e:\documents and settings\TEMP\Menu Démarrer 2008-12-04 19:32 . 2008-05-23 15:40 <REP> d-------- e:\documents and settings\TEMP\Favoris 2008-12-04 19:32 . 2008-05-23 14:11 <REP> d-------- e:\documents and settings\TEMP\Bureau 2008-12-04 19:32 . 2008-12-04 19:33 <REP> d-------- e:\documents and settings\TEMP 2008-11-26 15:13 . 2008-11-26 15:13 <REP> d-------- e:\documents and settings\All Users\Application Data\NCH Software 2008-11-26 15:10 . 2008-11-26 18:45 <REP> d-------- e:\program files\NCH Software 2008-11-26 15:08 . 2008-11-26 15:12 <REP> d-------- e:\documents and settings\All Users\Application Data\NCH Swift Sound 2008-11-26 15:04 . 2008-11-26 18:38 <REP> d-------- e:\program files\NCH Swift Sound 2008-11-26 15:04 . 2008-11-26 18:38 <REP> d-------- e:\documents and settings\florent\Application Data\NCH Swift Sound 2008-11-25 23:13 . 2008-11-25 23:13 <REP> d-------- e:\program files\iTunes 2008-11-25 23:13 . 2008-11-25 23:13 <REP> d-------- e:\program files\iPod 2008-11-25 23:13 . 2008-11-25 23:13 <REP> d-------- e:\documents and settings\florent\Application Data\Apple Computer 2008-11-25 23:11 . 2008-11-25 23:11 <REP> d-------- e:\program files\Apple Software Update 2008-11-25 23:10 . 2008-11-25 23:13 <REP> d-------- e:\documents and settings\All Users\Application Data\Apple Computer 2008-11-24 12:25 . 2008-11-10 05:43 410,984 --a------ e:\windows\system32\deploytk.dll 2008-11-23 10:46 . 1997-05-29 16:26 316,416 --------- e:\windows\IsUninst.Exe 2008-11-20 21:00 . 2008-11-20 21:02 <REP> d-------- e:\program files\Mozilla Firefox Bonus 2008-11-17 14:16 . 2008-11-17 16:05 <REP> d-------- e:\program files\Steam 2008-11-17 13:07 . 2004-03-08 23:00 152,848 --a------ e:\windows\system32\COMDLG32.OCX 2008-11-16 17:49 . 2008-11-16 17:49 <REP> d-------- e:\documents and settings\florent\Bluetooth Software 2008-11-16 17:46 . 2008-11-16 17:46 <REP> d-------- e:\program files\Belkin 2008-11-12 11:10 . 2008-09-04 18:16 1,106,944 -----c--- e:\windows\system32\dllcache\msxml3.dll 2008-11-12 11:10 . 2008-10-24 12:21 455,296 -----c--- e:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-11 17:00 --------- d-----w e:\documents and settings\Kevin\Application Data\Free Download Manager 2008-12-11 16:38 --------- d-----w e:\program files\eMule 2008-12-11 02:10 --------- d-----w e:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-10 18:25 --------- d-----w e:\program files\Free Download Manager 2008-12-09 20:10 --------- d--h--w e:\program files\InstallShield Installation Information 2008-12-09 02:23 --------- d-----w e:\documents and settings\florent\Application Data\Free Download Manager 2008-12-08 02:53 --------- d-----w e:\program files\Malwarebytes' Anti-Malware 2008-12-03 18:52 38,496 ----a-w e:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w e:\windows\system32\drivers\mbam.sys 2008-12-02 20:23 --------- d-----w e:\program files\Java 2008-11-13 12:58 --------- d-----w e:\program files\Fichiers communs\Adobe 2008-11-12 11:07 --------- d-----w e:\program files\mIRC 2008-11-12 11:05 --------- d-----w e:\documents and settings\florent\Application Data\mIRC 2008-11-11 16:57 --------- d-----w e:\program files\Spybot - Search & Destroy 2008-11-07 10:05 --------- d-----w e:\program files\TomTom HOME 2 2008-11-04 13:30 --------- d-----w e:\program files\SystemRequirementsLab 2008-11-04 13:30 --------- d-----w e:\documents and settings\florent\Application Data\SystemRequirementsLab 2008-11-01 20:12 --------- d-----w e:\documents and settings\Kevin\Application Data\Ahead 2008-10-28 16:15 --------- d-----w e:\program files\aMSN 2008-10-27 11:53 --------- d-----w e:\program files\Notepad++ 2008-10-26 21:13 --------- d-----w e:\documents and settings\Kevin\Application Data\Malwarebytes 2008-10-25 00:26 --------- d-----w e:\documents and settings\florent\Application Data\Dev-Cpp 2008-10-24 23:57 --------- d-----w e:\documents and settings\florent\Application Data\codeblocks 2008-10-24 11:21 455,296 ----a-w e:\windows\system32\drivers\mrxsmb.sys 2008-10-24 09:52 --------- d-----w e:\program files\trend micro 2008-10-16 13:13 202,776 ----a-w e:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w e:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w e:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w e:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w e:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w e:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 -c--a-w e:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 -c--a-w e:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w e:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w e:\windows\system32\muweb.dll 2008-10-15 08:41 --------- d-----w e:\program files\HP 2008-10-03 10:03 247,326 ----a-w e:\windows\system32\strmdll.dll 2008-10-02 09:07 453,152 -c--a-w e:\windows\system32\NVUNINST.EXE 2008-09-30 15:43 1,286,152 ----a-w e:\windows\system32\msxml4.dll 2008-09-29 15:43 84,936 ----a-w e:\windows\system32\ElbyVCD.dll 2008-09-26 16:15 29,480 -c--a-w e:\windows\system32\msxml3a.dll 2008-09-15 15:26 1,846,528 ----a-w e:\windows\system32\win32k.sys 2008-09-12 14:37 81,920 -c----r e:\windows\bwUnin-6.1.4.68-8876480L.exe 2008-08-26 19:29 32,768 -csha-w e:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082620080827\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-13 