raz39

ok j'ai tout recommencé depuis le début ça marche pour le moment MERCI à vous pour votre aide

quand je cliques sur transfert et accès pop je tombe sur Accès Web et POP [Configuration POP] Accéder à Yahoo! Mail à l'aide du navigateur et du programme de messagerie local (p.ex. Outlook, Eudora, Netscape) via POP3. Lors du téléchargement des nouveaux messages: Ne pas inclure les messages de type spam détectés par SpamGuard Inclure tous les messages, y compris les messages de type spam détectés par SpamGuard Pour les messages que SpamGuard considère comme du spam, ajouter le préfixe [spam] dans l'objet Pour en savoir plus, connectez-vous - Afficher les paramètres POP Transfert des messages Transfert de messages Yahoo! Mail vers une autre adresse mail Adresse mail : (ex : utilisateur@companie.fr) quand je valide je retombe toujours sur cette même page

bonjour je n'arrive pas à trouver l'onglet Serveurs sur mon compte yahoo J'ai mis 995 à la place de 110 mais ça ne change pas

bonsoir et merci J'ai 2 mess d'erreurs lorsque je fis un test des paramètres du compte: *Envoi du message de test de la messagerie : impossible d'ouvrir une session sur le serveur de courrier sortant (SMTP). Vérifiez votre serveur STMP et, si celui-ci exige une authentification contrôlez les informations correspondantes sur les pages paramètres. *connexion au serveur de courrier entrant (POP3) : le serveur indiqué a été trouvé mais n'a pas répondu. Vérifiez les informations de port et les options SSL pour accéder à ces paramétrages, fermez cette boîte de dialogue, puis cliquez sur paramètres et sur l'onglet option avancées. en serveur entrant j'ai "pop.mail.yahoo.fr" 110 en serveur sortant j'ai "smtp.orange.fr" 25

bonsoir et merci de ton aide j'ai suivi les instructions du lien que tu m'as donné mais ça ne marche pas

ok merci à vous deux j'essaie ça dans la journée

j'obtiens le fichier "Bookmarks 2008-09-24.json" qui est sur mon bureau ou dois le mettre pour avoir mon marque page?

salut et merci de me répondre je suis sous XP et j'utilise firefox

Bonjour je voudrais savoir s'il est possible de sauvegarder l'ensemble de mes marques-pages pour le transferer sur un autre ordi? merci d'avance

bonjour, J'ai un problème avec mon ordi, quand je démarre j'ai un message qui s'affiche qui me dit de redémarrer l'ordi pour que les mises à jours soient effectives, ce message s'affiche à chaque fois même après plusieurs redémarrage. De plus je n'arrive pas à afficher l'icône windows média player sur mon bureau alors que le logiciel est présent sur mon ordi. (même en passant par accessoire et divertissement)

[General] App = "BitDefender Online Scanner v8" Date = 14:06:2008 Time = 01:00:57 Scan Path = C:\;D:\;E:\;F:\;G:\;H:\;I:\; [Engines Info] Virus Definitions = 1260762 Engine build = "AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)" Scan plugins = 16 Archive plugins = 42 Unpack plugins = 7 E-mail plugins = 6 System plugins = 5 [scan Statistics] Folders = 11008 Files = 199361 Archives = 1344 Packed files = 22276 Identified viruses = 11 Infected files = 23 Warnings = 0 Suspect files = 0 Disinfected files = 0 Deleted files = 32 Copied files = 0 Moved files = 0 Renamed files = 0 I/O Errors = 12 [scan Settings] SecondAction = Delete FirstAction = Disinfect Heuristics = 1 Enable Warnings = 1 Exclude Ext = Extensions = exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;pp t;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm ;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas; Scan Emails = 1 Scan Archives = 1 Scan Packed = 1 Scan Files = 1 Scan Boot = 1 Verify Memory = 0 [scan Results] Line00000052 = "C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03346202.exe=>(Quarantine-2) Détecté avec: Adware.VHW" Line00000051 = "C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03346202.exe=>(Quarantine-2) Supprimé" Line00000050 = "C:\Program Files\Norton AntiVirus\Quarantine\0D4406CF.dll=>(Quarantine-2) Infecté par: Trojan.Vundo.ESY" Line00000049 = "C:\Program Files\Norton AntiVirus\Quarantine\0D4406CF.dll=>(Quarantine-2) Supprimé" Line00000048 = "C:\Program Files\Norton AntiVirus\Quarantine\23AB0628.dll=>(Quarantine-2) Infecté par: Trojan.Vundo.ESY" Line00000047 = "C:\Program Files\Norton AntiVirus\Quarantine\23AB0628.dll=>(Quarantine-2) Supprimé" Line00000046 = "C:\Program Files\Norton AntiVirus\Quarantine\75EF5759.DLL=>(Quarantine-2) Infecté par: Trojan.Vundo.ERA" Line00000045 = "C:\Program Files\Norton AntiVirus\Quarantine\75EF5759.DLL=>(Quarantine-2) Supprimé" Line00000044 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP12\A0001526.exe Infecté par: Trojan.Spy.Wsnpoem.CO" Line00000043 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP12\A0001526.exe Echec de la désinfection" Line00000042 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP12\A0001526.exe Supprimé" Line00000041 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP28\A0007267.exe Infecté par: Trojan.Spy.Wsnpoem.CO" Line00000040 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP28\A0007267.exe Echec de la désinfection" Line00000039 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP28\A0007267.exe Supprimé" Line00000038 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP33\A0007459.EXE Infecté par: Trojan.Delf.Inject.AC" Line00000037 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP33\A0007459.EXE Echec de la désinfection" Line00000036 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP33\A0007459.EXE Supprimé" Line00000035 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP33\A0009408.dll Infecté par: Trojan.Vundo.ERC" Line00000034 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP33\A0009408.dll Echec de la désinfection" Line00000033 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP33\A0009408.dll Supprimé" Line00000032 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP33\A0009531.dll Infecté par: Trojan.Vundo.ERA" Line00000031 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP33\A0009531.dll Echec de la désinfection" Line00000030 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP33\A0009531.dll Supprimé" Line00000029 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP34\A0009594.DLL=>(Quarantine-2) Infecté par: Trojan.Vundo.ERA" Line00000028 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP34\A0009594.DLL=>(Quarantine-2) Supprimé" Line00000027 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP35\A0012615.dll Infecté par: Trojan.Vundo.ESK" Line00000026 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP35\A0012615.dll Supprimé" Line00000025 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP36\A0012683.dll Infecté par: Trojan.Vundo.ESK" Line00000024 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP36\A0012683.dll Supprimé" Line00000023 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012708.dll Infecté par: Trojan.Vundo.EOQ" Line00000022 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012708.dll Supprimé" Line00000021 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012712.dll Infecté par: Trojan.Vundo.ESF" Line00000020 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012712.dll Supprimé" Line00000019 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012714.exe Infecté par: Trojan.LowZones.SG" Line00000018 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012714.exe Echec de la désinfection" Line00000017 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012714.exe Supprimé" Line00000016 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012716.exe Infecté par: Trojan.LowZones.SG" Line00000015 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012716.exe Echec de la désinfection" Line00000014 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012716.exe Supprimé" Line00000013 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012717.dll Infecté par: Trojan.Vundo.EOQ" Line00000012 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012717.dll Supprimé" Line00000011 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012718.dll Infecté par: Trojan.Vundo.ESF" Line00000010 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012718.dll Supprimé" Line00000009 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012719.dll Infecté par: Trojan.Vundo.EQY" Line00000008 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP37\A0012719.dll Supprimé" Line00000007 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP40\A0013119.exe=>(Quarantine-2) Détecté avec: Adware.VHW" Line00000006 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP40\A0013119.exe=>(Quarantine-2) Supprimé" Line00000005 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP40\A0013120.dll=>(Quarantine-2) Infecté par: Trojan.Vundo.ESY" Line00000004 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP40\A0013120.dll=>(Quarantine-2) Supprimé" Line00000003 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP40\A0013121.dll=>(Quarantine-2) Infecté par: Trojan.Vundo.ESY" Line00000002 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP40\A0013121.dll=>(Quarantine-2) Supprimé" Line00000001 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP40\A0013122.DLL=>(Quarantine-2) Infecté par: Trojan.Vundo.ERA" Line00000000 = "C:\System Volume Information\_restore{9B106F6F-780B-4032-B2EA-2C71E948E272}\RP40\A0013122.DLL=>(Quarantine-2) Supprimé"

je n'arrive pas à retrouver le rapport complet dois-je recommencer la manoeuvre

BitDefender Online Scanner - Rapport virus en temps réel Généré à: Sat, Jun 14, 2008 - 01:02:39 -------------------------------------------------------------------------------- Info d'analyse Fichiers scannés 210475 Infectés Fichiers 23 Virus Détectés Trojan.LowZones.SG 2 Trojan.Vundo.ERA 4 Trojan.Vundo.EOQ 2 Trojan.Vundo.ERC 1 Trojan.Delf.Inject.AC 1 Trojan.Vundo.ESF 2 Trojan.Vundo.ESY 4 Trojan.Vundo.EQY 1 Trojan.Vundo.ESK 2 Adware.VHW 2 Trojan.Spy.Wsnpoem.CO 2 -------------------------------------------------------------------------------- Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.

Fichier advpack.dll reçu le 2008.06.13 16:45:02 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 0/32 (0%)

