Kharl Amar

Euh... Comment est- ce que l'on Edit le sujet?

Oki et encore merci!

Non ça va, ya plus de soucis apparemment. Merci beaucoup pour le gros coup de main, et pour le temps que tu m'a accorder! Je vais pouvoir passer le reste de la semaine à rien faire sur mon pc au lieu de réviser pour le bac

Voila le rapport de F-Secure Scanning Report Tuesday, June 10, 2008 23:04:06 - 09:55:17 Computer name: PC-DE-DIMITRI Scanning type: Scan system for malware, rootkits Target: C:\ D:\ Result: 1 malware found Tracking Cookie (spyware) * System Statistics Scanned: * Files: 47924 * System: 4500 * Not scanned: 24 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 0 * None: 1 * Submitted: 0 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS * C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM * C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB * C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB * C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8095BB50B4CC014F3E597E959490528A_78733145-DD18-4DB8-B510-540F2B9E873D * C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEAE74717DB2F04C4E22325CDF1BC895_78733145-DD18-4DB8-B510-540F2B9E873D * C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F895D3BA864371C88087FD5AAAF04373_78733145-DD18-4DB8-B510-540F2B9E873D * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8095BB50B4CC014F3E597E959490528A_78733145-DD18-4DB8-B510-540F2B9E873D * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DEAE74717DB2F04C4E22325CDF1BC895_78733145-DD18-4DB8-B510-540F2B9E873D * C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F895D3BA864371C88087FD5AAAF04373_78733145-DD18-4DB8-B510-540F2B9E873D * C:\BOOT\BCD Options Scanning engines: * F-Secure USS: 2.30.0 * F-Secure Hydra: 2.8.8110, 2008-06-10 * F-Secure AVP: 7.0.171, 2008-06-10 * F-Secure Pegasus: 1.20.0, 2008-04-15 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR * Use Advanced heuristics

J'ai déjà essayer 3 fois mais le téléchargement ne marche pas (clé incorrecte). Il semble aussi que le logiciel soit pas compatible avec Vista (et je suis sous Vista)