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] "msnmsgr"="e:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "MSMSGS"="e:\progra~1\MESSEN~1\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "COMODO Firewall Pro"="e:\program files\COMODO\Firewall\cfp.exe" [2005-11-04 1655552] "LVCOMSX"="e:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "VirtualCloneDrive"="e:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2006-09-12 229952] "SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "nod32kui"="e:\program files\Eset\nod32kui.exe" [2008-12-08 949376] "BackgroundSwitcher"="e:\windows\system32\bgswitch.exe" [2001-10-19 19520] "CoolSwitch"="e:\windows\system32\taskswitch.exe" [2001-10-19 45632] "FastUser"="e:\windows\system32\fast.exe" [2001-10-19 49216] "nwiz"="nwiz.exe" [2008-10-07 e:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2005-09-22 e:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360] "Free Download Manager"="e:\program files\Free Download Manager\fdm.exe" [2006-04-29 1990703] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="e:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "tscuninstall"="e:\windows\system32\tscupgrd.exe" [2004-12-07 44544] e:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ BTTray.lnk - e:\program files\Belkin\Logiciel Bluetooth\BTTray.exe [2005-08-24 577597] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= e:\windows\system32\guard32.dll [HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=e:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=e:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=e:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] --a------ 2006-04-29 09:22 1990703 e:\program files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-09-12 15:37 20480 c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a--c--- 2005-06-08 13:44 196608 e:\program files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a--c--- 2005-06-08 14:24 458752 e:\program files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2005-06-08 14:14 217088 e:\program files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] --a--c--- 2008-05-06 09:42 202088 e:\program files\TomTom HOME 2\HOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Nero BackItUp Scheduler 3"=2 (0x2) "iPod Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Program Files\\Mozilla Firefox\\firefox.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "e:\\WINDOWS\\system32\\dpvsetup.exe"= "e:\\Program Files\\eMule\\eMule.exe"= "e:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "e:\\Program Files\\MSN Messenger\\livecall.exe"= "e:\\Program Files\\iTunes\\iTunes.exe"= R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;e:\windows\system32\DRIVERS\cmdguard.sys [2005-11-04 87056] R1 cmdHlp;COMODO Firewall Pro Helper Driver;e:\windows\system32\DRIVERS\cmdhlp.sys [2005-11-04 24208] R1 nod32drv;nod32drv;e:\windows\system32\drivers\nod32drv.sys [2008-12-08 15424] S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\e:\program files\CyberLink\PowerDVD\000.fcl [] S3 NPF;NetGroup Packet Filter Driver;e:\windows\system32\drivers\npf.sys [2007-11-06 34064] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1C4982F0-D45C-0ECB-0106-050807080003}] e:\windows\system32\windnll.exe . Contenu du dossier 'Tâches planifiées' 2008-12-10 e:\windows\Tasks\AppleSoftwareUpdate.job - e:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-EoEngine - (no file) MSConfigStartUp-UnlockerAssistant - e:\program files\Unlocker\UnlockerAssistant.exe . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = localhost IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Download all with Free Download Manager - file://e:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://e:\program files\Free Download Manager\dlselected.htm IE: Download web site with Free Download Manager - file://e:\program files\Free Download Manager\dlpage.htm IE: Download with Free Download Manager - file://e:\program files\Free Download Manager\dllink.htm IE: E&xporter vers Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Envoyer à &Bluetooth - e:\program files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm LSP: e:\windows\system32\imon.dll TCP: {428C57B4-15BD-4570-B36A-E56FF8477C09} = 80.10.246.2,80.10.246.129 FF - ProfilePath - e:\documents and settings\florent\Application Data\Mozilla\Firefox\Profiles\ycc472td.default\ FF - plugin: e:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: e:\program files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-11 21:13:55 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\e:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(924) e:\windows\system32\imon.dll e:\program files\Eset\pr_imon.dll - - - - - - - > 'explorer.exe'(2848) e:\windows\system32\nview.dll e:\windows\system32\NVWRSFR.DLL e:\windows\system32\ieframe.dll e:\windows\system32\webcheck.dll e:\windows\system32\eappprxy.dll e:\windows\system32\WPDShServiceObj.dll e:\windows\system32\btncopy.dll e:\windows\system32\PortableDeviceTypes.dll e:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . e:\program files\Belkin\Logiciel Bluetooth\bin\btwdins.exe e:\program files\COMODO\Firewall\cmdagent.exe e:\program files\Java\jre6\bin\jqs.exe e:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe e:\program files\ESET\nod32krn.exe e:\windows\system32\nvsvc32.exe e:\windows\system32\HPZipm12.exe e:\windows\system32\rundll32.exe e:\windows\system32\rundll32.exe e:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe e:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe e:\program files\HP\HP Software Update\HPWUCli.exe e:\windows\system32\imapi.exe . ************************************************************************** . Heure de fin: 2008-12-11 21:20:38 - La machine a redémarré [florent] ComboFix-quarantined-files.txt 2008-12-11 20:20:02 ComboFix2.txt 2008-09-21 14:17:27 Avant-CF: 25,186,955,264 octets libres 294 --- E O F --- 2008-12-11 02:10:40 voici le deuxiéme rapport combofix.txt ComboFix 08-12-11.01 - florent 2008-12-11 21:08:19.