ComboFix 08-06-10.5 - Pc 2008-06-12 12:23:44.10 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.469 [GMT 2:00] Endroit: C:\Documents and Settings\Pc\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Pc\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\lqnojjut.dll C:\WINDOWS\system32\tujjonql.ini . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\lqnojjut.dll C:\WINDOWS\system32\tujjonql.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))))))) . 2008-06-12 07:45 . 2008-06-12 07:45 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-06-10 12:28 . 2008-06-10 12:28 <REP> d-------- C:\Deckard 2008-06-09 20:52 . 2008-06-09 20:52 <REP> d-------- C:\Documents and Settings\Pc\Application Data\TaoUSign 2008-05-21 14:57 . 2008-05-21 14:57 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom 2008-05-21 14:57 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll 2008-05-21 14:53 . 2008-05-21 14:53 <REP> d-------- C:\Program Files\SAGEM 2008-05-21 14:48 . 2008-05-21 14:48 <REP> d-------- C:\Program Files\Securitoo 2008-05-20 18:46 . 2008-05-20 19:18 <REP> d-------- C:\Program Files\Konvertor 2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-05-12 15:25 . 2008-05-12 15:25 <REP> d-------- C:\Documents and Settings\Pc\Application Data\vlc . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-12 08:26 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-09 16:29 --------- d-----w C:\Program Files\Norton AntiVirus 2008-05-21 12:59 --------- d-----w C:\Program Files\Orange 2008-05-21 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-27 15:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-27 15:23 --------- d-----w C:\Program Files\Unlocker 2008-04-26 08:46 94,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-26 08:46 2,180 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-25 19:24 --------- d-----w C:\Program Files\Trend Micro 2008-04-24 17:31 --------- d-----w C:\Program Files\Java 2008-04-24 17:13 --------- d-----w C:\Program Files\hijack this 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\xing shared 2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-04-14 15:52 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-08 21:57 26,472 ----a-w C:\Documents and Settings\Pc\Application Data\GDIPFONTCACHEV1.DAT 2007-11-14 10:06 139 ---ha-w C:\Documents and Settings\Pc\Application Data\brara1985.sys . ------- Sigcheck ------- 2005-05-26 04:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys 2006-01-14 02:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2006-03-24 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys 2005-05-26 04:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys 2006-01-13 11:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\dllcache\tcpip.sys 2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot_2008-06-11_20.13.29.68 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-11 18:09:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-12 10:27:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-14 15:52:45 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys + 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll + 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll + 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll + 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll + 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll + 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe + 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll + 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll + 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll + 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll + 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll + 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll + 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll + 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe + 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe + 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll + 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll + 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll + 2008-03-01 16:28:10 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll + 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll + 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll + 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll + 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll + 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll + 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll + 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll + 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll + 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll - 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-04-23 04:16:39 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2008-03-01 12:58:06 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-04-23 04:16:39 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll - 2004-08-03 22:40:30 274,944 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys + 2008-04-14 15:52:45 272,768 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys - 2008-03-01 12:58:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-04-23 04:16:39 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-03-01 12:58:06 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-04-23 04:16:39 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-03-01 12:58:06 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-04-23 04:16:39 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-04-23 04:16:39 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-02-29 08:56:41 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-04-22 07:41:08 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2008-03-01 12:58:06 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-04-23 04:16:39 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-03-01 12:58:06 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-04-23 04:16:39 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll - 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-04-23 04:16:39 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-03-01 12:58:07 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-04-23 04:16:39 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-04-23 04:16:39 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-03-01 12:58:08 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-04-23 04:16:39 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-04-23 04:16:39 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll - 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2008-02-29 08:57:05 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe + 2008-04-22 07:41:30 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe - 2008-03-01 12:58:08 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-04-23 04:16:40 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2006-03-24 03:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll + 2008-02-26 12:00:31 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll - 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-04-23 04:16:40 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-04-23 04:16:40 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-03-01 16:28:10 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-04-23 20:16:42 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-03-01 12:58:09 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-04-23 04:16:40 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-03-01 12:58:10 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-04-23 04:16:40 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-03-01 12:58:10 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-04-23 04:16:40 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-03-01 12:58:10 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll + 2008-04-23 04:16:40 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll - 2008-03-01 12:58:10 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-04-23 04:16:40 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-10-29 22:36:31 1,293,824 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll + 2008-05-07 04:55:47 1,294,336 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll - 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys + 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys - 2008-03-01 12:58:10 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll + 2008-04-23 04:16:40 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll - 2008-03-01 12:58:10 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-04-23 04:16:40 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-03-01 12:58:11 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-04-23 04:16:40 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-03-01 12:58:11 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-04-23 04:16:40 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-04-23 04:16:39 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-04-23 04:16:39 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-04-23 04:16:39 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-04-23 04:16:39 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-04-22 07:41:08 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2008-04-23 04:16:39 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2008-04-23 04:16:39 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-04-23 04:16:39 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-04-23 04:16:39 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-04-23 04:16:39 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2008-04-23 04:16:39 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-04-23 04:16:39 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-04-23 04:16:40 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe - 2006-03-24 03:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll + 2008-02-26 12:00:31 294,912 ----a-w C:\WINDOWS\system32\msctf.dll - 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-04-23 04:16:40 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-04-23 04:16:40 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-04-23 20:16:42 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-04-23 04:16:40 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-04-23 04:16:40 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-04-23 04:16:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\occache.dll + 2008-04-23 04:16:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll - 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2006-10-16 15:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll - 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-04-23 04:16:40 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-04-23 04:16:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-04-23 04:16:40 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 05:00 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 18:12 90112] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 23:22 577536 C:\WINDOWS\soundman.exe] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-24 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 17:51 64256] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 12:56 58728] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-03-03 21:44 100056] "Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [2008-03-05 21:20 94720] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-22 17:31 185896] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 05:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9768:TCP"= 9768:TCP:BitComet 9768 TCP "9768:UDP"= 9768:UDP:BitComet 9768 UDP R2 CanalPlus.VOD;CanalPlus.VOD;"C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-06-11 16:53] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-24 05:00] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}] \Shell\AutoRun\command - J:\AutoTransfer.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}] C:\WINDOWS\system32:lpr.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-23 20:23:05 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2008-06-12 08:27:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-12 12:28:05 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Canal\Canal Widget\Canal Widget.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Messenger\msmsgs.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-12 12:33:38 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-12 10:33:32 ComboFix2.txt 2008-06-11 18:33:43 ComboFix3.txt 2008-06-11 18:31:30 ComboFix4.txt 2008-06-11 18:17:22 ComboFix5.txt 2008-04-24 18:22:28 Pre-Run: 79,523,852,288 octets libres Post-Run: 79,513,956,352 octets libres 344 --- E O F --- 2008-06-12 05:48:20 le message d'erreur concernant les mises à jour a disparu depuis hier soir