J'ai eu deux rapports pour DSS, je ne post que le main pour l'instant, dis moi si tu as besoin de l'autre. Deckard's System Scanner v20071014.68 Run by hp on 2008-06-10 18:28:27 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 7: 2008-06-10 10:44:45 UTC - RP420 - Avira AntiVir Personal - 10/06/2008 12:44 6: 2008-06-10 10:37:46 UTC - RP418 - Removed Ad-Aware 5: 2008-06-09 17:26:26 UTC - RP417 - Removed Need for Speed™ ProStreet 4: 2008-06-09 10:07:59 UTC - RP416 - Installed Ad-Aware 3: 2008-06-09 10:03:39 UTC - RP415 - Installation du package de pilote logiciel : Zone Labs, a Check Point company Service réseau -- First Restore Point -- 1: 2008-06-08 09:30:30 UTC - RP413 - Last known good configuration Backed up registry hives. Performed disk cleanup. System Drive C: has 32.33 GiB (less than 15%) free. -- HijackThis (run as hp.exe) -------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:31:30, on 10/06/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\hp\kbd\kbd.exe C:\Program Files\uTorrent\uTorrent.exe C:\Users\hp\Desktop\dss.exe C:\Windows\system32\conime.exe C:\Windows\system32\SearchFilterHost.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\hp.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {8AE8C912-5723-4172-B6ED-38C4DB482255} - C:\Windows\system32\ssqRLFxx.dll (file missing) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 7891 bytes -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 atksgt - c:\windows\system32\drivers\atksgt.sys R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-06-10 18:27:59 428 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{E9E7EC14-3612-42CF-8984-3B20A2114B08}.job -- Files created between 2008-05-10 and 2008-06-10 ----------------------------- 2008-06-10 12:45:13 0 d-------- C:\Users\All Users\Avira 2008-06-10 12:45:13 0 d-------- C:\Program Files\Avira 2008-06-10 11:21:15 68096 --a------ C:\Windows\zip.exe 2008-06-10 11:21:15 49152 --a------ C:\Windows\VFind.exe 2008-06-10 11:21:15 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-06-10 11:21:15 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-06-10 11:21:15 98816 --a------ C:\Windows\sed.exe 2008-06-10 11:21:15 80412 --a------ C:\Windows\grep.exe 2008-06-10 11:21:15 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-06-10 11:20:58 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-06-10 10:56:23 0 d-------- C:\Program Files\Trend Micro 2008-06-09 21:30:08 0 d-------- C:\VundoFix Backups 2008-06-09 14:13:31 0 d-------- C:\Program Files\CCleaner 2008-06-09 12:14:36 0 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-06-09 12:08:09 0 d-------- C:\Users\All Users\Lavasoft 2008-06-09 12:04:18 0 d-------- C:\Users\All Users\CheckPoint 2008-06-09 12:03:34 0 d-------- C:\Windows\system32\ZoneLabs 2008-06-09 12:02:42 0 d-------- C:\Windows\Internet Logs 2008-06-09 11:59:40 0 d-------- C:\Program Files\Alwil Software 2008-06-09 11:54:08 0 dr------- C:\Users\Kharl Amar\Searches 2008-06-09 11:53:59 0 dr------- C:\Users\Kharl Amar\Contacts 2008-06-09 11:53:54 0 d--hs---- C:\Users\Kharl Amar\Voisinage réseau 2008-06-09 11:53:54 0 d--hs---- C:\Users\Kharl Amar\Voisinage d'impression 2008-06-09 11:53:54 0 dr------- C:\Users\Kharl Amar\Videos 2008-06-09 11:53:54 0 d--hs---- C:\Users\Kharl Amar\SendTo 2008-06-09 11:53:54 0 dr------- C:\Users\Kharl Amar\Saved Games 2008-06-09 11:53:54 0 d--hs---- C:\Users\Kharl Amar\Recent 2008-06-09 11:53:54 0 dr------- C:\Users\Kharl Amar\Pictures 2008-06-09 11:53:54 786432 --ahs---- C:\Users\Kharl Amar\NTUSER.DAT 2008-06-09 11:53:54 0 dr------- C:\Users\Kharl Amar\Music 2008-06-09 11:53:54 0 d--hs---- C:\Users\Kharl Amar\Modèles 2008-06-09 11:53:54 0 d--hs---- C:\Users\Kharl Amar\Mes documents 2008-06-09 11:53:54 0 d--hs---- C:\Users\Kharl Amar\Menu Démarrer 2008-06-09 11:53:54 0 d--hs---- C:\Users\Kharl Amar\Local Settings 2008-06-09 11:53:54 0 dr------- C:\Users\Kharl Amar\Links 2008-06-09 11:53:54 0 dr------- C:\Users\Kharl Amar\Favorites 2008-06-09 11:53:54 0 dr------- C:\Users\Kharl Amar\Downloads 2008-06-09 11:53:54 0 dr------- C:\Users\Kharl Amar\Documents 2008-06-09 11:53:54 0 dr------- C:\Users\Kharl Amar\Desktop 2008-06-09 11:53:54 0 d--hs---- C:\Users\Kharl Amar\Cookies 2008-06-09 11:53:54 0 d--hs---- C:\Users\Kharl Amar\Application Data 2008-06-09 11:53:54 0 d--h----- C:\Users\Kharl Amar\AppData 2008-06-07 17:21:23 0 d-------- C:\Program Files\Blobby Volley 2.0 Alpha 6 2008-06-03 18:54:51 0 d-------- C:\Program Files\TrackMania Nations ESWC 2008-05-31 01:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2008-05-31 01:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-31 01:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-31 01:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-31 01:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2008-05-28 17:19:03 0 d-------- C:\PerfLogs 2008-05-26 21:04:00 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-05-26 20:59:52 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-26 20:59:11 0 d-------- C:\Users\All Users\WLInstaller 2008-05-26 18:14:17 0 d-------- C:\RomStation 2008-05-25 20:49:19 0 d-------- C:\DeusEx 2008-05-23 00:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll 2008-05-23 00:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2008-05-23 00:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2008-05-23 00:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll 2008-05-12 21:00:08 0 d-------- C:\Temp 2008-05-10 11:06:27 0 d-------- C:\Windows\system32\Adobe -- Find3M Report --------------------------------------------------------------- 2008-06-10 18:26:33 0 d-------- C:\Users\hp\AppData\Roaming\uTorrent 2008-06-10 16:13:56 678730 --a------ C:\Windows\system32\perfh00C.dat 2008-06-10 16:13:56 127798 --a------ C:\Windows\system32\perfc00C.dat 2008-06-10 12:38:18 0 d-------- C:\Program Files\Common Files 2008-06-09 11:45:45 0 d-------- C:\Program Files\Kaspersky Lab 2008-06-08 17:00:21 0 d-------- C:\Program Files\DivX 2008-06-07 12:11:48 0 d-------- C:\Program Files\iGnuteel 2008-05-28 17:26:58 174 --ahs---- C:\Program Files\desktop.ini 2008-05-28 17:19:42 0 d-------- C:\Program Files\Windows Sidebar 2008-05-28 17:19:42 0 d-------- C:\Program Files\Windows Photo Gallery 2008-05-28 17:19:42 0 d-------- C:\Program Files\Windows Mail 2008-05-28 17:19:42 0 d-------- C:\Program Files\Windows Journal 2008-05-28 17:19:42 0 d-------- C:\Program Files\Windows Collaboration 2008-05-28 17:19:42 0 d-------- C:\Program Files\Windows Calendar 2008-05-28 17:19:42 0 d-------- C:\Program Files\Movie Maker 2008-05-28 17:19:41 0 d-------- C:\Program Files\Windows Defender 2008-05-28 12:42:16 0 d-------- C:\Program Files\Windows Live 2008-05-27 23:26:40 0 d-------- C:\Users\hp\AppData\Roaming\Roxio 2008-05-26 21:01:07 0 d-------- C:\Program Files\MSN Messenger 2008-05-12 17:21:57 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-12 17:19:13 0 d-------- C:\Program Files\LucasArts 2008-05-12 17:16:51 0 d-------- C:\Program Files\Esprit Des Elements 2008-05-12 17:12:27 0 d-------- C:\Program Files\Webteh 2008-05-12 17:12:04 0 d-------- C:\Users\hp\AppData\Roaming\BSplayer 2008-05-12 17:10:10 0 d-------- C:\Program Files\Bethesda Softworks 2008-05-12 17:04:06 0 d-------- C:\Program Files\Wesnoth 1.3.15a 2008-05-11 21:48:19 0 d-------- C:\Users\hp\AppData\Roaming\DAEMON Tools 2008-05-11 21:48:19 0 d-------- C:\Program Files\SWKotOR2 2008-04-24 22:22:08 0 d-------- C:\Program Files\Apple Software Update 2008-04-20 22:04:03 0 d-------- C:\Program Files\Google 2008-04-20 11:01:36 43520 --a------ C:\Windows\system32\CmdLineExt03.dll 2008-04-19 17:42:49 0 d-------- C:\Program Files\Hercules 2008-04-15 19:02:40 0 d-------- C:\Users\hp\AppData\Roaming\SystemRequirementsLab 2008-04-14 10:55:28 0 d-------- C:\Program Files\Anno 1701 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE8C912-5723-4172-B6ED-38C4DB482255}] C:\Windows\system32\ssqRLFxx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [28/09/2006 15:42] "KBD"="C:\HP\KBD\KbdStub.EXE" [08/12/2006 18:16] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [15/02/2007 12:59] "RtHDVCpl"="RtHDVCpl.exe" [01/03/2007 17:38 C:\Windows\RtHDVCpl.exe] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [16/02/2005 23:11] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [23/09/2007 11:26] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36] "NvSvc"="C:\Windows\system32\nvsvc.dll" [11/12/2007 17:06] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11/12/2007 17:06] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11/12/2007 17:06] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/03/2008 15:05] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12/02/2008 10:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 09:33] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [20/09/2007 20:28] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 09:33] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [15/12/2007 12:02] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "Launcher"=%WINDIR%\SMINST\launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [20/09/2007 20:28:37] WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WiFiStation.exe [19/04/2008 17:43:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableLUA"=0 (0x0) "EnableSecureUIAPaths"=0 (0x0) "EnableVirtualization"=0 (0x0) "EnableUIADesktopToggle"=0 (0x0) "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b857c3a-57a7-11dc-8b7e-001bb98630ba}] AutoRun\command- K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93f5cf2a-898f-11dc-8d3e-001bb98630ba}] AutoRun\command- J:\Setup.now.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d80d1365-5e52-11dc-a2bb-001bb98630ba}] AutoRun\command- K:\Menu.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-06-10 18:35:55 ------------ Et voila le rapport de OTmoveIT < C:\Users\Kharl Amar\AppData\Local\Temp\*.* /s > C:\Users\Kharl Amar\AppData\Local\Temp\jusched.log moved successfully. C:\Users\Kharl Amar\AppData\Local\Temp\Kharl Amar.bmp moved successfully. C:\Users\Kharl Amar\AppData\Local\Temp\modern-wizard.bmp moved successfully. C:\Users\Kharl Amar\AppData\Local\Temp\QTInstallCode.log moved successfully. C:\Users\Kharl Amar\AppData\Local\Temp\wmsetup.log moved successfully. C:\Users\Kharl Amar\AppData\Local\Temp\~DFC6B2.tmp moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06102008_182429