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.119 [GMT 1:00] Lancé depuis: e:\documents and settings\florent\Bureau\Combo-Fix.exe Commutateurs utilisés :: e:\documents and settings\florent\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe * Un nouveau point de restauration a été créé * Resident AV is active . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . e:\windows\system32\404Fix.exe e:\windows\system32\dumphive.exe e:\windows\system32\IEDFix.C.exe e:\windows\system32\IEDFix.exe e:\windows\system32\o4Patch.exe e:\windows\system32\Process.exe e:\windows\system32\SrchSTS.exe e:\windows\system32\tmp.reg e:\windows\system32\VACFix.exe e:\windows\system32\VCCLSID.exe e:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-11 au 2008-12-11 )))))))))))))))))))))))))))))))))))) . 2008-12-11 03:04 . 2008-12-11 03:05 1,393 --a------ e:\windows\imsins.BAK 2008-12-09 21:14 . 2008-12-09 21:14 <REP> d-------- e:\documents and settings\florent\Application Data\Samsung 2008-12-09 20:44 . 2006-05-03 22:53 174,592 --a------ e:\windows\system32\framedyn.dll 2008-12-09 20:41 . 2008-12-09 20:55 5,632 --a------ e:\windows\system32\drivers\StarOpen.sys 2008-12-09 20:39 . 2007-07-03 16:58 106,792 --a------ e:\windows\system32\drivers\sscdmdm.sys 2008-12-09 20:39 . 2007-07-03 16:54 80,552 --a------ e:\windows\system32\drivers\sscdbus.sys 2008-12-09 20:39 . 2007-07-03 16:57 11,944 --a------ e:\windows\system32\drivers\sscdmdfl.sys 2008-12-09 20:39 . 2007-07-03 17:00 9,256 --a------ e:\windows\system32\drivers\sscdwhnt.sys 2008-12-09 20:39 . 2007-07-03 17:00 9,256 --a------ e:\windows\system32\drivers\sscdwh.sys 2008-12-09 20:39 . 2007-07-03 16:56 9,256 --a------ e:\windows\system32\drivers\sscdcmnt.sys 2008-12-09 20:39 . 2007-07-03 16:56 9,256 --a------ e:\windows\system32\drivers\sscdcm.sys 2008-12-09 20:37 . 2008-12-09 20:43 <REP> d-------- e:\windows\system32\Samsung_USB_Drivers 2008-12-09 20:37 . 2008-12-09 20:37 <REP> d-------- e:\program files\Samsung 2008-12-09 20:37 . 2005-08-28 20:51 766 --a------ e:\windows\system32\Uninstall.ico 2008-12-09 02:05 . 2008-12-09 02:05 <REP> d-------- e:\documents and settings\florent\Application Data\Desktopicon 2008-12-09 02:04 . 2008-12-09 03:19 <REP> d-------- e:\program files\Unlocker 2008-12-09 01:04 . 2008-12-09 01:05 <REP> d-------- e:\documents and settings\Administrateur\Application Data\Notepad++ 2008-12-08 21:23 . 2008-12-08 21:22 512,096 --a------ e:\windows\system32\drivers\amon.sys 2008-12-08 21:23 . 2008-12-08 21:22 298,104 --a------ e:\windows\system32\imon.dll 2008-12-08 21:23 . 2008-12-08 21:22 15,424 --a------ e:\windows\system32\drivers\nod32drv.sys 2008-12-08 21:22 . 2008-12-08 23:36 <REP> d-------- e:\program files\ESET 2008-12-06 18:20 . 2008-12-06 18:20 <REP> d-------- e:\program files\Lavalys 2008-12-04 19:32 . 2008-05-23 15:40 <REP> d--h----- e:\documents and settings\TEMP\Voisinage réseau 2008-12-04 19:32 . 2008-05-23 15:40 <REP> d--h----- e:\documents and settings\TEMP\Voisinage d'impression 2008-12-04 19:32 . 2008-05-23 19:19 <REP> d--h----- e:\documents and settings\TEMP\Modèles 2008-12-04 19:32 . 2008-12-04 19:33 <REP> dr------- e:\documents and settings\TEMP\Mes documents 2008-12-04 19:32 . 2008-05-23 15:40 <REP> dr------- e:\documents and settings\TEMP\Menu Démarrer 2008-12-04 19:32 . 2008-05-23 15:40 <REP> d-------- e:\documents and settings\TEMP\Favoris 2008-12-04 19:32 . 2008-05-23 14:11 <REP> d-------- e:\documents and settings\TEMP\Bureau 2008-12-04 19:32 . 2008-12-04 19:33 <REP> d-------- e:\documents and settings\TEMP 2008-11-26 15:13 . 2008-11-26 15:13 <REP> d-------- e:\documents and settings\All Users\Application Data\NCH Software 2008-11-26 15:10 . 2008-11-26 18:45 <REP> d-------- e:\program files\NCH Software 2008-11-26 15:08 . 2008-11-26 15:12 <REP> d-------- e:\documents and settings\All Users\Application Data\NCH Swift Sound 2008-11-26 15:04 . 2008-11-26 18:38 <REP> d-------- e:\program files\NCH Swift Sound 2008-11-26 15:04 . 2008-11-26 18:38 <REP> d-------- e:\documents and settings\florent\Application Data\NCH Swift Sound 2008-11-25 23:13 . 2008-11-25 23:13 <REP> d-------- e:\program files\iTunes 2008-11-25 23:13 . 2008-11-25 23:13 <REP> d-------- e:\program files\iPod 2008-11-25 23:13 . 2008-11-25 23:13 <REP> d-------- e:\documents and settings\florent\Application Data\Apple Computer 2008-11-25 23:11 . 2008-11-25 23:11 <REP> d-------- e:\program files\Apple Software Update 2008-11-25 23:10 . 2008-11-25 23:13 <REP> d-------- e:\documents and settings\All Users\Application Data\Apple Computer 2008-11-24 12:25 . 2008-11-10 05:43 410,984 --a------ e:\windows\system32\deploytk.dll 2008-11-23 10:46 . 1997-05-29 16:26 316,416 --------- e:\windows\IsUninst.Exe 2008-11-20 21:00 . 2008-11-20 21:02 <REP> d-------- e:\program files\Mozilla Firefox Bonus 2008-11-17 14:16 . 