2006-09-14 09:20 53 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML.vir 2008-04-22 23:58 1540617 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vgvvyids.ini.vir 2008-04-23 00:58 207880 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lTEKUtwa.ini2.vir 2008-04-23 00:59 207880 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\lTEKUtwa.ini.vir 2008-04-23 11:15 272384 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\khfCrPHB.dll.vir 2008-04-24 12:21 1504642 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\oentylci.ini.vir 2008-04-24 12:23 1504702 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\peeixktj.ini.vir 2008-04-24 20:03 251727 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\BHPrCfhk.ini.vir 2008-04-24 20:03 251727 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\BHPrCfhk.ini2.vir 2008-04-26 10:14 22 --a------ C:\Qoobox\Quarantine\catchme2008-04-24_200621,21.zip 2008-05-26 13:10 58368 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXNHwvs.dll.vir 2008-05-26 13:11 58368 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnmmJBQ.dll.vir 2008-05-26 13:15 371200 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJYPFYP.dll.vir 2008-05-26 13:16 124928 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xxdipkmf.dll.vir 2008-05-26 13:18 134144 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hxjemkxn.dll.vir 2008-05-26 13:21 2560 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\oobtqbps.exe.vir 2008-06-01 20:51 2560 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\phhcrfvw.exe.vir 2008-06-01 20:54 132096 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\srlpclij.dll.vir 2008-06-01 20:55 1486433 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ycxpsnoq.ini.vir 2008-06-09 18:21 100864 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mgaxfupq.dll.vir 2008-06-09 18:22 109056 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wdaphfwm.dll.vir 2008-06-09 18:22 1583885 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\axjkdogh.ini.vir 2008-06-10 18:22 100352 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bnmcunnh.dll.vir 2008-06-10 18:23 1578625 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tlcdtaly.ini.vir 2008-06-10 18:24 100352 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pcdmbmgh.dll.vir 2008-06-10 18:48 1563860 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wnwnfnqo.ini.vir 2008-06-10 18:49 157184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\saqllrxx.dll.vir 2008-06-10 18:51 157184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kufgwwrp.dll.vir 2008-06-10 22:18 143 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir 2008-06-11 18:28 1564169 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\onceirdy.ini.vir 2008-06-11 18:28 303 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir 2008-06-11 18:52 89600 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\eluaqthe.dll.vir 2008-06-11 18:52 98816 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fqlcmacf.dll.vir 2008-06-11 19:18 1615376 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tujjonql.ini.vir 2008-06-11 19:54 109835 --a------ C:\Qoobox\Quarantine\C\WINDOWS\BMfbff3eb4.xml.vir 2008-06-11 20:03 21 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir 2008-06-11 20:03 426584 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\PYFPYJjl.ini.vir 2008-06-11 20:03 426584 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\PYFPYJjl.ini2.vir 2008-06-11 20:07 362128 --a------ C:\Qoobox\Quarantine\catchme2008-06-11_200718,18.zip 2008-06-11 20:32 601 --a------ C:\Qoobox\Quarantine\catchme.log ComboFix 08-04-22.5 - Pc 2008-04-24 20:03:06.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.506 [GMT 2:00] Endroit: C:\Documents and Settings\Pc\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\amuuvvpr.dll C:\WINDOWS\system32\BHPrCfhk.ini C:\WINDOWS\system32\BHPrCfhk.ini2 C:\WINDOWS\system32\geBTMeFY.dll C:\WINDOWS\system32\ikpvkncn.dll C:\WINDOWS\system32\jtkxieep.dll C:\WINDOWS\system32\khfCrPHB.dll C:\WINDOWS\system32\lTEKUtwa.ini C:\WINDOWS\system32\lTEKUtwa.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\peeixktj.ini C:\WINDOWS\system32\sfessocu.dll C:\WINDOWS\system32\tybpagks.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))))))) . 2008-04-24 13:44 . 2008-04-24 17:31 <REP> d-------- C:\Program Files\Unlocker 2008-04-23 11:18 . 2008-04-24 12:21 1,504,642 ---hs---- C:\WINDOWS\system32\oentylci.ini 2008-04-22 23:58 . 2008-04-22 23:58 1,540,617 ---hs---- C:\WINDOWS\system32\vgvvyids.ini 2008-04-22 23:58 . 2008-04-24 13:14 109,810 --a------ C:\WINDOWS\BMfbff3eb4.xml 2008-04-22 23:58 . 2008-04-22 23:58 97,856 --------- C:\WINDOWS\system32\ddnkiova.dll_old 2008-04-22 17:32 . 2008-04-22 17:32 <REP> d-------- C:\Program Files\Fichiers communs\xing shared 2008-04-10 13:47 . 2008-04-10 13:47 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-04-10 13:47 . 2008-04-10 13:47 <REP> d-------- C:\Program Files\Canal 2008-04-10 13:45 . 2008-04-10 13:45 <REP> d-------- C:\Program Files\MSXML 6.0 2008-03-26 20:47 . 2008-03-26 20:47 <REP> d-------- C:\Program Files\Lavasoft 2008-03-26 20:47 . 2008-03-26 20:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-26 18:42 . 2008-03-26 18:44 <REP> d-------- C:\Program Files\Orange 2008-03-26 18:42 . 2008-03-26 18:42 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom 2008-03-26 18:42 . 2006-03-01 20:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll 2008-03-26 18:42 . 2007-09-25 20:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll 2008-03-26 18:42 . 2003-09-23 12:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys 2008-03-26 18:42 . 2006-03-01 20:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys 2008-03-26 18:37 . 2008-03-26 18:37 <REP> d-------- C:\Program Files\SAGEM 2008-03-26 18:36 . 2008-03-26 18:36 <REP> d-------- C:\Program Files\Securitoo . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-24 17:31 --------- d-----w C:\Program Files\Java 2008-04-24 17:13 --------- d-----w C:\Program Files\hijack this 2008-04-24 00:07 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-03-26 18:47 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-26 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-22 13:09 --------- d-----w C:\Documents and Settings\Pc\Application Data\DMCache 2008-03-21 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-03-21 19:11 --------- d-----w C:\Documents and Settings\Pc\Application Data\Ulead Systems 2008-03-21 19:01 --------- d-----w C:\Program Files\DomPlayer 2008-03-19 18:44 --------- d-----w C:\Program Files\Fichiers communs\InterVideo 2008-03-19 18:43 --------- d-----w C:\Program Files\Windows Media Components 2008-03-19 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-03-19 17:05 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia 2008-03-19 15:44 --------- d-----w C:\Program Files\PhotoFiltre 2008-03-19 13:49 --------- d-----w C:\Documents and Settings\Pc\Application Data\Ahead 2008-03-18 17:46 --------- d-----w C:\Documents and Settings\Pc\Application Data\ArcSoft 2008-03-05 09:21 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-03-03 19:46 --------- d-----w C:\Program Files\Norton AntiVirus 2008-03-03 19:44 --------- d-----w C:\Program Files\SymNetDrv 2008-03-03 19:44 --------- d-----w C:\Program Files\Symantec 2008-03-03 19:36 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Symantec 2008-03-02 18:43 4,608 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys 2008-03-02 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-02 17:33 --------- d-----w C:\Program Files\BitComet 2008-02-28 13:25 --------- d-----w C:\Program Files\VideoLAN 2008-02-27 11:43 --------- d-----w C:\Program Files\Windows Live 2008-02-16 16:03 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-08 21:57 26,472 ----a-w C:\Documents and Settings\Pc\Application Data\GDIPFONTCACHEV1.DAT 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-11-14 10:06 139 ---ha-w C:\Documents and Settings\Pc\Application Data\brara1985.sys . ------- Sigcheck ------- 2005-05-26 04:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys 2006-01-14 02:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2006-03-24 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys 2005-05-26 04:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys 2006-01-13 11:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\dllcache\tcpip.sys 2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 05:00 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 18:12 90112] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 23:22 577536 C:\WINDOWS\soundman.exe] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-24 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "PKR Pal"="./\pkrpal.exe" [ ] "ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 17:51 64256] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 17:29 58984] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-03-03 21:44 100056] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 21:08 94208] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 20:10 102400] "Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [2008-03-05 21:20 94720] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 05:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.alf2cd"= alf2cd.acm "msacm.scg726"= scg726.acm "vidc.dvsd"= mcdvd_32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9768:TCP"= 9768:TCP:BitComet 9768 TCP "9768:UDP"= 9768:UDP:BitComet 9768 UDP R2 CanalPlus.VOD;CanalPlus.VOD;"C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-04-07 18:11] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-24 05:00] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4d67262-111b-11dd-9e36-001921b308a8}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}] \Shell\AutoRun\command - J:\AutoTransfer.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}] C:\WINDOWS\system32:lpr.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-11 18:51:43 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2008-04-24 16:09:39 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-24 20:08:33 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Unlocker\UnlockerHook.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\cscript.exe . ************************************************************************** . Temps d'accomplissement: 2008-04-24 20:13:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-24 18:12:52 ComboFix2.txt 2008-02-18 18:40:53 Pre-Run: 102,175,367,168 octets libres Post-Run: 102,230,671,360 octets libres 218 --- E O F --- 2008-04-10 22:51:02 ComboFix 08-04-22.5 - Pc 2008-04-24 20:20:29.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.508 [GMT 2:00] Endroit: C:\Documents and Settings\Pc\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Pc\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\geBTMeFY.dll C:\WINDOWS\system32\khfCrPHB.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))))))) . 2008-04-24 13:44 . 2008-04-24 17:31 <REP> d-------- C:\Program Files\Unlocker 2008-04-23 11:18 . 2008-04-24 12:21 1,504,642 ---hs---- C:\WINDOWS\system32\oentylci.ini 2008-04-22 23:58 . 2008-04-22 23:58 1,540,617 ---hs---- C:\WINDOWS\system32\vgvvyids.ini 2008-04-22 23:58 . 2008-04-24 13:14 109,810 --a------ C:\WINDOWS\BMfbff3eb4.xml 2008-04-22 23:58 . 2008-04-22 23:58 97,856 --------- C:\WINDOWS\system32\ddnkiova.dll_old 2008-04-22 17:32 . 2008-04-22 17:32 <REP> d-------- C:\Program Files\Fichiers communs\xing shared 2008-04-10 13:47 . 2008-04-10 13:47 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-04-10 13:47 . 2008-04-10 13:47 <REP> d-------- C:\Program Files\Canal 2008-04-10 13:45 . 2008-04-10 13:45 <REP> d-------- C:\Program Files\MSXML 6.0 2008-03-26 20:47 . 2008-03-26 20:47 <REP> d-------- C:\Program Files\Lavasoft 2008-03-26 20:47 . 2008-03-26 20:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-26 18:42 . 2008-03-26 18:44 <REP> d-------- C:\Program Files\Orange 2008-03-26 18:42 . 2008-03-26 18:42 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom 2008-03-26 18:42 . 2006-03-01 20:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll 2008-03-26 18:42 . 2007-09-25 20:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll 2008-03-26 18:42 . 2003-09-23 12:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys 2008-03-26 18:42 . 2006-03-01 20:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys 2008-03-26 18:37 . 2008-03-26 18:37 <REP> d-------- C:\Program Files\SAGEM 2008-03-26 18:36 . 2008-03-26 18:36 <REP> d-------- C:\Program Files\Securitoo . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-24 17:31 --------- d-----w C:\Program Files\Java 2008-04-24 17:13 --------- d-----w C:\Program Files\hijack this 2008-04-24 00:07 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-03-26 18:47 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-03-26 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-22 13:09 --------- d-----w C:\Documents and Settings\Pc\Application Data\DMCache 2008-03-21 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-03-21 19:11 --------- d-----w C:\Documents and Settings\Pc\Application Data\Ulead Systems 2008-03-21 19:01 --------- d-----w C:\Program Files\DomPlayer 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 18:44 --------- d-----w C:\Program Files\Fichiers communs\InterVideo 2008-03-19 18:43 --------- d-----w C:\Program Files\Windows Media Components 2008-03-19 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-03-19 17:05 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia 2008-03-19 15:44 --------- d-----w C:\Program Files\PhotoFiltre 2008-03-19 13:49 --------- d-----w C:\Documents and Settings\Pc\Application Data\Ahead 2008-03-18 17:46 --------- d-----w C:\Documents and Settings\Pc\Application Data\ArcSoft 2008-03-05 09:21 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-03-03 19:46 --------- d-----w C:\Program Files\Norton AntiVirus 2008-03-03 19:44 --------- d-----w C:\Program Files\SymNetDrv 2008-03-03 19:44 --------- d-----w C:\Program Files\Symantec 2008-03-03 19:36 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Symantec 2008-03-02 18:43 4,608 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys 2008-03-02 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-02 17:34 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll 2008-03-02 17:33 --------- d-----w C:\Program Files\BitComet 2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-28 13:25 --------- d-----w C:\Program Files\VideoLAN 2008-02-27 11:43 --------- d-----w C:\Program Files\Windows Live 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 16:03 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-12 17:04 37,888 ----a-w C:\WINDOWS\system32\rar.exe 2008-02-08 21:57 26,472 ----a-w C:\Documents and Settings\Pc\Application Data\GDIPFONTCACHEV1.DAT 2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-11-14 10:06 139 ---ha-w C:\Documents and Settings\Pc\Application Data\brara1985.sys . ------- Sigcheck ------- 2005-05-26 04:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys 2006-01-14 02:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2006-03-24 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys 2005-05-26 04:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys 2006-01-13 11:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\dllcache\tcpip.sys 2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 05:00 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 18:12 90112] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 23:22 577536 C:\WINDOWS\soundman.exe] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-24 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "PKR Pal"="./\pkrpal.exe" [ ] "ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 17:51 64256] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 17:29 58984] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-03-03 21:44 100056] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 21:08 94208] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 20:10 102400] "Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [2008-03-05 21:20 94720] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 07:10 15872] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 05:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 01:20:58 323646] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.alf2cd"= alf2cd.acm "msacm.scg726"= scg726.acm "vidc.dvsd"= mcdvd_32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9768:TCP"= 9768:TCP:BitComet 9768 TCP "9768:UDP"= 9768:UDP:BitComet 9768 UDP R2 CanalPlus.VOD;CanalPlus.VOD;"C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-04-07 18:11] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-24 05:00] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}] \Shell\AutoRun\command - J:\AutoTransfer.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}] C:\WINDOWS\system32:lpr.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-11 18:51:43 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2008-04-24 16:09:39 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-24 20:21:38 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-04-24 20:22:27 ComboFix-quarantined-files.txt 2008-04-24 18:22:10 ComboFix2.txt 2008-04-24 18:13:11 ComboFix3.txt 2008-02-18 18:40:53 Pre-Run: 102,207,967,232 octets libres Post-Run: 102,196,539,392 octets libres 173 --- E O F --- 2008-04-10 22:51:02 ComboFix 08-06-10.5 - Pc 2008-06-11 20:03:22.6 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.397 [GMT 2:00] Endroit: C:\Documents and Settings\Pc\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMfbff3eb4.