Houla je fais n'importe quoi moi...

En effet ça marche mieux avec les bons réglages! Avira AntiVir Personal Report file date: mardi 10 juin 2008 13:31 Scanning for 1321380 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Save mode Username: hp Computer name: PC-DE-DIMITRI Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 10:46:10 ANTIVIR3.VDF : 7.0.4.170 254976 Bytes 10/06/2008 10:46:12 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 10/06/2008 10:46:26 AESCN.DLL : 8.1.0.21 119156 Bytes 10/06/2008 10:46:25 AERDL.DLL : 8.1.0.20 418165 Bytes 10/06/2008 10:46:24 AEPACK.DLL : 8.1.1.5 364918 Bytes 10/06/2008 10:46:23 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 10/06/2008 10:46:21 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 10/06/2008 10:46:20 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/06/2008 10:46:17 AEGEN.DLL : 8.1.0.28 307572 Bytes 10/06/2008 10:46:15 AEEMU.DLL : 8.1.0.6 430451 Bytes 10/06/2008 10:46:14 AECORE.DLL : 8.1.0.31 168310 Bytes 10/06/2008 10:46:13 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, F:, G:, H:, I:, J:, K:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 10 juin 2008 13:31 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 20 processes with 20 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Master boot sector HD2 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Master boot sector HD3 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Master boot sector HD4 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. [iNFO] Please restart the search with Administrator rights Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] In the drive 'F:\' no data medium is inserted! Boot sector 'G:\' [iNFO] In the drive 'G:\' no data medium is inserted! Boot sector 'H:\' [iNFO] In the drive 'H:\' no data medium is inserted! Boot sector 'I:\' [iNFO] In the drive 'I:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '23' files ). Starting the file scan: Begin scan in 'C:\' <HP> C:\pagefile.sys [WARNING] The file could not be opened! C:\QooBox\Quarantine\C\Windows\System32\nwshhnwh.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48c16e1d.qua'! C:\QooBox\Quarantine\C\Windows\System32\wvUkIXpO.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.HO [NOTE] The file was moved to '48a36e20.qua'! C:\Users\Kharl Amar\AppData\Local\Temp\tmp00018268 [DETECTION] Is the Trojan horse TR/Vundo.HO [NOTE] The file was moved to '48be71bb.qua'! C:\Users\Kharl Amar\AppData\Local\Temp\xxyYSmll.dll [DETECTION] Is the Trojan horse TR/Vundo.HO [NOTE] The file was moved to '48c771cb.qua'! C:\Windows\System32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <Recovery> Begin scan in 'E:\' <Mon disque> Begin scan in 'F:\' Search path F:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'G:\' Search path G:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'J:\' Search path J:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'K:\' Search path K:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: mardi 10 juin 2008 14:40 Used time: 1:08:50 min The scan has been done completely. 25657 Scanning directories 673214 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 673210 Files not concerned 4694 Archives were scanned 6 Warnings 4 Notes