2008-11-17 16:05 <REP> d-------- e:\program files\Steam 2008-11-17 13:07 . 2004-03-08 23:00 152,848 --a------ e:\windows\system32\COMDLG32.OCX 2008-11-16 17:49 . 2008-11-16 17:49 <REP> d-------- e:\documents and settings\florent\Bluetooth Software 2008-11-16 17:46 . 2008-11-16 17:46 <REP> d-------- e:\program files\Belkin 2008-11-12 11:10 . 2008-09-04 18:16 1,106,944 -----c--- e:\windows\system32\dllcache\msxml3.dll 2008-11-12 11:10 . 2008-10-24 12:21 455,296 -----c--- e:\windows\system32\dllcache\mrxsmb.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-11 17:00 --------- d-----w e:\documents and settings\Kevin\Application Data\Free Download Manager 2008-12-11 16:38 --------- d-----w e:\program files\eMule 2008-12-11 02:10 --------- d-----w e:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-10 18:25 --------- d-----w e:\program files\Free Download Manager 2008-12-09 20:10 --------- d--h--w e:\program files\InstallShield Installation Information 2008-12-09 02:23 --------- d-----w e:\documents and settings\florent\Application Data\Free Download Manager 2008-12-08 02:53 --------- d-----w e:\program files\Malwarebytes' Anti-Malware 2008-12-03 18:52 38,496 ----a-w e:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w e:\windows\system32\drivers\mbam.sys 2008-12-02 20:23 --------- d-----w e:\program files\Java 2008-11-13 12:58 --------- d-----w e:\program files\Fichiers communs\Adobe 2008-11-12 11:07 --------- d-----w e:\program files\mIRC 2008-11-12 11:05 --------- d-----w e:\documents and settings\florent\Application Data\mIRC 2008-11-11 16:57 --------- d-----w e:\program files\Spybot - Search & Destroy 2008-11-07 10:05 --------- d-----w e:\program files\TomTom HOME 2 2008-11-04 13:30 --------- d-----w e:\program files\SystemRequirementsLab 2008-11-04 13:30 --------- d-----w e:\documents and settings\florent\Application Data\SystemRequirementsLab 2008-11-01 20:12 --------- d-----w e:\documents and settings\Kevin\Application Data\Ahead 2008-10-28 16:15 --------- d-----w e:\program files\aMSN 2008-10-27 11:53 --------- d-----w e:\program files\Notepad++ 2008-10-26 21:13 --------- d-----w e:\documents and settings\Kevin\Application Data\Malwarebytes 2008-10-25 00:26 --------- d-----w e:\documents and settings\florent\Application Data\Dev-Cpp 2008-10-24 23:57 --------- d-----w e:\documents and settings\florent\Application Data\codeblocks 2008-10-24 11:21 455,296 ----a-w e:\windows\system32\drivers\mrxsmb.sys 2008-10-24 09:52 --------- d-----w e:\program files\trend micro 2008-10-16 13:13 202,776 ----a-w e:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w e:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w e:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w e:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w e:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w e:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 -c--a-w e:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 -c--a-w e:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w e:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w e:\windows\system32\muweb.dll 2008-10-15 08:41 --------- d-----w e:\program files\HP 2008-10-03 10:03 247,326 ----a-w e:\windows\system32\strmdll.dll 2008-10-02 09:07 453,152 -c--a-w e:\windows\system32\NVUNINST.EXE 2008-09-30 15:43 1,286,152 ----a-w e:\windows\system32\msxml4.dll 2008-09-29 15:43 84,936 ----a-w e:\windows\system32\ElbyVCD.dll 2008-09-26 16:15 29,480 -c--a-w e:\windows\system32\msxml3a.dll 2008-09-15 15:26 1,846,528 ----a-w e:\windows\system32\win32k.sys 2008-09-12 14:37 81,920 -c----r e:\windows\bwUnin-6.1.4.68-8876480L.exe 2008-08-26 19:29 32,768 -csha-w e:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082620080827\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2008-04-13 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] "msnmsgr"="e:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "MSMSGS"="e:\progra~1\MESSEN~1\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "COMODO Firewall Pro"="e:\program files\COMODO\Firewall\cfp.exe" [2005-11-04 1655552] "LVCOMSX"="e:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "VirtualCloneDrive"="e:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168] "Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2006-09-12 229952] "SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "nod32kui"="e:\program files\Eset\nod32kui.exe" [2008-12-08 949376] "BackgroundSwitcher"="e:\windows\system32\bgswitch.exe" [2001-10-19 19520] "CoolSwitch"="e:\windows\system32\taskswitch.exe" [2001-10-19 45632] "FastUser"="e:\windows\system32\fast.exe" [2001-10-19 49216] "nwiz"="nwiz.exe" [2008-10-07 e:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2005-09-22 e:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-13 15360] "Free Download Manager"="e:\program files\Free Download Manager\fdm.exe" [2006-04-29 1990703] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="e:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "tscuninstall"="e:\windows\system32\tscupgrd.exe" [2004-12-07 44544] e:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ BTTray.lnk - e:\program files\Belkin\Logiciel Bluetooth\BTTray.exe [2005-08-24 577597] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= e:\windows\system32\guard32.dll [HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=e:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\E:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=e:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=e:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] --a------ 