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\axjkdogh.ini C:\WINDOWS\system32\bnmcunnh.dll C:\WINDOWS\system32\cbXNHwvs.dll C:\WINDOWS\system32\eluaqthe.dll C:\WINDOWS\system32\fqlcmacf.dll C:\WINDOWS\system32\hxjemkxn.dll C:\WINDOWS\system32\kufgwwrp.dll C:\WINDOWS\system32\ljJYPFYP.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mgaxfupq.dll C:\WINDOWS\system32\onceirdy.ini C:\WINDOWS\system32\oobtqbps.exe C:\WINDOWS\system32\pcdmbmgh.dll C:\WINDOWS\system32\phhcrfvw.exe C:\WINDOWS\system32\pmnmmJBQ.dll C:\WINDOWS\system32\PYFPYJjl.ini C:\WINDOWS\system32\PYFPYJjl.ini2 C:\WINDOWS\system32\saqllrxx.dll C:\WINDOWS\system32\srlpclij.dll C:\WINDOWS\system32\tlcdtaly.ini C:\WINDOWS\system32\tujjonql.ini C:\WINDOWS\system32\wdaphfwm.dll C:\WINDOWS\system32\wnwnfnqo.ini C:\WINDOWS\system32\xxdipkmf.dll C:\WINDOWS\system32\ycxpsnoq.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))))))) . 2008-06-11 20:09 . 2008-06-11 20:09 294 ---hs---- C:\WINDOWS\system32\tujjonql.ini 2008-06-11 18:54 . 2008-06-11 18:54 80,896 --a------ C:\WINDOWS\system32\lqnojjut.dll 2008-06-10 12:28 . 2008-06-10 12:28 <REP> d-------- C:\Deckard 2008-06-09 20:52 . 2008-06-09 20:52 <REP> d-------- C:\Documents and Settings\Pc\Application Data\TaoUSign 2008-05-21 14:57 . 2008-05-21 14:57 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom 2008-05-21 14:57 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll 2008-05-21 14:53 . 2008-05-21 14:53 <REP> d-------- C:\Program Files\SAGEM 2008-05-21 14:48 . 2008-05-21 14:48 <REP> d-------- C:\Program Files\Securitoo 2008-05-20 18:46 . 2008-05-20 19:18 <REP> d-------- C:\Program Files\Konvertor 2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-05-12 15:25 . 2008-05-12 15:25 <REP> d-------- C:\Documents and Settings\Pc\Application Data\vlc . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-10 20:25 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-09 16:29 --------- d-----w C:\Program Files\Norton AntiVirus 2008-05-21 12:59 --------- d-----w C:\Program Files\Orange 2008-05-21 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-27 15:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-27 15:23 --------- d-----w C:\Program Files\Unlocker 2008-04-26 08:46 94,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-26 08:46 2,180 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-25 19:24 --------- d-----w C:\Program Files\Trend Micro 2008-04-24 17:31 --------- d-----w C:\Program Files\Java 2008-04-24 17:13 --------- d-----w C:\Program Files\hijack this 2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\xing shared 2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-02-08 21:57 26,472 ----a-w C:\Documents and Settings\Pc\Application Data\GDIPFONTCACHEV1.DAT 2007-11-14 10:06 139 ---ha-w C:\Documents and Settings\Pc\Application Data\brara1985.sys . ------- Sigcheck ------- 2005-05-26 04:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys 2006-01-14 02:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2006-03-24 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys 2005-05-26 04:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys 2006-01-13 11:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\dllcache\tcpip.sys 2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-04-24_20.11.48.68 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll + 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll + 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll + 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll + 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll + 2008-03-25 06:56:31 194,144 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll + 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll + 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll + 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll + 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll + 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll + 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll + 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll + 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll + 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll + 2007-11-01 05:15:27 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll + 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll + 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll + 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe + 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll + 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe + 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll - 2008-04-24 18:08:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-11 18:09:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-03-12 09:33:01 167,936 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe + 2008-05-14 23:19:20 167,936 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe - 2008-03-12 09:33:01 2,560 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe + 2008-05-14 23:19:20 2,560 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe - 2008-03-12 09:33:01 81,920 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe + 2008-05-14 23:19:20 81,920 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe - 2008-03-12 09:33:00 34,304 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe + 2008-05-14 23:19:20 34,304 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe - 2008-03-12 09:33:01 8,192 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe + 2008-05-14 23:19:20 8,192 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe - 2008-03-12 09:33:01 3,584 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe + 2008-05-14 23:19:20 3,584 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe - 2008-03-12 09:33:01 114,688 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe + 2008-05-14 23:19:20 114,688 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe - 2008-03-12 09:33:00 16,384 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe + 2008-05-14 23:19:20 16,384 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe - 2008-03-12 09:33:00 30,720 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe + 2008-05-14 23:19:20 30,720 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe - 2008-03-12 09:33:01 22,528 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe + 2008-05-14 23:19:20 22,528 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe - 2008-03-12 09:33:00 45,056 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe + 2008-05-14 23:19:20 45,056 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe - 2008-03-12 09:33:00 90,112 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe + 2008-05-14 23:19:20 90,112 ----a-r C:\WINDOWS\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe - 2008-03-12 09:32:43 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-05-14 23:19:28 135,168 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-03-12 09:32:43 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe + 2008-05-14 23:19:28 40,960 ----a-r C:\WINDOWS\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe - 2006-03-24 03:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll + 2004-08-03 22:54:28 21,504 -c--a-w C:\WINDOWS\system32\dllcache\hidserv.dll + 2004-08-03 22:45:14 14,848 -c--a-w C:\WINDOWS\system32\dllcache\kbdhid.sys - 2006-03-24 03:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll - 2006-03-24 03:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll - 2006-03-24 03:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll - 2006-03-24 03:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll - 2006-03-24 03:00:00 184,351 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll + 2008-03-25 04:51:08 194,144 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll - 2006-03-24 03:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll - 2006-03-24 03:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll - 2006-03-24 03:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll + 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll - 2006-03-24 03:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll - 2006-03-24 03:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll - 2006-03-24 03:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll - 2006-03-24 03:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll - 2006-03-24 03:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll - 2006-03-24 03:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll - 2006-03-24 03:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll + 2008-03-25 04:51:09 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll - 2006-03-24 03:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll + 2004-08-03 22:45:14 14,848 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys + 2004-08-03 22:54:28 21,504 ----a-w C:\WINDOWS\system32\hidserv.dll - 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe - 2006-03-24 03:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll - 2006-03-24 03:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll - 2006-03-24 03:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll - 2006-03-24 03:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll - 2006-03-24 03:00:00 184,351 ----a-w C:\WINDOWS\system32\msjint40.dll + 2008-03-25 04:51:08 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll - 2006-03-24 03:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll - 2006-03-24 03:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll - 2006-03-24 03:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll - 2006-03-24 03:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll - 2006-03-24 03:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll - 2006-03-24 03:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll - 2006-03-24 03:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll - 2006-03-24 03:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll - 2006-03-24 03:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll - 2006-03-24 03:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll + 2008-03-25 04:51:09 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll - 2006-03-24 03:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll - 2008-03-30 09:27:04 64,336 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-05-20 18:20:33 64,336 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-30 09:27:04 78,148 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-05-20 18:20:33 78,148 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-03-30 09:27:04 407,806 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-05-20 18:20:33 407,806 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-03-30 09:27:04 476,284 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-05-20 18:20:33 476,284 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-06-09 18:08:33 177,636 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 05:00 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 18:12 90112] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 23:22 577536 C:\WINDOWS\soundman.exe] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-24 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 17:51 64256] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 12:56 58728] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-03-03 21:44 100056] "Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [2008-03-05 21:20 94720] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-22 17:31 185896] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400] "f8cc0d28"="C:\WINDOWS\system32\lqnojjut.dll" [2008-06-11 18:54 80896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 05:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9768:TCP"= 9768:TCP:BitComet 9768 TCP "9768:UDP"= 9768:UDP:BitComet 9768 UDP R2 CanalPlus.VOD;CanalPlus.VOD;"C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-06-11 16:53] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-24 05:00] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}] \Shell\AutoRun\command - J:\AutoTransfer.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}] C:\WINDOWS\system32:lpr.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-05-23 20:23:05 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2008-06-11 16:25:35 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 20:09:37 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\lqnojjut.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\CCEVTMGR.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE . ************************************************************************** . Temps d'accomplissement: 2008-06-11 20:17:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-11 18:17:15 ComboFix2.txt 2008-04-24 18:22:28 ComboFix3.txt 2008-04-24 18:13:11 ComboFix4.txt 2008-02-18 18:40:53 Pre-Run: 80,482,230,272 octets libres Post-Run: 80,473,669,632 octets libres 337 --- E O F --- 2008-05-16 23:06:48 ComboFix 08-06-10.5 - Pc 2008-06-11 20:27:30.8 - NTFSx86 Endroit: C:\Documents and Settings\Pc\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))))))) . 2008-06-11 20:09 . 2008-06-11 20:27 534 ---hs---- C:\WINDOWS\system32\tujjonql.ini 2008-06-11 18:54 . 2008-06-11 18:54 80,896 --a------ C:\WINDOWS\system32\lqnojjut.dll 2008-06-10 12:28 . 2008-06-10 12:28 <REP> d-------- C:\Deckard 2008-06-09 20:52 . 2008-06-09 20:52 <REP> d-------- C:\Documents and Settings\Pc\Application Data\TaoUSign 2008-05-21 14:57 . 2008-05-21 14:57 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom 2008-05-21 14:57 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll 2008-05-21 14:53 . 2008-05-21 14:53 <REP> d-------- C:\Program Files\SAGEM 2008-05-21 14:48 . 2008-05-21 14:48 <REP> d-------- C:\Program Files\Securitoo 2008-05-20 18:46 . 2008-05-20 19:18 <REP> d-------- C:\Program Files\Konvertor 2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-05-12 15:25 . 2008-05-12 15:25 <REP> d-------- C:\Documents and Settings\Pc\Application Data\vlc . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-10 20:25 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-09 16:29 --------- d-----w C:\Program Files\Norton AntiVirus 2008-05-21 12:59 --------- d-----w C:\Program Files\Orange 2008-05-21 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-27 15:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-27 15:23 --------- d-----w C:\Program Files\Unlocker 2008-04-26 08:46 94,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-26 08:46 2,180 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-25 19:24 --------- d-----w C:\Program Files\Trend Micro 2008-04-24 17:31 --------- d-----w C:\Program Files\Java 2008-04-24 17:13 --------- d-----w C:\Program Files\hijack this 2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\xing shared 2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-08 21:57 26,472 ----a-w C:\Documents and Settings\Pc\Application Data\GDIPFONTCACHEV1.DAT 2007-11-14 10:06 139 ---ha-w C:\Documents and Settings\Pc\Application Data\brara1985.sys . ------- Sigcheck ------- 2005-05-26 04:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys 2006-01-14 02:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2006-03-24 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys 2005-05-26 04:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys 2006-01-13 11:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\dllcache\tcpip.sys 2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot_2008-06-11_20.13.29.68 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-11 18:09:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-11 18:19:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 05:00 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 18:12 90112] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 23:22 577536 C:\WINDOWS\soundman.exe] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-24 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 17:51 64256] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 12:56 58728] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-03-03 21:44 100056] "Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [2008-03-05 21:20 94720] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-22 17:31 185896] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400] "f8cc0d28"="C:\WINDOWS\system32\lqnojjut.dll" [2008-06-11 18:54 80896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 05:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 01:20:58 323646] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9768:TCP"= 9768:TCP:BitComet 9768 TCP "9768:UDP"= 9768:UDP:BitComet 9768 UDP [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}] \Shell\AutoRun\command - J:\AutoTransfer.exe *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}] C:\WINDOWS\system32:lpr.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-23 20:23:05 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2008-06-11 16:25:35 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 20:28:32 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-11 20:31:27 ComboFix-quarantined-files.txt 2008-06-11 18:31:25 ComboFix2.txt 2008-06-11 18:17:22 ComboFix3.txt 2008-04-24 18:22:28 ComboFix4.txt 2008-04-24 18:13:11 ComboFix5.txt 2008-02-18 18:40:53 Pre-Run: 80,479,952,896 octets libres Post-Run: 80,460,021,760 octets libres 141 --- E O F --- 2008-05-16 23:06:48