Il faut faire l'analyse en mode sans échecs ou c'est pas la peine?

Mais en fait je l'ai déja fais trois fois... Je recommence quand même au cas ou.

Le rapport me semble un peu étrange: le scan à pris 2 secondes et le rapport indique qu'aucun fichier n'a été scanné. Sinon j'ai donc (forcément, puisque que tu as le résultat sous tes yeux) suivis tes conseils en désinstallant ad-aware et avast. Avira AntiVir Personal Report file date: mardi 10 juin 2008 13:04 Scanning for 1321380 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Save mode Username: hp Computer name: PC-DE-DIMITRI Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 10:46:10 ANTIVIR3.VDF : 7.0.4.170 254976 Bytes 10/06/2008 10:46:12 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 10/06/2008 10:46:26 AESCN.DLL : 8.1.0.21 119156 Bytes 10/06/2008 10:46:25 AERDL.DLL : 8.1.0.20 418165 Bytes 10/06/2008 10:46:24 AEPACK.DLL : 8.1.1.5 364918 Bytes 10/06/2008 10:46:23 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 10/06/2008 10:46:21 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 10/06/2008 10:46:20 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/06/2008 10:46:17 AEGEN.DLL : 8.1.0.28 307572 Bytes 10/06/2008 10:46:15 AEEMU.DLL : 8.1.0.6 430451 Bytes 10/06/2008 10:46:14 AECORE.DLL : 8.1.0.31 168310 Bytes 10/06/2008 10:46:13 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Rootkit search Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp Logging..........................: high Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Scan memory......................: off Process scan.....................: off Scan registry....................: off Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: high Expanded search settings.........: 0x00300922 Start of the scan: mardi 10 juin 2008 13:04 Starting search for hidden objects. The driver could not be initialized. End of the scan: mardi 10 juin 2008 13:04 Used time: 00:02 min The scan has been done completely. 0 Scanning directories 0 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 0 Files cannot be scanned 0 Files not concerned 0 Archives were scanned 0 Warnings 0 Notes

Encore pleins de jolies lignes! Explorer killed successfully < HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE8C912-5723-4172-B6ED-38C4DB482255} > Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE8C912-5723-4172-B6ED-38C4DB482255}\\ not found. < HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE60C6B2-8789-4BB3-BA80-82CB9162D600} > Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE60C6B2-8789-4BB3-BA80-82CB9162D600}\\ not found. File/Folder C:\Windows\system32\ssqRLFxx.dll not found. C:\Windows\wininit.ini moved successfully. < EmptyTemp > File delete failed. C:\Windows\temp\ZLT01671.TMP scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\ZLT04f8c.TMP scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06102008_115421 Files moved on Reboot... File C:\Windows\temp\ZLT01671.TMP not found! File C:\Windows\temp\ZLT04f8c.TMP not found! File C:\Windows\temp\_avast4_\Webshlock.txt not found! Et voila pour Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:58:02, on 10/06/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\notepad.exe C:\Windows\System32\mobsync.exe C:\hp\support\hpsysdrv.exe C:\hp\KBD\KbdStub.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Hercules\WiFi Station\WiFiStation.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {8AE8C912-5723-4172-B6ED-38C4DB482255} - C:\Windows\system32\ssqRLFxx.dll (file missing) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 8586 bytes

Je sais pas si c'est normal, mais après avoir redémarrer mon pc, avast ma signalé plein de changement dans le registre, genre suppression ou changement de fichier... Mais en même temps si le logiciel sert à enlever les malwares c'est certainement normal.