2006-04-29 09:22 1990703 e:\program files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2008-09-12 15:37 20480 c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a--c--- 2005-06-08 13:44 196608 e:\program files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a--c--- 2005-06-08 14:24 458752 e:\program files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2005-06-08 14:14 217088 e:\program files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] --a--c--- 2008-05-06 09:42 202088 e:\program files\TomTom HOME 2\HOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Nero BackItUp Scheduler 3"=2 (0x2) "iPod Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\Program Files\\Mozilla Firefox\\firefox.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "e:\\WINDOWS\\system32\\dpvsetup.exe"= "e:\\Program Files\\eMule\\eMule.exe"= "e:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "e:\\Program Files\\MSN Messenger\\livecall.exe"= "e:\\Program Files\\iTunes\\iTunes.exe"= R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;e:\windows\system32\DRIVERS\cmdguard.sys [2005-11-04 87056] R1 cmdHlp;COMODO Firewall Pro Helper Driver;e:\windows\system32\DRIVERS\cmdhlp.sys [2005-11-04 24208] R1 nod32drv;nod32drv;e:\windows\system32\drivers\nod32drv.sys [2008-12-08 15424] S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\e:\program files\CyberLink\PowerDVD\000.fcl [] S3 NPF;NetGroup Packet Filter Driver;e:\windows\system32\drivers\npf.sys [2007-11-06 34064] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1C4982F0-D45C-0ECB-0106-050807080003}] e:\windows\system32\windnll.exe . Contenu du dossier 'Tâches planifiées' 2008-12-10 e:\windows\Tasks\AppleSoftwareUpdate.job - e:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-EoEngine - (no file) MSConfigStartUp-UnlockerAssistant - e:\program files\Unlocker\UnlockerAssistant.exe . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = localhost IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Download all with Free Download Manager - file://e:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://e:\program files\Free Download Manager\dlselected.htm IE: Download web site with Free Download Manager - file://e:\program files\Free Download Manager\dlpage.htm IE: Download with Free Download Manager - file://e:\program files\Free Download Manager\dllink.htm IE: E&xporter vers Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Envoyer à &Bluetooth - e:\program files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm LSP: e:\windows\system32\imon.dll TCP: {428C57B4-15BD-4570-B36A-E56FF8477C09} = 80.10.246.2,80.10.246.129 FF - ProfilePath - e:\documents and settings\florent\Application Data\Mozilla\Firefox\Profiles\ycc472td.default\ FF - plugin: e:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF - plugin: e:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: e:\program files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-11 21:13:55 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\e:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(924) e:\windows\system32\imon.dll e:\program files\Eset\pr_imon.dll - - - - - - - > 'explorer.exe'(2848) e:\windows\system32\nview.dll e:\windows\system32\NVWRSFR.DLL e:\windows\system32\ieframe.dll e:\windows\system32\webcheck.dll e:\windows\system32\eappprxy.dll e:\windows\system32\WPDShServiceObj.dll e:\windows\system32\btncopy.dll e:\windows\system32\PortableDeviceTypes.dll e:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . e:\program files\Belkin\Logiciel Bluetooth\bin\btwdins.exe e:\program files\COMODO\Firewall\cmdagent.exe e:\program files\Java\jre6\bin\jqs.exe e:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe e:\program files\ESET\nod32krn.exe e:\windows\system32\nvsvc32.exe e:\windows\system32\HPZipm12.exe e:\windows\system32\rundll32.exe e:\windows\system32\rundll32.exe e:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe e:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe e:\program files\HP\HP Software Update\HPWUCli.exe e:\windows\system32\imapi.exe . ************************************************************************** . Heure de fin: 2008-12-11 21:20:38 - La machine a redémarré [florent] ComboFix-quarantined-files.txt 2008-12-11 20:20:02 ComboFix2.txt 2008-09-21 14:17:27 Avant-CF: 25,186,955,264 octets libres 294 --- E O F --- 2008-12-11 02:10:40

lorsque j'utilise flash disinfector! je n'ai plus rien sur mon bureau seulement mon fond d'écran c'est normal? si oui combien de temps cela dure t'il? parce que ça fait déjà un petit moment qu'il est en route

j'ai fait comme tu m'a indiqué mais quand je clique sur fusionner, une fenêtre s'ouvre avec écrit: impossible d'importer E:\Documents and Settings\florent\bureau\regis.reg : le fichier spécifié n'est pas un script du registre. Vous pouvez uniquement importer des fichiers du registre binaires à partir de l'éditeur du registre

ah d'accord c'est le code qui permet de désactiver les autoruns! lol si j'avais pris le temps de lire le code bon ok j'menvais faire ça alors

bon jour pourrais tu m'indiquer la marche à suivre pour désactiver les autoruns car je sais pas comment faire! j'ai téléchargé un logiciel qui s'appelle power toys avc lequel apparament l'on peut désactiver les autoruns.