voila le rapport : ComboFix 08-06-10.5 - Pc 2008-06-11 20:32:05.9 - NTFSx86 Endroit: C:\Documents and Settings\Pc\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))))))) . 2008-06-11 20:09 . 2008-06-11 20:27 534 ---hs---- C:\WINDOWS\system32\tujjonql.ini 2008-06-11 18:54 . 2008-06-11 18:54 80,896 --a------ C:\WINDOWS\system32\lqnojjut.dll 2008-06-10 12:28 . 2008-06-10 12:28 <REP> d-------- C:\Deckard 2008-06-09 20:52 . 2008-06-09 20:52 <REP> d-------- C:\Documents and Settings\Pc\Application Data\TaoUSign 2008-05-21 14:57 . 2008-05-21 14:57 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom 2008-05-21 14:57 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll 2008-05-21 14:53 . 2008-05-21 14:53 <REP> d-------- C:\Program Files\SAGEM 2008-05-21 14:48 . 2008-05-21 14:48 <REP> d-------- C:\Program Files\Securitoo 2008-05-20 18:46 . 2008-05-20 19:18 <REP> d-------- C:\Program Files\Konvertor 2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys 2008-05-17 11:36 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys 2008-05-12 15:25 . 2008-05-12 15:25 <REP> d-------- C:\Documents and Settings\Pc\Application Data\vlc . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-10 20:25 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-09 16:29 --------- d-----w C:\Program Files\Norton AntiVirus 2008-05-21 12:59 --------- d-----w C:\Program Files\Orange 2008-05-21 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-27 15:27 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-27 15:23 --------- d-----w C:\Program Files\Unlocker 2008-04-26 08:46 94,240 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-04-26 08:46 2,180 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-04-25 19:24 --------- d-----w C:\Program Files\Trend Micro 2008-04-24 17:31 --------- d-----w C:\Program Files\Java 2008-04-24 17:13 --------- d-----w C:\Program Files\hijack this 2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\xing shared 2008-04-22 15:32 --------- d-----w C:\Program Files\Fichiers communs\Real 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-08 21:57 26,472 ----a-w C:\Documents and Settings\Pc\Application Data\GDIPFONTCACHEV1.DAT 2007-11-14 10:06 139 ---ha-w C:\Documents and Settings\Pc\Application Data\brara1985.sys . ------- Sigcheck ------- 2005-05-26 04:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys 2006-01-14 02:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys 2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2006-03-24 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys 2005-05-26 04:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys 2006-01-13 11:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\dllcache\tcpip.sys 2008-03-05 11:21 360064 36ad2c404e3980e5c4c5e662135c8da7 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot_2008-06-11_20.13.29.68 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-11 18:09:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-11 18:19:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 05:00 15360] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 06:57 2494464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 18:12 90112] "SoundMan"="SOUNDMAN.EXE" [2006-03-01 23:22 577536 C:\WINDOWS\soundman.exe] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 13:15 102400] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632] "BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-24 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 17:51 64256] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 12:56 58728] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-03-03 21:44 100056] "Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [2008-03-05 21:20 94720] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-22 17:31 185896] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400] "f8cc0d28"="C:\WINDOWS\system32\lqnojjut.dll" [2008-06-11 18:54 80896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 05:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 01:20:58 323646] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9768:TCP"= 9768:TCP:BitComet 9768 TCP "9768:UDP"= 9768:UDP:BitComet 9768 UDP R2 CanalPlus.VOD;CanalPlus.VOD;"C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-06-11 16:53] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-24 05:00] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}] \Shell\AutoRun\command - J:\AutoTransfer.exe *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}] C:\WINDOWS\system32:lpr.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-23 20:23:05 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/task: "2008-06-11 16:25:35 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 20:33:02 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-11 20:33:42 ComboFix-quarantined-files.txt 2008-06-11 18:33:31 ComboFix2.txt 2008-06-11 18:31:30 ComboFix3.txt 2008-06-11 18:17:22 ComboFix4.txt 2008-04-24 18:22:28 ComboFix5.txt 2008-04-24 18:13:11 Pre-Run: 80,479,477,760 octets libres Post-Run: 80,467,410,944 octets libres 141 --- E O F --- 2008-05-16 23:06:48

bonsoir j'ai le petit bouclier rouge (pareil que celui qui est jaune lorsque les MAJ sont pretes à être installer) quan je clique dessus ça me dit que les MAJ sont désactivées. ça me met : "il se peut que votre ordinateur coure un risque, les mises à jour automatiques sont desactivées.Cilquez sur ce message pour corriger le problème"

cette option n'apparait pas est ce que c'est tout ce qu je dois faire? par contre j'ai toujours le message d'erreur concernant les mise à jours eqt toujours présent

je voulais signaler que je n'arrive pas à e connecter sur le forum de zebulon n avec mozilla ni avec IE

Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professionnel (build 2600) SP 2.0 Architecture: X86; Language: French CPU 0: Intel® Pentium® D CPU 2.80GHz CPU 1: Intel® Pentium® D CPU 2.80GHz Percentage of Memory in Use: 67% Physical Memory (total/avail): 959.36 MiB / 310.23 MiB Pagefile Memory (total/avail): 2317.55 MiB / 1707.46 MiB Virtual Memory (total/avail): 2047.88 MiB / 1937.39 MiB C: is Fixed (NTFS) - 181.6 GiB total, 74.6 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) F: is Removable (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) \\.\PHYSICALDRIVE0 - ST3200827AS - 186.31 GiB - 2 partitions \PARTITION0 (bootable) - Système de fichiers installable - 181.6 GiB - C: \PARTITION1 - Unknown - 4.71 GiB \\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device \\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device \\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device \\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FW: Norton Internet Worm Protection v2005 (Symantec) AV: Norton AntiVirus 2005 v2005 (Symantec Corporation) Disabled [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Pc\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Fichiers communs COMPUTERNAME=NOM-69E8FCA5E0D ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Pc LOGONSERVER=\\NOM-69E8FCA5E0D NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Fichiers communs\Ulead Systems\MPEG PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0604 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SonicCentral=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Pc\LOCALS~1\Temp TMP=C:\DOCUME~1\Pc\LOCALS~1\Temp USERDOMAIN=NOM-69E8FCA5E0D USERNAME=Pc USERPROFILE=C:\Documents and Settings\Pc windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Pc (admin) Administrateur (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\PROGRA~1\GOTOSO~1\VADERE~1\UNWISE.EXE C:\PROGRA~1\GOTOSO~1\VADERE~1\INSTALL.LOG --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNNMP.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{497A1721-088F-41EF-8876-B43C9DA5528B}\setup.exe" -l0x40c Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} ATI - Utilitaire de désinstallation du logiciel --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> MsiExec.exe /I{673AB3CA-22D3-477C-8F09-8BB9923C0160} ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7} Barre d'outils MSN --> C:\Program Files\MSN Toolbar\01.01.2607.0\fr\mtbs.exe c BitComet 0.99 --> C:\Program Files\BitComet\uninst.exe CamfrogWEB Advanced ActiveX Plugin (remove only) --> "C:\Program Files\CFWebAdvancedU\Uninstall.exe" CANAL WIDGET --> MsiExec.exe /X{09B6B322-325F-4A5F-9051-830ED194A1A7} ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB} CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Correctif n° 2 pour Windows XP Édition Media Center 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB888795) --> "C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe" Correctif pour Windows XP (KB891593) --> "C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe" Correctif pour Windows XP (KB896256) --> "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe" Correctif pour Windows XP (KB899337) --> "C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe" Correctif pour Windows XP (KB899510) --> "C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe" Correctif pour Windows XP (KB902841) --> "C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe" Correctif pour Windows XP (KB912024) --> "C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe" Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Correctif Windows XP - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe Correctif Windows XP - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Correctif Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Correctif Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Correctif Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Correctif Windows XP - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Correctif Windows XP - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe" Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Correctif Windows XP - KB892627 --> C:\WINDOWS\$NtUninstallKB892627$\spuninst\spuninst.exe Correctif Windows XP - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe" Correctif Windows XP - KB895961 --> "C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe" CSO-DAX COMPILATOR --> "C:\WINDOWS\CSO-DAX COMPILATOR\uninstall.exe" "/U:C:\Program Files\CSO-DAX COMPILATOR\Uninstall\uninstall.xml" DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN docXConverter 2.0.1 --> "C:\Program Files\docXConverter\unins000.exe" EA Download Manager --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1036 Ecran de veille AOL Photos --> C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe Firebird SQL Server - MAGIX Edition (F) --> C:\MAGIX\Common\Database\uninstall.exe Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068} Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} HijackThis 2.0.2 --> "C:\PROGRA~1\TRENDM~1\HIJACK~1\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" hp psc 2100 series --> rundll32 hpzcon05.dll,VendorJettison hp psc 2100 series Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0} Java 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Konvertor --> C:\Program Files\Konvertor\uninst.exe Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe LFP Manager 07 --> C:\Program Files\EA SPORTS\LFP Manager 07\EAUninstall.exe livebox --> C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly LiveReg (Symantec Corporation) --> C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VCSetup.exe /REMOVE LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U LUMIX Simple Viewer --> C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe -runfromtemp -l0x040c -removeonly Macromedia Flash Player 8 --> MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750} Macromedia Shockwave Player --> MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9} Microsoft Office XP Professional avec FrontPage --> MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Mise à jour pour Lecteur Windows Media 10 (KB910393) --> "C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe" Mise à jour pour Lecteur Windows Media 10 (KB913800) --> "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" Mise à jour pour Lecteur Windows Media 10 (KB926251) --> "C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB900930) --> "C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB911164) --> Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nero Suite --> C:\Program Files\Fichiers communs\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID="" Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B} Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4} Orange - Logiciels Internet --> C:\Program Files\Orange\installation\core\Installgui.exe -u Package de base Microsoft de service de chiffrement pour cartes à puce --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Packard Bell - Skype 2.0 --> "C:\Program Files\Skype\Phone\unins000.exe" Photo et imagerie HP 1.0 - HP PSC - HP OfficeJet --> C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\fra\hposcr01.exe -forcereboot -datfile hposcr01.dat Photo et imagerie HP 1.0 - HP PSC - HP OfficeJet --> MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2} Photo et imagerie HP 1.0 - HP PSC - HP OfficeJet Pilote --> MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052} PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe" PHOTOfunSTUDIO -viewer- --> C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\Setup.exe -runfromtemp -l0x040cPackage -removeonly PKR --> "C:\Program Files\PKR\uninstall-pkr.exe" PokerTH --> C:/Program Files/PokerTH/uninstall.exe PowerDVD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log Readiris 7.5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x40c RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Sony ACID Music Studio 6.0b --> MsiExec.exe /X{80556551-1759-41A9-88D7-A38EB411E567} SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe" Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09} Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138} SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Toolbar avec bloqueur de fenêtres pop-up --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type10961 / Warning Event Submitted/Written: 06/09/2008 08:09:59 PM Event ID/Source: 32068 / Microsoft Fax Event Description: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement. Code de pays/région : '*' Indicatif régional : '*' Event Record #/Type10960 / Warning Event Submitted/Written: 06/09/2008 08:09:59 PM Event ID/Source: 32026 / Microsoft Fax Event Description: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI). Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé. Event Record #/Type10943 / Warning Event Submitted/Written: 06/09/2008 06:30:40 PM Event ID/Source: 32068 / Microsoft Fax Event Description: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement. Code de pays/région : '*' Indicatif régional : '*' Event Record #/Type10942 / Warning Event Submitted/Written: 06/09/2008 06:30:40 PM Event ID/Source: 32026 / Microsoft Fax Event Description: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI). Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé. Event Record #/Type10926 / Warning Event Submitted/Written: 06/09/2008 06:20:28 PM Event ID/Source: 32068 / Microsoft Fax Event Description: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement. Code de pays/région : '*' Indicatif régional : '*' -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type91190 / Error Event Submitted/Written: 06/10/2008 00:34:52 PM Event ID/Source: 11 / Disk Event Description: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk3\D. Event Record #/Type91189 / Error Event Submitted/Written: 06/10/2008 00:34:51 PM Event ID/Source: 11 / Disk Event Description: Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk3\D. Event Record #/Type91188 / Error Event Submitted/Written: 06/10/2008 00:20:44 PM Event ID/Source: 10010 / DCOM Event Description: Le serveur {F3A614DC-ABE0-11D2-A441-00C04F795683} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Event Record #/Type91172 / Warning Event Submitted/Written: 06/10/2008 07:51:50 AM Event ID/Source: 1003 / Dhcp Event Description: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001921B308A8. Il s'est produit l'erreur suivante : %%121. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Event Record #/Type91168 / Warning Event Submitted/Written: 06/10/2008 07:40:39 AM Event ID/Source: 2504 / Server Event Description: Le serveur n'a pas pu se lier au transport \Device\NetBT_Tcpip_{5714ED9F-D4C9-491E-B117-6100E21EDF22}. -- End of Deckard's System Scanner: finished at 2008-06-10 12:34:53 ------------ Deckard's System Scanner v20071014.68 Run by Pc on 2008-06-10 12:29:06 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 35: 2008-06-10 10:29:14 UTC - RP35 - Deckard's System Scanner Restore Point 34: 2008-06-09 18:10:09 UTC - RP34 - Opération de restauration 33: 2008-05-26 11:16:12 UTC - RP33 - Last known good configuration 32: 2008-05-26 11:16:04 UTC - RP32 - Point de vérification système 31: 2008-05-26 11:16:03 UTC - RP31 - Point de vérification système -- First Restore Point -- 1: 2008-05-26 11:15:59 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Pc.exe) -------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:30:31, on 10/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Pc\Bureau\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Pc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C09C146-F48F-4A3D-9770-8E79808D07D8} - C:\WINDOWS\system32\ljJYPFYP.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: {0cafdbcf-5a6f-1b28-06d4-3569b49fda18} - {81adf94b-9653-4d60-82b1-f6a5fcbdfac0} - C:\WINDOWS\system32\wdaphfwm.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B6E95516-27C0-443D-9BA9-ABD8C12BAE16} - C:\WINDOWS\system32\cbXNHwvs.dll O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [f8cc0d28] rundll32.exe "C:\WINDOWS\system32\ylatdclt.dll",b O4 - HKLM\..\Run: [bMfbff3eb4] Rundll32.exe "C:\WINDOWS\system32\mgaxfupq.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.canal-plus.com (HKLM) O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180516255535 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: cbXNHwvs - C:\WINDOWS\SYSTEM32\cbXNHwvs.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 12775 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS> R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell> S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver> S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing) S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 PID_0928 (Labtec WebCam(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing) S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver> S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver> S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)> S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA> S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA> S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA> S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver> S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CanalPlus.VOD - "c:\program files\canal\canal widget\vod\canalplus.vod.exe" <Not Verified; Canal+ Active; CanalPlus.VOD.V1> R2 FTRTSVC (France Telecom Routing Table Service) - "c:\progra~1\fichie~1\france telecom\shared modules\ftrtsvc\0\ftrtsvc.exe" <Not Verified; France Telecom SA; CSS-Corporate> R2 USBDeviceService - c:\program files\sonic\digitalmedia le v7\mydvd le\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module> S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-10 10:24:37 358 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-05-23 22:23:05 560 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job -- Files created between 2008-05-10 and 2008-06-10 ----------------------------- 2008-06-09 20:52:48 0 d-------- C:\Documents and Settings\Pc\Application Data\TaoUSign 2008-06-09 20:08:32 0 dr-h----- C:\Documents and Settings\Pc\Recent 2008-06-09 18:22:50 92160 --a------ C:\WINDOWS\system32\ylatdclt.dll 2008-06-09 18:22:45 109056 --a------ C:\WINDOWS\system32\wdaphfwm.dll 2008-06-09 18:21:56 100864 --a------ C:\WINDOWS\system32\mgaxfupq.dll 2008-06-01 20:54:27 132096 --a------ C:\WINDOWS\system32\srlpclij.dll 2008-06-01 20:51:14 2560 --a------ C:\WINDOWS\system32\phhcrfvw.exe 2008-05-26 13:21:51 2560 --a------ C:\WINDOWS\system32\oobtqbps.exe 2008-05-26 13:18:51 134144 --a------ C:\WINDOWS\system32\hxjemkxn.dll 2008-05-26 13:16:46 124928 --a------ C:\WINDOWS\system32\xxdipkmf.dll 2008-05-26 13:15:49 466705 --ahs---- C:\WINDOWS\system32\PYFPYJjl.ini2 2008-05-26 13:15:41 371200 --a------ C:\WINDOWS\system32\ljJYPFYP.dll 2008-05-26 13:11:19 58368 --a------ C:\WINDOWS\system32\pmnmmJBQ.dll 2008-05-26 13:10:33 58368 --a------ C:\WINDOWS\system32\cbXNHwvs.dll 2008-05-21 14:57:39 65536 --a------ C:\WINDOWS\system32\Autodial2000.dll <Not Verified; France Telecom SA; CSS-Corporate> 2008-05-21 14:57:18 0 d-------- C:\Program Files\Fichiers communs\France Telecom 2008-05-21 14:53:48 0 d-------- C:\Program Files\SAGEM 2008-05-21 14:48:24 0 d-------- C:\Program Files\Securitoo 2008-05-20 18:46:47 0 d-------- C:\Program Files\Konvertor 2008-05-12 15:25:47 0 d-------- C:\Documents and Settings\Pc\Application Data\vlc -- Find3M Report --------------------------------------------------------------- 2008-06-09 20:11:17 0 d-------- C:\Program Files\Fichiers communs 2008-06-09 20:08:18 12 --a------ C:\WINDOWS\bthservsdp.dat 2008-06-09 18:29:45 0 d-------- C:\Program Files\Norton AntiVirus 2008-06-09 18:29:44 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared 2008-05-21 14:59:02 0 d-------- C:\Program Files\Orange 2008-05-21 14:53:47 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-20 20:20:33 476284 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-05-20 20:20:33 78148 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-04-27 17:27:34 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-25 21:24:27 0 d-------- C:\Program Files\Trend Micro 2008-04-24 19:31:37 0 d-------- C:\Program Files\Java 2008-04-24 19:13:33 0 d-------- C:\Program Files\hijack this 2008-04-22 17:32:24 0 d-------- C:\Program Files\Fichiers communs\xing shared 2008-04-22 17:32:16 0 d-------- C:\Program Files\Fichiers communs\Real 2008-04-10 13:47:59 0 d-------- C:\Program Files\Canal 2008-04-10 13:47:18 0 d-------- C:\Documents and Settings\Pc\Application Data\Adobe 2008-04-10 13:47:05 0 d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-04-10 13:45:33 0 d-------- C:\Program Files\MSXML 6.0 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C09C146-F48F-4A3D-9770-8E79808D07D8}] 26/05/2008 13:15 371200 --a------ C:\WINDOWS\system32\ljJYPFYP.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81adf94b-9653-4d60-82b1-f6a5fcbdfac0}] 09/06/2008 18:22 109056 --a------ C:\WINDOWS\system32\wdaphfwm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}] 26/05/2008 13:10 58368 --a------ C:\WINDOWS\system32\cbXNHwvs.