Voila de quoi t'amuser^^ ComboFix 08-06-09.7 - hp 2008-06-10 11:21:39.1 - NTFSx86 MINIMAL Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2643 [GMT 2:00] Endroit: C:\Users\hp\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\axifxllc.dll C:\Windows\system32\bbtnmtsf.ini C:\Windows\system32\bgrofoyc.ini C:\Windows\System32\cfhkrtfc.ini C:\Windows\system32\cftrkhfc.dll C:\Windows\System32\cllxfixa.ini C:\Windows\system32\cyoforgb.dll C:\Windows\system32\eqbtxnvs.ini C:\Windows\system32\fstmntbb.dll C:\Windows\System32\nVvCKRqr.ini C:\Windows\System32\nVvCKRqr.ini2 C:\Windows\system32\nwshhnwh.dll C:\Windows\system32\wvUkIXpO.dll C:\Windows\system32\xemoehxy.dll C:\Windows\System32\xxFLRqss.ini C:\Windows\System32\xxFLRqss.ini2 C:\Windows\system32\yxheomex.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))))))) . 2008-06-10 10:56 . 2008-06-10 10:56 <REP> d-------- C:\Program Files\Trend Micro 2008-06-09 21:30 . 2008-06-09 21:30 <REP> d-------- C:\VundoFix Backups 2008-06-09 14:13 . 2008-06-09 14:13 <REP> d-------- C:\Program Files\CCleaner 2008-06-09 13:31 . 2008-06-09 13:31 <REP> d-------- C:\Users\Kharl Amar\AppData\Roaming\Apple Computer 2008-06-09 12:57 . 2008-06-09 12:57 <REP> d-------- C:\Users\Kharl Amar\AppData\Roaming\Talkback 2008-06-09 12:35 . 2008-06-09 14:11 153 --a------ C:\Windows\wininit.ini 2008-06-09 12:14 . 2008-06-09 14:11 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-06-09 12:14 . 2008-06-09 14:11 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-06-09 12:14 . 2008-06-09 12:14 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-09 12:08 . 2008-06-09 12:12 <REP> d-------- C:\Users\All Users\Lavasoft 2008-06-09 12:08 . 2008-06-09 12:12 <REP> d-------- C:\ProgramData\Lavasoft 2008-06-09 12:08 . 2008-06-09 12:08 <REP> d-------- C:\Program Files\Lavasoft 2008-06-09 12:06 . 2008-06-09 12:06 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-09 12:04 . 2008-06-09 12:04 <REP> d-------- C:\Users\All Users\CheckPoint 2008-06-09 12:04 . 2008-06-09 12:04 <REP> d-------- C:\ProgramData\CheckPoint 2008-06-09 12:04 . 2008-06-09 12:04 <REP> d-------- C:\Program Files\Zone Labs 2008-06-09 12:03 . 2008-06-09 12:04 <REP> d-------- C:\Windows\System32\ZoneLabs 2008-06-09 12:03 . 2008-06-10 11:30 352,615 --ah----- C:\Windows\System32\drivers\vsconfig.xml 2008-06-09 12:03 . 2008-03-03 15:06 279,440 --------- C:\Windows\System32\drivers\vsdatant.sys 2008-06-09 12:02 . 2008-06-10 11:30 <REP> d-------- C:\Windows\Internet Logs 2008-06-09 11:59 . 2008-06-09 11:59 <REP> d-------- C:\Program Files\Alwil Software 2008-06-09 11:59 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-06-09 11:54 . 2008-06-09 11:54 <REP> dr------- C:\Users\Kharl Amar\Searches 2008-06-09 11:53 . 2008-06-09 11:54 <REP> dr------- C:\Users\Kharl Amar\Videos 2008-06-09 11:53 . 2008-06-09 11:54 <REP> dr------- C:\Users\Kharl Amar\Saved Games 2008-06-09 11:53 . 2008-06-09 13:27 <REP> dr------- C:\Users\Kharl Amar\Pictures 2008-06-09 11:53 . 2008-06-09 13:31 <REP> dr------- C:\Users\Kharl Amar\Music 2008-06-09 11:53 . 2008-06-09 11:54 <REP> dr------- C:\Users\Kharl Amar\Links 2008-06-09 11:53 . 2008-06-09 11:54 <REP> dr------- C:\Users\Kharl Amar\Downloads 2008-06-09 11:53 . 2008-06-09 11:54 <REP> dr------- C:\Users\Kharl Amar\Documents 2008-06-09 11:53 . 2008-06-09 11:53 <REP> dr------- C:\Users\Kharl Amar\Contacts 2008-06-09 11:53 . 2006-11-02 14:37 <REP> d-------- C:\Users\Kharl Amar\AppData\Roaming\Media Center Programs 2008-06-09 11:53 . 2008-06-09 11:54 <REP> d--h----- C:\Users\Kharl Amar\AppData 2008-06-09 11:53 . 2008-06-09 11:54 <REP> d-------- C:\Users\Kharl Amar 2008-06-07 17:21 . 2008-06-07 17:21 <REP> d-------- C:\Program Files\Blobby Volley 2.0 Alpha 6 2008-06-03 18:54 . 2008-06-06 18:16 <REP> d-------- C:\Program Files\TrackMania Nations ESWC 2008-05-31 01:23 . 2008-05-31 01:23 8,835 --a------ C:\Windows\System32\dpufr.qm 2008-05-29 23:21 . 2008-05-29 23:21 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-05-28 17:26 . 2008-05-28 17:26 <REP> dr------- C:\Users\Public\Videos 2008-05-28 17:26 . 2008-05-28 17:26 <REP> dr------- C:\Users\Public\Downloads 2008-05-28 17:19 . 2008-05-28 17:19 <REP> d-------- C:\PerfLogs 2008-05-28 14:17 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-05-28 14:16 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-05-28 14:15 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-05-28 14:15 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-05-28 14:15 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-05-28 14:15 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-05-28 14:15 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-05-28 14:15 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-05-28 14:15 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-05-28 14:15 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-05-28 14:15 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-05-28 14:15 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll 2008-05-28 12:57 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 12:57 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-26 23:09 . 2008-05-28 17:26 <REP> dr------- C:\Users\Public\Pictures 2008-05-26 21:04 . 2008-05-26 21:04 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-05-26 20:59 . 2008-05-26 20:59 <REP> d-------- C:\Users\All Users\WLInstaller 2008-05-26 20:59 . 2008-05-26 20:59 <REP> d-------- C:\ProgramData\WLInstaller 2008-05-26 20:59 . 2008-05-26 21:02 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-26 18:14 . 2008-06-06 19:23 <REP> d-------- C:\RomStation 2008-05-26 18:14 . 2008-06-06 19:23 28 --a------ C:\Windows\ODBC.INI 2008-05-25 20:49 . 2008-05-25 20:52 <REP> d-------- C:\DeusEx 2008-05-23 00:22 . 2008-05-23 00:22 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll 2008-05-23 00:22 . 2008-05-23 00:22 524,288 --a------ C:\Windows\System32\DivXsm.exe 2008-05-23 00:22 . 2008-05-23 00:22 9,878 --a------ C:\Windows\System32\dsm_fr.qm 2008-05-23 00:22 . 2008-05-23 00:22 4,816 --a------ C:\Windows\System32\divxsm.tlb 2008-05-23 00:20 . 2008-05-23 00:20 1,044,480 --a------ C:\Windows\System32\libdivx.dll 2008-05-23 00:20 . 2008-05-23 00:20 200,704 --a------ C:\Windows\System32\ssldivx.dll 2008-05-23 00:19 . 2008-05-23 00:19 196,608 --a------ C:\Windows\System32\dtu100.dll 2008-05-23 00:19 . 2008-05-23 00:19 161,096 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe 2008-05-23 00:19 . 2008-05-23 00:19 81,920 --a------ C:\Windows\System32\dpl100.dll 2008-05-23 00:19 . 2008-05-23 00:19 3,067 --a------ C:\Windows\System32\dtu_fr.qm 2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\Windows\System32\dtu100.dll.manifest 2008-05-23 00:19 . 2008-05-23 00:19 416 --a------ C:\Windows\System32\dpl100.dll.manifest 2008-05-23 00:18 . 2008-05-23 00:18 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\Windows\System32\lsdelete.exe 2008-05-12 21:00 . 