bonsoir mon probléme est le suivant récemment j'ai changé d'antivirus j'ai poté pour nod32 plutôt qu'antivir et nod32 m'a averti du message suivant le fichier E:\WINDOWS\autorun.inf est infecté par virus INF/Autorun. et comme je ne suis pas certain si c'est une infection je viens donc vous voir! voici mon rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:35:07, on 08/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe E:\Program Files\COMODO\Firewall\cmdagent.exe E:\Program Files\Java\jre6\bin\jqs.exe E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe E:\Program Files\Eset\nod32krn.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\Program Files\HP\HP Software Update\HPWuSchd2.exe E:\WINDOWS\SOUNDMAN.EXE E:\Program Files\COMODO\Firewall\cfp.exe E:\WINDOWS\system32\LVCOMSX.EXE E:\Program Files\Logitech\Video\LogiTray.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe E:\Program Files\iTunes\iTunesHelper.exe E:\Program Files\Java\jre6\bin\jusched.exe E:\Program Files\Eset\nod32kui.exe E:\WINDOWS\system32\rundll32.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Free Download Manager\fdm.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe E:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe E:\Program Files\iPod\bin\iPodService.exe E:\PROGRA~1\MESSEN~1\msmsgs.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe E:\Program Files\Logitech\Video\FxSvr2.exe E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe E:\Program Files\Eset\nod32.exe E:\Program Files\MSN Messenger\usnsvc.exe E:\Documents and Settings\florent\Bureau\NisScript\mirc.exe E:\Documents and Settings\florent\Bureau\HijackThis.exe E:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "E:\PROGRA~1\MESSEN~1\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer à &Bluetooth - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O20 - AppInit_DLLs: E:\WINDOWS\system32\guard32.dll O23 - Service: Boonty Games - Unknown owner - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: iPod Service - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe -- End of file - 10170 bytes merci d'avance!

Bonjour ! Je souhaiterais effectuer un BTS IG option développeur d'applications en alternance. Le problème, c'est que je ne connais pas le genre d'entreprises qui recrute des BTS IG option développeur d'applications ! Si quelqu'un pouvait me conseiller, me donner des exemples d'entreprises qui recrutent… Cela me permettrait ainsi de pouvoir prospecter les entreprises qui sont demandeurs et de poser une candidature, cela m'aiderait beaucoup ! Voilà, j'attends vos avis sur le sujet. Merci d'avance.

j´ai utilise combofix, il m´a demande de redemarrer ce que j´ai fait! le probleme c´est que le pc redemarre em boucle jusqu´a l´ecran lsd mais ne retourne jamais sur la session je te parle d´un pc portable le mode sans echec ne marche plus le mode debogqge non plus apres les autres j´ai pas essaye aide moi lol

je suis sur le pc d'une ami qui est infecté par antivirus xp ! le pc est lent! fenétres de pubs intempestives! j'ai fait une analyse avc antivir qui a viré des trucs! avc antimalwarebytes aussi! le probléme c'est que ça revient sans cesse je suis en train de faire une analyse en ligne avc nod32 je fournis le hijackthis apparament antivirus xp est toujours présent Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:38, on 2008-11-04 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\lclock.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\BitComet\BitComet.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Help Creative Meow City] C:\Documents and Settings\All Users\Application Data\aim rect help creative\bags intra.exe O4 - HKLM\..\Run: [CPMaf7dedb2] Rundll32.exe "c:\windows\system32\hijirike.dll",a O4 - HKLM\..\Run: [ac4ede2e] rundll32.exe "C:\WINDOWS\system32\zogeyupa.dll",b O4 - HKCU\..\Run: [LClock] lclock.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA6.tmp" /EF "HKCU" O4 - HKCU\..\Run: [93551398551996114692968010367654] C:\Program Files\XP Antivirus\xpa.exe O4 - HKCU\..\Run: [DEFAULT SLOW] C:\DOCUME~1\Valerie\APPLIC~1\upload great bind\safe way.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user') O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O20 - AppInit_DLLs: C:\WINDOWS\system32\kozevake.dll,c:\windows\system32\veyevida.dll,,c:\windows\system32\hijirike.dll,C:\WINDOWS\system32\dezogewi.dll,C:\WINDOWS\system32\halojoge.dll O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hijirike.dll O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hijirike.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe -- End of file - 6859 bytes merci de votre aide ce serait sympa de votre part

Logfile of random's system information tool 1.04 (written by random/random) Run by florent at 2008-10-24 11:51:58 Microsoft Windows XP Professionnel Service Pack 3 System drive E: has 15 GB (28%) free of 53 GB Total RAM: 447 MB (19% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:52:37, on 24/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe E:\WINDOWS\Explorer.EXE E:\Program Files\COMODO\Firewall\cmdagent.exe E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\HP\HP Software Update\HPWuSchd2.exe E:\WINDOWS\SOUNDMAN.EXE E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe E:\WINDOWS\system32\rundll32.exe E:\Program Files\COMODO\Firewall\cfp.exe E:\WINDOWS\system32\LVCOMSX.EXE E:\Program Files\Logitech\Video\LogiTray.exe E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Free Download Manager\fdm.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe E:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe E:\PROGRA~1\MESSEN~1\msmsgs.exe E:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe E:\PROGRA~1\Belkin\LOGICI~1\BTSTAC~1.EXE E:\Program Files\Logitech\Video\FxSvr2.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe E:\Program Files\MSN Messenger\usnsvc.