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 20:34] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [10/05/2006 18:12] "SoundMan"="SOUNDMAN.EXE" [01/03/2006 23:22 C:\WINDOWS\soundman.exe] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [20/10/2005 13:15] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27/07/2004 23:50] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [27/07/2004 23:50] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [11/04/2002 04:19] "BluetoothAuthenticationAgent"="bthprops.cpl" [24/03/2006 05:00 C:\WINDOWS\system32\bthprops.cpl] "ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [06/06/2007 17:51] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [31/01/2008 12:56] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [03/03/2008 21:44] "Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [05/03/2008 21:20] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [22/04/2008 17:31] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [25/09/2007 20:08] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [25/09/2007 19:10] "f8cc0d28"="C:\WINDOWS\system32\ylatdclt.dll" [09/06/2008 18:22] "BMfbff3eb4"="C:\WINDOWS\system32\mgaxfupq.dll" [09/06/2008 18:21] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [24/03/2006 05:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [18/09/2007 16:16] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [04/12/2007 06:57] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}"= C:\WINDOWS\system32\cbXNHwvs.dll [26/05/2008 13:10 58368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXNHwvs] cbXNHwvs.dll 26/05/2008 13:10 58368 C:\WINDOWS\system32\cbXNHwvs.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJYPFYP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] "C:\Program Files\Ares\Ares.exe" -h [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}] AutoRun\command- J:\AutoTransfer.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}] C:\WINDOWS\system32:lpr.exe -- End of Deckard's System Scanner: finished at 2008-06-10 12:34:53 ------------ Deckard's System Scanner v20071014.68 Run by Pc on 2008-06-10 12:29:06 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 35: 2008-06-10 10:29:14 UTC - RP35 - Deckard's System Scanner Restore Point 34: 2008-06-09 18:10:09 UTC - RP34 - Opération de restauration 33: 2008-05-26 11:16:12 UTC - RP33 - Last known good configuration 32: 2008-05-26 11:16:04 UTC - RP32 - Point de vérification système 31: 2008-05-26 11:16:03 UTC - RP31 - Point de vérification système -- First Restore Point -- 1: 2008-05-26 11:15:59 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Pc.exe) -------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:30:31, on 10/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Pc\Bureau\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Pc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C09C146-F48F-4A3D-9770-8E79808D07D8} - C:\WINDOWS\system32\ljJYPFYP.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: {0cafdbcf-5a6f-1b28-06d4-3569b49fda18} - {81adf94b-9653-4d60-82b1-f6a5fcbdfac0} - C:\WINDOWS\system32\wdaphfwm.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B6E95516-27C0-443D-9BA9-ABD8C12BAE16} - C:\WINDOWS\system32\cbXNHwvs.dll O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [f8cc0d28] rundll32.exe "C:\WINDOWS\system32\ylatdclt.dll",b O4 - HKLM\..\Run: [bMfbff3eb4] Rundll32.exe "C:\WINDOWS\system32\mgaxfupq.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.canal-plus.com (HKLM) O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180516255535 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: cbXNHwvs - C:\WINDOWS\SYSTEM32\cbXNHwvs.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 12775 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS> R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell> S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver> S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing) S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 PID_0928 (Labtec WebCam(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing) S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver> S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver> S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)> S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA> S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA> S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA> S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver> S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CanalPlus.VOD - "c:\program files\canal\canal widget\vod\canalplus.vod.exe" <Not Verified; Canal+ Active; CanalPlus.VOD.V1> R2 FTRTSVC (France Telecom Routing Table Service) - "c:\progra~1\fichie~1\france telecom\shared modules\ftrtsvc\0\ftrtsvc.exe" <Not Verified; France Telecom SA; CSS-Corporate> R2 USBDeviceService - c:\program files\sonic\digitalmedia le v7\mydvd le\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module> S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-10 10:24:37 358 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-05-23 22:23:05 560 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job -- Files created between 2008-05-10 and 2008-06-10 ----------------------------- 2008-06-09 20:52:48 0 d-------- C:\Documents and Settings\Pc\Application Data\TaoUSign 2008-06-09 20:08:32 0 dr-h----- C:\Documents and Settings\Pc\Recent 2008-06-09 18:22:50 92160 --a------ C:\WINDOWS\system32\ylatdclt.dll 2008-06-09 18:22:45 109056 --a------ C:\WINDOWS\system32\wdaphfwm.dll 2008-06-09 18:21:56 100864 --a------ C:\WINDOWS\system32\mgaxfupq.dll 2008-06-01 20:54:27 132096 --a------ C:\WINDOWS\system32\srlpclij.dll 2008-06-01 20:51:14 2560 --a------ C:\WINDOWS\system32\phhcrfvw.exe 2008-05-26 13:21:51 2560 --a------ C:\WINDOWS\system32\oobtqbps.exe 2008-05-26 13:18:51 134144 --a------ C:\WINDOWS\system32\hxjemkxn.dll 2008-05-26 13:16:46 124928 --a------ C:\WINDOWS\system32\xxdipkmf.dll 2008-05-26 13:15:49 466705 --ahs---- C:\WINDOWS\system32\PYFPYJjl.ini2 2008-05-26 13:15:41 371200 --a------ C:\WINDOWS\system32\ljJYPFYP.dll 2008-05-26 13:11:19 58368 --a------ C:\WINDOWS\system32\pmnmmJBQ.dll 2008-05-26 13:10:33 58368 --a------ C:\WINDOWS\system32\cbXNHwvs.dll 2008-05-21 14:57:39 65536 --a------ C:\WINDOWS\system32\Autodial2000.dll <Not Verified; France Telecom SA; CSS-Corporate> 2008-05-21 14:57:18 0 d-------- C:\Program Files\Fichiers communs\France Telecom 2008-05-21 14:53:48 0 d-------- C:\Program Files\SAGEM 2008-05-21 14:48:24 0 d-------- C:\Program Files\Securitoo 2008-05-20 18:46:47 0 d-------- C:\Program Files\Konvertor 2008-05-12 15:25:47 0 d-------- C:\Documents and Settings\Pc\Application Data\vlc -- Find3M Report --------------------------------------------------------------- 2008-06-09 20:11:17 0 d-------- C:\Program Files\Fichiers communs 2008-06-09 20:08:18 12 --a------ C:\WINDOWS\bthservsdp.dat 2008-06-09 18:29:45 0 d-------- C:\Program Files\Norton AntiVirus 2008-06-09 18:29:44 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared 2008-05-21 14:59:02 0 d-------- C:\Program Files\Orange 2008-05-21 14:53:47 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-20 20:20:33 476284 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-05-20 20:20:33 78148 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-04-27 17:27:34 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-25 21:24:27 0 d-------- C:\Program Files\Trend Micro 2008-04-24 19:31:37 0 d-------- C:\Program Files\Java 2008-04-24 19:13:33 0 d-------- C:\Program Files\hijack this 2008-04-22 17:32:24 0 d-------- C:\Program Files\Fichiers communs\xing shared 2008-04-22 17:32:16 0 d-------- C:\Program Files\Fichiers communs\Real 2008-04-10 13:47:59 0 d-------- C:\Program Files\Canal 2008-04-10 13:47:18 0 d-------- C:\Documents and Settings\Pc\Application Data\Adobe 2008-04-10 13:47:05 0 d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-04-10 13:45:33 0 d-------- C:\Program Files\MSXML 6.0 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C09C146-F48F-4A3D-9770-8E79808D07D8}] 26/05/2008 13:15 371200 --a------ C:\WINDOWS\system32\ljJYPFYP.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81adf94b-9653-4d60-82b1-f6a5fcbdfac0}] 09/06/2008 18:22 109056 --a------ C:\WINDOWS\system32\wdaphfwm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}] 26/05/2008 13:10 58368 --a------ C:\WINDOWS\system32\cbXNHwvs.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 20:34] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [10/05/2006 18:12] "SoundMan"="SOUNDMAN.EXE" [01/03/2006 23:22 C:\WINDOWS\soundman.exe] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [20/10/2005 13:15] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27/07/2004 23:50] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [27/07/2004 23:50] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [11/04/2002 04:19] "BluetoothAuthenticationAgent"="bthprops.cpl" [24/03/2006 05:00 C:\WINDOWS\system32\bthprops.cpl] "ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [06/06/2007 17:51] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [31/01/2008 12:56] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [03/03/2008 21:44] "Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [05/03/2008 21:20] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [22/04/2008 17:31] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [25/09/2007 20:08] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [25/09/2007 19:10] "f8cc0d28"="C:\WINDOWS\system32\ylatdclt.dll" [09/06/2008 18:22] "BMfbff3eb4"="C:\WINDOWS\system32\mgaxfupq.dll" [09/06/2008 18:21] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [24/03/2006 05:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [18/09/2007 16:16] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [04/12/2007 06:57] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}"= C:\WINDOWS\system32\cbXNHwvs.dll [26/05/2008 13:10 58368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXNHwvs] cbXNHwvs.dll 26/05/2008 13:10 58368 C:\WINDOWS\system32\cbXNHwvs.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJYPFYP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] "C:\Program Files\Ares\Ares.exe" -h [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}] AutoRun\command- J:\AutoTransfer.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}] C:\WINDOWS\system32:lpr.exe -- End of Deckard's System Scanner: finished at 2008-06-10 12:34:53 ------------ Deckard's System Scanner v20071014.68 Run by Pc on 2008-06-10 12:29:06 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 35: 2008-06-10 10:29:14 UTC - RP35 - Deckard's System Scanner Restore Point 34: 2008-06-09 18:10:09 UTC - RP34 - Opération de restauration 33: 2008-05-26 11:16:12 UTC - RP33 - Last known good configuration 32: 2008-05-26 11:16:04 UTC - RP32 - Point de vérification système 31: 2008-05-26 11:16:03 UTC - RP31 - Point de vérification système -- First Restore Point -- 1: 2008-05-26 11:15:59 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Pc.exe) -------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:30:31, on 10/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Pc\Bureau\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Pc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C09C146-F48F-4A3D-9770-8E79808D07D8} - C:\WINDOWS\system32\ljJYPFYP.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: {0cafdbcf-5a6f-1b28-06d4-3569b49fda18} - {81adf94b-9653-4d60-82b1-f6a5fcbdfac0} - C:\WINDOWS\system32\wdaphfwm.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B6E95516-27C0-443D-9BA9-ABD8C12BAE16} - C:\WINDOWS\system32\cbXNHwvs.dll O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [f8cc0d28] rundll32.exe "C:\WINDOWS\system32\ylatdclt.dll",b O4 - HKLM\..\Run: [bMfbff3eb4] Rundll32.exe "C:\WINDOWS\system32\mgaxfupq.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.canal-plus.com (HKLM) O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180516255535 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: cbXNHwvs - C:\WINDOWS\SYSTEM32\cbXNHwvs.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 12775 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS> R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell> S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver> S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing) S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 PID_0928 (Labtec WebCam(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing) S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver> S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver> S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)> S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA> S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA> S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA> S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver> S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CanalPlus.VOD - "c:\program files\canal\canal widget\vod\canalplus.vod.exe" <Not Verified; Canal+ Active; CanalPlus.VOD.V1> R2 FTRTSVC (France Telecom Routing Table Service) - "c:\progra~1\fichie~1\france telecom\shared modules\ftrtsvc\0\ftrtsvc.exe" <Not Verified; France Telecom SA; CSS-Corporate> R2 USBDeviceService - c:\program files\sonic\digitalmedia le v7\mydvd le\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module> S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-10 10:24:37 358 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-05-23 22:23:05 560 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job -- Files created between 2008-05-10 and 2008-06-10 ----------------------------- 2008-06-09 20:52:48 0 d-------- C:\Documents and Settings\Pc\Application Data\TaoUSign 2008-06-09 20:08:32 0 dr-h----- C:\Documents and Settings\Pc\Recent 2008-06-09 18:22:50 92160 --a------ C:\WINDOWS\system32\ylatdclt.dll 2008-06-09 18:22:45 109056 --a------ C:\WINDOWS\system32\wdaphfwm.dll 2008-06-09 18:21:56 100864 --a------ C:\WINDOWS\system32\mgaxfupq.dll 2008-06-01 20:54:27 132096 --a------ C:\WINDOWS\system32\srlpclij.dll 2008-06-01 20:51:14 2560 --a------ C:\WINDOWS\system32\phhcrfvw.exe 2008-05-26 13:21:51 2560 --a------ C:\WINDOWS\system32\oobtqbps.exe 2008-05-26 13:18:51 134144 --a------ C:\WINDOWS\system32\hxjemkxn.dll 2008-05-26 13:16:46 124928 --a------ C:\WINDOWS\system32\xxdipkmf.dll 2008-05-26 13:15:49 466705 --ahs---- C:\WINDOWS\system32\PYFPYJjl.ini2 2008-05-26 13:15:41 371200 --a------ C:\WINDOWS\system32\ljJYPFYP.dll 2008-05-26 13:11:19 58368 --a------ C:\WINDOWS\system32\pmnmmJBQ.dll 2008-05-26 13:10:33 58368 --a------ C:\WINDOWS\system32\cbXNHwvs.dll 2008-05-21 14:57:39 65536 --a------ C:\WINDOWS\system32\Autodial2000.dll <Not Verified; France Telecom SA; CSS-Corporate> 2008-05-21 14:57:18 0 d-------- C:\Program Files\Fichiers communs\France Telecom 2008-05-21 14:53:48 0 d-------- C:\Program Files\SAGEM 2008-05-21 14:48:24 0 d-------- C:\Program Files\Securitoo 2008-05-20 18:46:47 0 d-------- C:\Program Files\Konvertor 2008-05-12 15:25:47 0 d-------- C:\Documents and Settings\Pc\Application Data\vlc -- Find3M Report --------------------------------------------------------------- 2008-06-09 20:11:17 0 d-------- C:\Program Files\Fichiers communs 2008-06-09 20:08:18 12 --a------ C:\WINDOWS\bthservsdp.dat 2008-06-09 18:29:45 0 d-------- C:\Program Files\Norton AntiVirus 2008-06-09 18:29:44 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared 2008-05-21 14:59:02 0 d-------- C:\Program Files\Orange 2008-05-21 14:53:47 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-20 20:20:33 476284 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-05-20 20:20:33 78148 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-04-27 17:27:34 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-25 21:24:27 0 d-------- C:\Program Files\Trend Micro 2008-04-24 19:31:37 0 d-------- C:\Program Files\Java 2008-04-24 19:13:33 0 d-------- C:\Program Files\hijack this 2008-04-22 17:32:24 0 d-------- C:\Program Files\Fichiers communs\xing shared 2008-04-22 17:32:16 0 d-------- C:\Program Files\Fichiers communs\Real 2008-04-10 13:47:59 0 d-------- C:\Program Files\Canal 2008-04-10 13:47:18 0 d-------- C:\Documents and Settings\Pc\Application Data\Adobe 2008-04-10 13:47:05 0 d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-04-10 13:45:33 0 d-------- C:\Program Files\MSXML 6.0 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C09C146-F48F-4A3D-9770-8E79808D07D8}] 26/05/2008 13:15 371200 --a------ C:\WINDOWS\system32\ljJYPFYP.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81adf94b-9653-4d60-82b1-f6a5fcbdfac0}] 09/06/2008 18:22 109056 --a------ C:\WINDOWS\system32\wdaphfwm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}] 26/05/2008 13:10 58368 --a------ C:\WINDOWS\system32\cbXNHwvs.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 20:34] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [10/05/2006 18:12] "SoundMan"="SOUNDMAN.EXE" [01/03/2006 23:22 C:\WINDOWS\soundman.exe] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [20/10/2005 13:15] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27/07/2004 23:50] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [27/07/2004 23:50] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [11/04/2002 04:19] "BluetoothAuthenticationAgent"="bthprops.cpl" [24/03/2006 05:00 C:\WINDOWS\system32\bthprops.cpl] "ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [06/06/2007 17:51] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [31/01/2008 12:56] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [03/03/2008 21:44] "Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [05/03/2008 21:20] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [22/04/2008 17:31] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [25/09/2007 20:08] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [25/09/2007 19:10] "f8cc0d28"="C:\WINDOWS\system32\ylatdclt.dll" [09/06/2008 18:22] "BMfbff3eb4"="C:\WINDOWS\system32\mgaxfupq.dll" [09/06/2008 18:21] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [24/03/2006 05:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [18/09/2007 16:16] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [04/12/2007 06:57] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}"= C:\WINDOWS\system32\cbXNHwvs.dll [26/05/2008 13:10 58368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXNHwvs] cbXNHwvs.dll 26/05/2008 13:10 58368 C:\WINDOWS\system32\cbXNHwvs.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJYPFYP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] "C:\Program Files\Ares\Ares.exe" -h [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}] AutoRun\command- J:\AutoTransfer.