2008-05-12 22:11 <REP> d-------- C:\Temp\lupc 2008-05-12 21:00 . 2008-05-12 21:00 <REP> d-------- C:\Temp 2008-05-10 11:06 . 2008-05-10 11:06 <REP> d-------- C:\Windows\System32\Adobe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-10 09:18 359,936 ----a-w C:\Windows\Internet Logs\xDB64F9.tmp 2008-06-10 09:18 1,340,416 ----a-w C:\Windows\Internet Logs\xDB65C5.tmp 2008-06-10 08:30 99,003 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_06_10_00_17_20_small.dmp.zip 2008-06-10 08:25 178,128 ----a-w C:\Windows\Internet Logs\tvDebug.zip 2008-06-10 07:07 --------- d-----w C:\Users\hp\AppData\Roaming\uTorrent 2008-06-09 21:32 --------- d-----w C:\ProgramData\Google Updater 2008-06-09 09:45 --------- d-----w C:\Program Files\Kaspersky Lab 2008-06-08 15:00 --------- d-----w C:\Program Files\DivX 2008-06-07 10:11 --------- d-----w C:\Program Files\iGnuteel 2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-05-28 18:37 --------- d-----w C:\ProgramData\NVIDIA 2008-05-28 15:26 174 --sha-w C:\Program Files\desktop.ini 2008-05-28 15:19 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-28 15:19 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-28 15:19 --------- d-----w C:\Program Files\Windows Mail 2008-05-28 15:19 --------- d-----w C:\Program Files\Windows Journal 2008-05-28 15:19 --------- d-----w C:\Program Files\Windows Defender 2008-05-28 15:19 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-28 15:19 --------- d-----w C:\Program Files\Windows Calendar 2008-05-28 12:26 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-05-28 12:26 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-05-28 10:42 --------- d-----w C:\Program Files\Windows Live 2008-05-27 21:26 --------- d-----w C:\Users\hp\AppData\Roaming\Roxio 2008-05-26 19:01 --------- d-----w C:\Program Files\MSN Messenger 2008-05-26 06:46 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-12 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-12 15:19 --------- d-----w C:\Program Files\LucasArts 2008-05-12 15:16 --------- d-----w C:\Program Files\Esprit Des Elements 2008-05-12 15:12 --------- d-----w C:\Users\hp\AppData\Roaming\BSplayer 2008-05-12 15:12 --------- d-----w C:\Program Files\Webteh 2008-05-12 15:10 --------- d-----w C:\Program Files\Bethesda Softworks 2008-05-12 15:04 --------- d-----w C:\Program Files\Wesnoth 1.3.15a 2008-05-11 19:48 --------- d-----w C:\Users\hp\AppData\Roaming\DAEMON Tools 2008-05-11 19:48 --------- d-----w C:\Program Files\SWKotOR2 2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys 2008-04-24 20:22 --------- d-----w C:\Program Files\Apple Software Update 2008-04-20 20:04 --------- d-----w C:\Program Files\Google 2008-04-20 09:01 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll 2008-04-19 15:42 --------- d-----w C:\Program Files\Hercules 2008-04-15 17:02 --------- d-----w C:\Users\hp\AppData\Roaming\SystemRequirementsLab 2008-04-14 08:55 --------- d-----w C:\Program Files\Anno 1701 2008-04-14 08:47 271,360 ----a-w C:\Windows\system32\drivers\atksgt.sys 2008-04-14 08:47 18,048 ----a-w C:\Windows\system32\drivers\lirsgt.sys 2007-12-02 22:38 102 ----a-w C:\Users\hp\AppData\Roaming\wklnhst.dat 2007-10-24 16:57 22 --sha-w C:\Windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8AE8C912-5723-4172-B6ED-38C4DB482255}] C:\Windows\system32\ssqRLFxx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE60C6B2-8789-4BB3-BA80-82CB9162D600}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-20 20:28 68856] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-15 12:02 482760] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 12:59 118784] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 17:38 4390912 C:\Windows\RtHDVCpl.exe] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-23 11:26 185632] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-20 20:28:37 125624] WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WiFiStation.exe [2008-04-19 17:43:21 98304] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableVirtualization"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3C145026-2549-4D86-9B33-AB2916950CA9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F13A2715-992C-45AF-8DF6-C0F5618A60C6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C7C068D6-2FF1-4583-80E5-85C47746C334}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{FD42B920-3121-47EB-A9E6-CFC001527A4F}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{4DDB3487-6F66-4482-8B27-A8D626EADD9F}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{E975E4F0-C7C7-486E-9400-F99E4788C17C}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{7DB196E9-681E-4F75-A136-1DE6C26F8216}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{202B0996-4C24-4460-9F05-B6D1B5C0872F}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{F3A04DEE-1AF8-4A83-B617-682921D866EA}C:\\program files\\web tv\\webtv.exe"= UDP:C:\program files\web tv\webtv.exe:La radio et la TV par Internet "UDP Query User{4CD9F8A8-19C9-4EB5-92E6-F3298BF788CB}C:\\program files\\web tv\\webtv.exe"= TCP:C:\program files\web tv\webtv.exe:La radio et la TV par Internet "TCP Query User{07BAACB7-F1F0-4EF8-860D-712F17EE08DB}C:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= UDP:C:\program files\lionhead studios ltd\black & white\runblack.exe:lh "UDP Query User{27A73F78-AF3F-49D2-9AB0-98930CB9783D}C:\\program files\\lionhead studios ltd\\black & white\\runblack.exe"= TCP:C:\program files\lionhead studios ltd\black & white\runblack.exe:lh "TCP Query User{5C273575-578C-4203-AF0E-B9F07DE1CD63}C:\\users\\hp\\desktop\\world of warcraft - copie\\backgrounddownloader.exe"= UDP:C:\users\hp\desktop\world of warcraft - copie\backgrounddownloader.exe:backgrounddownloader.exe "UDP Query User{278CEB1A-B719-44AF-9C88-94D2D2FB591B}C:\\users\\hp\\desktop\\world of warcraft - copie\\backgrounddownloader.exe"= TCP:C:\users\hp\desktop\world of warcraft - copie\backgrounddownloader.exe:backgrounddownloader.exe "TCP Query User{828BF375-7E72-4F57-8E4D-C5B8CEFE270E}C:\\users\\hp\\documents\\a trier\\wow\\world of warcraft1\\wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe"= UDP:C:\users\hp\documents\a trier\wow\world of warcraft1\wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe:wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe "UDP Query User{A25652B4-9AE6-4380-B492-A32B0BFB71EB}C:\\users\\hp\\documents\\a trier\\wow\\world of warcraft1\\wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe"= TCP:C:\users\hp\documents\a trier\wow\world of warcraft1\wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe:wow-2.1.3.6898-to-2.2.0.7272-frfr-downloader.exe "{387AE2ED-95DC-45B2-8DA9-1BCC8133281A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{DBBE39A1-F4B1-4AED-9F77-F3910AD7CC0B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{5AC64BB7-E33B-4867-B0E8-E4371B774721}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{D016DCB8-4B7B-48F7-9B96-6BB502BE0601}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{84DAD02A-7C42-4074-9D0D-6AE9402A6FBC}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{7AFE737A-30D5-4F68-9782-62271F880141}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{1BFB9587-302E-4160-8ADD-EF19F4719EB8}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{D8FA3A3B-BB58-402F-A065-5761F39F336E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{517B487A-A057-4661-A9F8-41D7FDFB4194}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{6CEC0B30-FAE7-4CDE-8162-F34237209FCF}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{9D3CA362-6BEB-402C-8A77-0CCAB34CB691}C:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player "UDP Query User{51D63429-76D0-470F-9631-FE1600300445}C:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player "TCP Query User{EA45FFF4-0F3A-40E9-90FB-D12046B08B37}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player "UDP Query User{597462CE-009D-4DAB-981C-D40DF0AB0D91}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player "TCP Query User{10A6BC6B-492E-4A80-BDDB-82A895A71BC7}C:\\program files\\sierra\\fear\\fpupdate.exe"= UDP:C:\program files\sierra\fear\fpupdate.exe:fpupdate "UDP Query User{0C634EDF-33EA-4FF4-B35D-F466FB058E2F}C:\\program files\\sierra\\fear\\fpupdate.exe"= TCP:C:\program files\sierra\fear\fpupdate.exe:fpupdate "{44BB4890-F078-42EE-828D-DDF2373AA8EB}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{C31F8C60-23D4-48E5-8753-1417625915C5}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{C7FA07E1-4FEB-4A93-B525-F41A8FF49A4D}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR "{7F25AB36-B028-46EF-AD0D-FD0D822D7789}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR "TCP Query User{6C5BF98E-B7C8-4AC9-BDC6-B7DD4EE727F0}C:\\program files\\homeplayer1.5.4\\homeplayer.exe"= UDP:C:\program files\homeplayer1.5.4\homeplayer.exe:HomePlayer "UDP Query User{C4E2C055-A0FC-4D7C-A715-1DF74F46428F}C:\\program files\\homeplayer1.5.4\\homeplayer.exe"= TCP:C:\program files\homeplayer1.5.4\homeplayer.exe:HomePlayer "TCP Query User{376D6C54-F497-4585-9DCB-CEA4E2EE8539}C:\\program files\\tale of tales\\the endless forest 3\\forestviewer.exe"= UDP:C:\program files\tale of tales\the endless forest 3\forestviewer.exe:ForestViewer "UDP Query User{6B0E112A-8CAB-44F7-9D38-365C8AA15B4E}C:\\program files\\tale of tales\\the endless forest 3\\forestviewer.exe"= TCP:C:\program files\tale of tales\the endless forest 3\forestviewer.exe:ForestViewer "TCP Query User{BD7D9D32-04A5-4B15-8A83-CAED4A782374}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.323\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.323\english\setup.exe:Kaspersky Internet Security 7.0 Setup "UDP Query User{0A16943C-4110-4B92-B435-ACBC5B2701F8}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.323\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.323\english\setup.exe:Kaspersky Internet Security 7.0 Setup "{DC8FB4EB-B668-4F63-9E05-5C5329F06147}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{50CC2C1F-C295-464B-8407-A1A5C08F2396}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{25E07F37-A8EE-4F17-8408-70E79C6E0906}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords "{F04C19EB-6C9B-4405-9D2B-5EFD577BD741}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords "{C839CB83-C46C-4B08-8372-31788C29FF09}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss "{53101BA4-CDC2-49B2-8510-DEC4E82DB534}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss "{3C843CAA-390D-4888-9FBF-CFAD1BD60281}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword "{A062C0F3-4757-47DC-97AE-E73692B2A044}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword "{C41211AB-7BC2-41DE-9F61-0EA60B820D83}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss "{452D05C5-5E69-44C6-817E-9154523B53D8}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss "{56BA6FD9-7EAF-4C89-ACDD-AB3D455573CB}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{B731FAB4-793F-46FF-984E-03E6662331D7}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{47174F7B-93C7-478E-9FF8-C44F797D60DD}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{0D1E6198-7E7B-4159-82DE-8D5072BF8262}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{62CC75A2-C8C6-4A4F-8389-867A2FBCC743}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{E2D029DA-CCFF-40D0-AFAF-1E16214F649E}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{6EE130DE-05EB-42BC-B058-6029ED3D31EF}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{F068F1A4-1493-450E-9108-76C8A011E6C9}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{0331B853-7085-44FF-A267-A6E6C2FB222C}"= UDP:20986:torrent "{C8473491-9B85-4E62-8137-1416D5270428}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F472A43C-3AEE-41DF-90BF-0CFFE4C74FBD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{3F6F94E2-1037-4098-8BA5-0721512522F4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{1D0AE093-E3F7-41CA-98D1-BCF54B14BEFA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R3 rt61x86;802.11g Wireless Driver RT61;C:\Windows\system32\DRIVERS\netr61.sys [2006-12-13 07:38] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b857c3a-57a7-11dc-8b7e-001bb98630ba}] \shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93f5cf2a-898f-11dc-8d3e-001bb98630ba}] \shell\AutoRun\command - J:\Setup.now.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d80d1365-5e52-11dc-a2bb-001bb98630ba}] \shell\AutoRun\command - K:\Menu.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-09 10:54:42 C:\Windows\Tasks\User_Feed_Synchronization-{E9E7EC14-3612-42CF-8984-3B20A2114B08}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-10 11:30:28 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\System32\conime.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\wbem\unsecapp.exe C:\Program Files\iPod\bin\iPodService.exe C:\hp\KBD\kbd.exe C:\Windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-10 11:37:40 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-10 09:37:23 Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Post-Run: 36,927,025,152 octets libres 345 --- E O F --- 2008-06-06 15:22:12

Houla c'est rapide! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:57:08, on 10/06/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Hercules\WiFi Station\WiFiStation.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\hp\kbd\kbd.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8AE8C912-5723-4172-B6ED-38C4DB482255} - C:\Windows\system32\ssqRLFxx.dll (file missing) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AE60C6B2-8789-4BB3-BA80-82CB9162D600} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [e8658014] rundll32.exe "C:\Windows\system32\cyoforgb.dll",b O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 9009 bytes