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe E:\Documents and Settings\florent\Bureau\NisScript_2.3\NisScript_2.3\NisScript 2.3\mirc.exe E:\Program Files\MSN Messenger\msnmsgr.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe E:\Documents and Settings\florent\Bureau\RSIT.exe E:\Program Files\trend micro\florent.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - E:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "E:\PROGRA~1\MESSEN~1\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.orange.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O20 - AppInit_DLLs: E:\WINDOWS\system32\guard32.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Boonty Games - Unknown owner - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe -- End of file - 10351 bytes ======Scheduled tasks folder====== E:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}] EoBho Class - E:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2005-10-10 7286784] "nwiz"=nwiz.exe /install [] "avgnt"=E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-09-05 266497] "HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "SoundMan"=E:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112] "NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2005-10-10 86016] "Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "SunJavaUpdateSched"=E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "COMODO Firewall Pro"=E:\Program Files\COMODO\Firewall\cfp.exe [2005-11-04 1655552] "LVCOMSX"=E:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184] "LogitechVideoRepair"=E:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752] "LogitechVideoTray"=E:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088] "VirtualCloneDrive"=E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-30 52168] "EoEngine"= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=E:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "Free Download Manager"=E:\Program Files\Free Download Manager\fdm.exe [2006-04-29 1990703] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872] "TomTomHOME.exe"=E:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088] "msnmsgr"=E:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2008-09-12 20480] "LogitechSoftwareUpdate"=E:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608] "MSMSGS"=E:\PROGRA~1\MESSEN~1\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Nero BackItUp Scheduler 3"=2 "iPod Service"=3 E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage BTTray.lnk - E:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"=" E:\WINDOWS\system32\guard32.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] E:\WINDOWS\system32\WgaLogon.dll [2007-03-15 183808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticecaption"= "legalnoticetext"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="E:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" "E:\Program Files\Mozilla Firefox\firefox.exe"="E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "E:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="E:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "E:\WINDOWS\system32\dpvsetup.exe"="E:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "E:\Program Files\eMule\eMule.exe"="E:\Program Files\eMule\eMule.exe:*:Enabled:eMule" "E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "E:\Program Files\Windows Live\Messenger\livecall.exe"="E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "E:\Program Files\MSN Messenger\msnmsgr.exe"="E:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "E:\Program Files\MSN Messenger\livecall.exe"="E:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "E:\Program Files\Windows Live\Messenger\livecall.exe"="E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "E:\Program Files\MSN Messenger\msnmsgr.exe"="E:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "E:\Program Files\MSN Messenger\livecall.exe"="E:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ======File associations====== .scr - config - "%1" /S ======List of files/folders created in the last 1 months====== 2008-10-21 14:57:56 ----D---- E:\WINDOWS\Downloaded Installations 2008-10-18 16:39:59 ----D---- E:\WINDOWS\NV32243528.TMP 2008-10-15 15:11:22 ----D---- E:\Program Files\EoRezo 2008-10-02 12:43:39 ----D---- E:\Program Files\EsetOnlineScanner 2008-10-01 16:02:18 ----D---- E:\WINDOWS\Applian FLV Player 2008-09-26 19:33:31 ----D---- E:\Documents and Settings\florent\Application Data\Help 2008-09-26 18:17:20 ----A---- E:\WINDOWS\system32\msxml3a.dll 2008-09-25 14:04:17 ----D---- E:\Program Files\trend micro 2008-09-25 14:04:15 ----D---- E:\rsit 2008-09-25 10:36:32 ----A---- E:\WINDOWS\system32\swxcacls.exe 2008-09-25 10:36:32 ----A---- E:\WINDOWS\system32\swsc.exe 2008-09-25 10:36:32 ----A---- E:\WINDOWS\system32\swreg.exe ======List of files/folders modified in the last 1 months====== 2008-10-24 11:51:17 ----D---- E:\Documents and Settings\florent\Application Data\Free Download Manager 2008-10-24 11:38:44 ----D---- E:\Program Files\Mozilla Firefox 2008-10-24 11:34:39 ----D---- E:\WINDOWS 2008-10-24 11:34:36 ----D---- E:\WINDOWS\temp 2008-10-24 11:33:32 ----D---- E:\WINDOWS\system32\CatRoot2 2008-10-24 11:33:32 ----D---- E:\Program Files\eMule 2008-10-24 11:32:10 ----RD---- E:\Program Files 2008-10-23 23:16:58 ----N---- E:\WINDOWS\SchedLgU.Txt 2008-10-23 21:04:15 ----RSHDC---- E:\WINDOWS\system32\dllcache 2008-10-23 19:36:34 ----D---- E:\Program Files\Steam 2008-10-23 18:48:09 ----AC---- E:\WINDOWS\NeroDigital.ini 2008-10-23 18:25:36 ----D---- E:\WINDOWS\Prefetch 2008-10-22 18:20:18 ----D---- E:\WINDOWS\system32\LogFiles 2008-10-21 15:03:22 ----SHD---- E:\WINDOWS\Installer 2008-10-21 15:03:22 ----HD---- E:\Config.Msi 2008-10-21 15:03:22 ----D---- E:\WINDOWS\system32 2008-10-19 00:02:00 ----SD---- E:\WINDOWS\Downloaded Program Files 2008-10-18 16:40:10 ----D---- E:\WINDOWS\system32\ReinstallBackups 2008-10-18 16:40:08 ----D---- E:\WINDOWS\system32\drivers 