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}] C:\WINDOWS\system32:lpr.exe -- End of Deckard's System Scanner: finished at 2008-06-10 12:34:53 ------------ Deckard's System Scanner v20071014.68 Run by Pc on 2008-06-10 12:29:06 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 35: 2008-06-10 10:29:14 UTC - RP35 - Deckard's System Scanner Restore Point 34: 2008-06-09 18:10:09 UTC - RP34 - Opération de restauration 33: 2008-05-26 11:16:12 UTC - RP33 - Last known good configuration 32: 2008-05-26 11:16:04 UTC - RP32 - Point de vérification système 31: 2008-05-26 11:16:03 UTC - RP31 - Point de vérification système -- First Restore Point -- 1: 2008-05-26 11:15:59 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Pc.exe) -------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:30:31, on 10/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Pc\Bureau\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Pc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C09C146-F48F-4A3D-9770-8E79808D07D8} - C:\WINDOWS\system32\ljJYPFYP.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: {0cafdbcf-5a6f-1b28-06d4-3569b49fda18} - {81adf94b-9653-4d60-82b1-f6a5fcbdfac0} - C:\WINDOWS\system32\wdaphfwm.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B6E95516-27C0-443D-9BA9-ABD8C12BAE16} - C:\WINDOWS\system32\cbXNHwvs.dll O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [f8cc0d28] rundll32.exe "C:\WINDOWS\system32\ylatdclt.dll",b O4 - HKLM\..\Run: [bMfbff3eb4] Rundll32.exe "C:\WINDOWS\system32\mgaxfupq.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.canal-plus.com (HKLM) O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180516255535 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: cbXNHwvs - C:\WINDOWS\SYSTEM32\cbXNHwvs.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 12775 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS> R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell> S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver> S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing) S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 PID_0928 (Labtec WebCam(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing) S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver> S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver> S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)> S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA> S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA> S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA> S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver> S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CanalPlus.VOD - "c:\program files\canal\canal widget\vod\canalplus.vod.exe" <Not Verified; Canal+ Active; CanalPlus.VOD.V1> R2 FTRTSVC (France Telecom Routing Table Service) - "c:\progra~1\fichie~1\france telecom\shared modules\ftrtsvc\0\ftrtsvc.exe" <Not Verified; France Telecom SA; CSS-Corporate> R2 USBDeviceService - c:\program files\sonic\digitalmedia le v7\mydvd le\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module> S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-10 10:24:37 358 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-05-23 22:23:05 560 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job -- Files created between 2008-05-10 and 2008-06-10 ----------------------------- 2008-06-09 20:52:48 0 d-------- C:\Documents and Settings\Pc\Application Data\TaoUSign 2008-06-09 20:08:32 0 dr-h----- C:\Documents and Settings\Pc\Recent 2008-06-09 18:22:50 92160 --a------ C:\WINDOWS\system32\ylatdclt.dll 2008-06-09 18:22:45 109056 --a------ C:\WINDOWS\system32\wdaphfwm.dll 2008-06-09 18:21:56 100864 --a------ C:\WINDOWS\system32\mgaxfupq.dll 2008-06-01 20:54:27 132096 --a------ C:\WINDOWS\system32\srlpclij.dll 2008-06-01 20:51:14 2560 --a------ C:\WINDOWS\system32\phhcrfvw.exe 2008-05-26 13:21:51 2560 --a------ C:\WINDOWS\system32\oobtqbps.exe 2008-05-26 13:18:51 134144 --a------ C:\WINDOWS\system32\hxjemkxn.dll 2008-05-26 13:16:46 124928 --a------ C:\WINDOWS\system32\xxdipkmf.dll 2008-05-26 13:15:49 466705 --ahs---- C:\WINDOWS\system32\PYFPYJjl.ini2 2008-05-26 13:15:41 371200 --a------ C:\WINDOWS\system32\ljJYPFYP.dll 2008-05-26 13:11:19 58368 --a------ C:\WINDOWS\system32\pmnmmJBQ.dll 2008-05-26 13:10:33 58368 --a------ C:\WINDOWS\system32\cbXNHwvs.dll 2008-05-21 14:57:39 65536 --a------ C:\WINDOWS\system32\Autodial2000.dll <Not Verified; France Telecom SA; CSS-Corporate> 2008-05-21 14:57:18 0 d-------- C:\Program Files\Fichiers communs\France Telecom 2008-05-21 14:53:48 0 d-------- C:\Program Files\SAGEM 2008-05-21 14:48:24 0 d-------- C:\Program Files\Securitoo 2008-05-20 18:46:47 0 d-------- C:\Program Files\Konvertor 2008-05-12 15:25:47 0 d-------- C:\Documents and Settings\Pc\Application Data\vlc -- Find3M Report --------------------------------------------------------------- 2008-06-09 20:11:17 0 d-------- C:\Program Files\Fichiers communs 2008-06-09 20:08:18 12 --a------ C:\WINDOWS\bthservsdp.dat 2008-06-09 18:29:45 0 d-------- C:\Program Files\Norton AntiVirus 2008-06-09 18:29:44 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared 2008-05-21 14:59:02 0 d-------- C:\Program Files\Orange 2008-05-21 14:53:47 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-20 20:20:33 476284 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-05-20 20:20:33 78148 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-04-27 17:27:34 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-25 21:24:27 0 d-------- C:\Program Files\Trend Micro 2008-04-24 19:31:37 0 d-------- C:\Program Files\Java 2008-04-24 19:13:33 0 d-------- C:\Program Files\hijack this 2008-04-22 17:32:24 0 d-------- C:\Program Files\Fichiers communs\xing shared 2008-04-22 17:32:16 0 d-------- C:\Program Files\Fichiers communs\Real 2008-04-10 13:47:59 0 d-------- C:\Program Files\Canal 2008-04-10 13:47:18 0 d-------- C:\Documents and Settings\Pc\Application Data\Adobe 2008-04-10 13:47:05 0 d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-04-10 13:45:33 0 d-------- C:\Program Files\MSXML 6.0 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C09C146-F48F-4A3D-9770-8E79808D07D8}] 26/05/2008 13:15 371200 --a------ C:\WINDOWS\system32\ljJYPFYP.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81adf94b-9653-4d60-82b1-f6a5fcbdfac0}] 09/06/2008 18:22 109056 --a------ C:\WINDOWS\system32\wdaphfwm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}] 26/05/2008 13:10 58368 --a------ C:\WINDOWS\system32\cbXNHwvs.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 20:34] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [10/05/2006 18:12] "SoundMan"="SOUNDMAN.EXE" [01/03/2006 23:22 C:\WINDOWS\soundman.exe] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [20/10/2005 13:15] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27/07/2004 23:50] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [27/07/2004 23:50] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [11/04/2002 04:19] "BluetoothAuthenticationAgent"="bthprops.cpl" [24/03/2006 05:00 C:\WINDOWS\system32\bthprops.cpl] "ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [06/06/2007 17:51] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [31/01/2008 12:56] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [03/03/2008 21:44] "Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [05/03/2008 21:20] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [22/04/2008 17:31] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [25/09/2007 20:08] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [25/09/2007 19:10] "f8cc0d28"="C:\WINDOWS\system32\ylatdclt.dll" [09/06/2008 18:22] "BMfbff3eb4"="C:\WINDOWS\system32\mgaxfupq.dll" [09/06/2008 18:21] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [24/03/2006 05:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [18/09/2007 16:16] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [04/12/2007 06:57] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}"= C:\WINDOWS\system32\cbXNHwvs.dll [26/05/2008 13:10 58368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXNHwvs] cbXNHwvs.dll 26/05/2008 13:10 58368 C:\WINDOWS\system32\cbXNHwvs.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJYPFYP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] "C:\Program Files\Ares\Ares.exe" -h [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}] AutoRun\command- J:\AutoTransfer.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}] C:\WINDOWS\system32:lpr.exe -- End of Deckard's System Scanner: finished at 2008-06-10 12:34:53 ------------ Deckard's System Scanner v20071014.68 Run by Pc on 2008-06-10 12:29:06 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 35: 2008-06-10 10:29:14 UTC - RP35 - Deckard's System Scanner Restore Point 34: 2008-06-09 18:10:09 UTC - RP34 - Opération de restauration 33: 2008-05-26 11:16:12 UTC - RP33 - Last known good configuration 32: 2008-05-26 11:16:04 UTC - RP32 - Point de vérification système 31: 2008-05-26 11:16:03 UTC - RP31 - Point de vérification système -- First Restore Point -- 1: 2008-05-26 11:15:59 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Pc.exe) -------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:30:31, on 10/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Pc\Bureau\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Pc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C09C146-F48F-4A3D-9770-8E79808D07D8} - C:\WINDOWS\system32\ljJYPFYP.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: {0cafdbcf-5a6f-1b28-06d4-3569b49fda18} - {81adf94b-9653-4d60-82b1-f6a5fcbdfac0} - C:\WINDOWS\system32\wdaphfwm.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B6E95516-27C0-443D-9BA9-ABD8C12BAE16} - C:\WINDOWS\system32\cbXNHwvs.dll O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [f8cc0d28] rundll32.exe "C:\WINDOWS\system32\ylatdclt.dll",b O4 - HKLM\..\Run: [bMfbff3eb4] Rundll32.exe "C:\WINDOWS\system32\mgaxfupq.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.canal-plus.com (HKLM) O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180516255535 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: cbXNHwvs - C:\WINDOWS\SYSTEM32\cbXNHwvs.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 12775 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS> R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell> S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver> S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing) S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 PID_0928 (Labtec WebCam(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing) S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver> S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver> S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)> S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA> S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA> S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA> S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver> S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)> S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CanalPlus.VOD - "c:\program files\canal\canal widget\vod\canalplus.vod.exe" <Not Verified; Canal+ Active; CanalPlus.VOD.V1> R2 FTRTSVC (France Telecom Routing Table Service) - "c:\progra~1\fichie~1\france telecom\shared modules\ftrtsvc\0\ftrtsvc.exe" <Not Verified; France Telecom SA; CSS-Corporate> R2 USBDeviceService - c:\program files\sonic\digitalmedia le v7\mydvd le\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module> S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-10 10:24:37 358 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-05-23 22:23:05 560 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Pc.job -- Files created between 2008-05-10 and 2008-06-10 ----------------------------- 2008-06-09 20:52:48 0 d-------- C:\Documents and Settings\Pc\Application Data\TaoUSign 2008-06-09 20:08:32 0 dr-h----- C:\Documents and Settings\Pc\Recent 2008-06-09 18:22:50 92160 --a------ C:\WINDOWS\system32\ylatdclt.dll 2008-06-09 18:22:45 109056 --a------ C:\WINDOWS\system32\wdaphfwm.dll 2008-06-09 18:21:56 100864 --a------ C:\WINDOWS\system32\mgaxfupq.dll 2008-06-01 20:54:27 132096 --a------ C:\WINDOWS\system32\srlpclij.dll 2008-06-01 20:51:14 2560 --a------ C:\WINDOWS\system32\phhcrfvw.exe 2008-05-26 13:21:51 2560 --a------ C:\WINDOWS\system32\oobtqbps.exe 2008-05-26 13:18:51 134144 --a------ C:\WINDOWS\system32\hxjemkxn.dll 2008-05-26 13:16:46 124928 --a------ C:\WINDOWS\system32\xxdipkmf.dll 2008-05-26 13:15:49 466705 --ahs---- C:\WINDOWS\system32\PYFPYJjl.ini2 2008-05-26 13:15:41 371200 --a------ C:\WINDOWS\system32\ljJYPFYP.dll 2008-05-26 13:11:19 58368 --a------ C:\WINDOWS\system32\pmnmmJBQ.dll 2008-05-26 13:10:33 58368 --a------ C:\WINDOWS\system32\cbXNHwvs.dll 2008-05-21 14:57:39 65536 --a------ C:\WINDOWS\system32\Autodial2000.dll <Not Verified; France Telecom SA; CSS-Corporate> 2008-05-21 14:57:18 0 d-------- C:\Program Files\Fichiers communs\France Telecom 2008-05-21 14:53:48 0 d-------- C:\Program Files\SAGEM 2008-05-21 14:48:24 0 d-------- C:\Program Files\Securitoo 2008-05-20 18:46:47 0 d-------- C:\Program Files\Konvertor 2008-05-12 15:25:47 0 d-------- C:\Documents and Settings\Pc\Application Data\vlc -- Find3M Report --------------------------------------------------------------- 2008-06-09 20:11:17 0 d-------- C:\Program Files\Fichiers communs 2008-06-09 20:08:18 12 --a------ C:\WINDOWS\bthservsdp.dat 2008-06-09 18:29:45 0 d-------- C:\Program Files\Norton AntiVirus 2008-06-09 18:29:44 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared 2008-05-21 14:59:02 0 d-------- C:\Program Files\Orange 2008-05-21 14:53:47 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-20 20:20:33 476284 --a------ C:\WINDOWS\system32\perfh00C.dat 2008-05-20 20:20:33 78148 --a------ C:\WINDOWS\system32\perfc00C.dat 2008-04-27 17:27:34 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-04-25 21:24:27 0 d-------- C:\Program Files\Trend Micro 2008-04-24 19:31:37 0 d-------- C:\Program Files\Java 2008-04-24 19:13:33 0 d-------- C:\Program Files\hijack this 2008-04-22 17:32:24 0 d-------- C:\Program Files\Fichiers communs\xing shared 2008-04-22 17:32:16 0 d-------- C:\Program Files\Fichiers communs\Real 2008-04-10 13:47:59 0 d-------- C:\Program Files\Canal 2008-04-10 13:47:18 0 d-------- C:\Documents and Settings\Pc\Application Data\Adobe 2008-04-10 13:47:05 0 d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-04-10 13:45:33 0 d-------- C:\Program Files\MSXML 6.0 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C09C146-F48F-4A3D-9770-8E79808D07D8}] 26/05/2008 13:15 371200 --a------ C:\WINDOWS\system32\ljJYPFYP.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81adf94b-9653-4d60-82b1-f6a5fcbdfac0}] 09/06/2008 18:22 109056 --a------ C:\WINDOWS\system32\wdaphfwm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}] 26/05/2008 13:10 58368 --a------ C:\WINDOWS\system32\cbXNHwvs.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 20:34] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [10/05/2006 18:12] "SoundMan"="SOUNDMAN.EXE" [01/03/2006 23:22 C:\WINDOWS\soundman.exe] "DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [20/10/2005 13:15] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27/07/2004 23:50] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [27/07/2004 23:50] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [11/04/2002 04:19] "BluetoothAuthenticationAgent"="bthprops.cpl" [24/03/2006 05:00 C:\WINDOWS\system32\bthprops.cpl] "ArcSoft Connection Service"="C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [06/06/2007 17:51] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [31/01/2008 12:56] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [03/03/2008 21:44] "Canal Widget"="C:\Program Files\Canal\Canal Widget\Launcher.exe" [05/03/2008 21:20] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [22/04/2008 17:31] "SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [25/09/2007 20:08] "ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [25/09/2007 19:10] "f8cc0d28"="C:\WINDOWS\system32\ylatdclt.dll" [09/06/2008 18:22] "BMfbff3eb4"="C:\WINDOWS\system32\mgaxfupq.dll" [09/06/2008 18:21] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [24/03/2006 05:00] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [18/09/2007 16:16] "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [04/12/2007 06:57] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B6E95516-27C0-443D-9BA9-ABD8C12BAE16}"= C:\WINDOWS\system32\cbXNHwvs.dll [26/05/2008 13:10 58368] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXNHwvs] cbXNHwvs.dll 26/05/2008 13:10 58368 C:\WINDOWS\system32\cbXNHwvs.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJYPFYP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] "C:\Program Files\Ares\Ares.exe" -h [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6b06fe6-b46c-11dc-9d97-00038a000015}] AutoRun\command- J:\AutoTransfer.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EDC12331-E47A-B81E-D43B-74C9E78B5193}] C:\WINDOWS\system32:lpr.exe -- End of Deckard's System Scanner: finished at 2008-06-10 12:34:53 ------------

bonsoir j'ai des petits soucis avec mon ordi : - j'ai un message d'erreur qui me dit que les mises à jour automatiques sont desactivées mais quand je vais le menu système dans le panneau de configuration l'option mise à jour automatique est activée -je suis infecté par le virus "trojan vundo" qui m'ouvre plein de pop ups quand je sui sur internet merci de m'aider

Bonjour et merci de me répondre Mon FAI est orange (8 méga via livebox) J'ai ces problèmes depuis une semaine environ

bonjour, j'ai des problèmes de connexions internet, c'est à dire que les pages mettent énormément de temps à s'afficher et souvent j'ai 1 message d'erreur qui me dit "délais d'attente dépassé" merci de votre aide

ok merci pour tout