2008-10-18 16:37:24 ----A---- E:\WINDOWS\Ascd_tmp.ini 2008-10-18 14:45:22 ----D---- E:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-17 16:14:20 ----AC---- E:\WINDOWS\win.ini 2008-10-17 12:47:41 ----D---- E:\Documents and Settings\florent\Application Data\Adobe 2008-10-17 12:47:39 ----D---- E:\Documents and Settings\florent\Application Data\Macromedia 2008-10-17 09:42:10 ----D---- E:\WINDOWS\Debug 2008-10-16 17:56:03 ----HD---- E:\WINDOWS\inf 2008-10-16 17:55:54 ----HD---- E:\WINDOWS\$hf_mig$ 2008-10-15 16:27:57 ----D---- E:\Documents and Settings\All Users\Application Data\Adobe 2008-10-15 10:41:58 ----D---- E:\Program Files\HP 2008-10-07 21:19:40 ----AC---- E:\WINDOWS\system32\MRT.exe 2008-10-01 17:19:13 ----D---- E:\Documents and Settings\florent\Application Data\mIRC 2008-10-01 17:18:58 ----D---- E:\Program Files\mIRC 2008-09-30 19:35:18 ----SHD---- E:\RECYCLER 2008-09-28 19:18:30 ----D---- E:\Program Files\IMMonitor 2008-09-28 10:10:33 ----D---- E:\Program Files\Java 2008-09-27 20:15:24 ----A---- E:\rapport.txt 2008-09-27 19:15:40 ----D---- E:\Program Files\MSNFix 2008-09-26 18:21:58 ----D---- E:\Documents and Settings\All Users\Application Data\CyberLink 2008-09-26 18:16:23 ----AD---- E:\Documents and Settings\All Users\Application Data\TEMP 2008-09-26 09:17:57 ----D---- E:\Program Files\SweetIM 2008-09-25 10:53:39 ----D---- E:\Program Files\Orange HSS ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 avgio;avgio; \??\E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; E:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-09-05 75072] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; E:\WINDOWS\System32\DRIVERS\cmdguard.sys [2005-11-04 87056] R1 cmdHlp;COMODO Firewall Pro Helper Driver; E:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2005-11-04 24208] R1 ElbyCDIO;ElbyCDIO Driver; E:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392] R1 kbdhid;Pilote HID de clavier; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 ssmdrv;ssmdrv; E:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 tmcomm;tmcomm; \??\E:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); E:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680] R3 avgntflt;avgntflt; \??\E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 btaudio;Périphérique audio Bluetooth; E:\WINDOWS\system32\drivers\btaudio.sys [2005-08-24 401152] R3 BTDriver;Pilote de communications virtuelles Bluetooth; E:\WINDOWS\system32\DRIVERS\btport.sys [2005-08-24 30363] R3 BTKRNL;Enumérateur de bus Bluetooth; E:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-24 1341466] R3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; E:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-08-24 148040] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; E:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-24 56648] R3 HidUsb;Pilote de classe HID Microsoft; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 LVUSBSta;Logitech USB Monitor Filter; E:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016] R3 mouhid;Pilote HID de souris; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288] R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-10-10 3530432] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048] R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928] R3 QCMerced;Logitech QuickCam Communicate; E:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152] R3 usbaudio;Pilote USB audio (WDM); E:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 VClone;VClone; E:\WINDOWS\system32\DRIVERS\VClone.sys [2008-07-17 28672] S1 wceusbsh;Pilote d'hôte USB série pour Windows CE; E:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-13 32128] S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\E:\Program Files\CyberLink\PowerDVD\000.fcl [] S3 catchme;catchme; \??\E:\DOCUME~1\Cindy_2\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; E:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; E:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; E:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Pilote du Moniteur réseau; E:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NPF;NetGroup Packet Filter Driver; E:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\PCANDIS5.SYS [] S3 SLIP;Détrameur décalage BDA; E:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; E:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Classe d'imprimantes USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Codec Teletext standard; E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-09-05 68865] R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-09-05 149761] R2 btwdins;Bluetooth Service; E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe [2005-08-24 258103] R2 cmdAgent;COMODO Firewall Pro Helper Service; E:\Program Files\COMODO\Firewall\cmdagent.exe [2005-11-04 519936] R2 MDM;Machine Debug Manager; E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2005-10-10 131139] R3 NMIndexingService;NMIndexingService; E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752] R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; E:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S2 Pml Driver HPZ12;Pml Driver HPZ12; E:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] S3 aspnet_state;Service d'état ASP.NET; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 Boonty Games;Boonty Games; E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 NBService;NBService; E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040] S3 odserv;Microsoft Office Diagnostics Service; E:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; E:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); E:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792] S3 WLSetupSvc;Windows Live Setup Service; E:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; E:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF-----------------