franck de Marseille

Bonjour, Ok, je m'y mets dès ce soir. Bonne journée. A+

Bonsoir, Voilà le rapport combofix : ComboFix 09-04-04.01 - famille 2009-04-07 20:49:12.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1535.1044 [GMT 2:00] Lancé depuis: c:\documents and settings\famille\Bureau\ComboFix.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) FW: Kaspersky Internet Security *disabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\QUAD Utilities c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe c:\program files\QUAD Utilities\QUAD Registry Cleaner\vista.exe c:\windows\cdmxtras c:\windows\cdmxtras\uninst.exe c:\windows\system32\AdCache c:\windows\system32\cache329 c:\windows\system32\P2P Networking v126.cpl c:\windows\system32\tmp.reg . ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-07 au 2009-04-07 )))))))))))))))))))))))))))))))))))) . 2009-04-06 21:55 . 2009-04-06 21:55 <REP> d-------- c:\documents and settings\famille\Application Data\Malwarebytes 2009-04-06 21:54 . 2009-04-06 21:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-06 18:59 . 2009-04-06 19:00 <REP> d-------- C:\rsit 2009-04-05 13:04 . 2009-04-05 13:04 <REP> d-------- c:\program files\Photo Story 3 for Windows 2009-04-05 12:57 . 2009-04-05 12:57 <REP> d-------- c:\program files\SoftChris 2009-03-23 22:13 . 2009-04-06 19:13 <REP> d-------- c:\documents and settings\famille\Tracing 2009-03-23 21:04 . 2009-02-06 19:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys 2009-03-23 21:00 . 2009-03-23 21:00 <REP> d-------- c:\program files\Microsoft Sync Framework 2009-03-23 20:58 . 2009-03-23 20:58 <REP> d-------- c:\program files\Microsoft 2009-03-23 20:57 . 2009-03-23 20:57 <REP> d-------- c:\program files\Windows Live SkyDrive 2009-03-23 20:49 . 2009-03-23 20:49 <REP> d-------- c:\program files\Fichiers communs\Windows Live . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-07 18:55 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-04-07 18:51 778,272 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-04-07 18:51 4,788 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-04-07 18:51 4,601,888 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-04-07 18:51 39,128 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-04-07 15:40 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-07 15:35 89,601 ----a-w c:\windows\system32\drivers\klick.dat 2009-04-07 15:35 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-04-07 15:35 101,287 ----a-w c:\windows\system32\drivers\klin.dat 2009-03-23 19:04 --------- d-----w c:\program files\Windows Live 2009-03-23 19:00 --------- d-----w c:\program files\Windows Live Toolbar 2009-02-28 11:45 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-28 03:54 --------- d-----w c:\program files\Team17 2009-02-27 22:59 --------- d-----w c:\program files\TryMedia 2009-02-17 20:56 --------- d-----w c:\program files\Java 2009-02-17 20:36 --------- d-----w c:\program files\Fichiers communs\Real 2009-02-15 21:30 --------- d-----w c:\program files\QuickTime 2009-02-15 21:29 --------- d-----w c:\program files\Fichiers communs\Apple 2009-02-15 21:29 --------- d-----w c:\program files\Apple Software Update 2009-02-15 21:29 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-02-15 21:29 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-02-08 16:41 --------- d-----w c:\program files\Dofus 2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR 2005-11-29 18:15 4,096 -c--a-w c:\documents and settings\famille\log.dat 2008-07-09 11:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008070920080710\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BTCLiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2004-03-08 430080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "msnlivesearch"="c:\program files\Windows Live\MessengerSearchAddon\msgrsrch.exe" [2008-10-16 49152] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-17 136600] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-07 206088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\famille\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - c:\documents and settings\famille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-10-04 143360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568] PC Alert 4.lnk - c:\program files\MSI\PC Alert 4\PCAlert4.exe [2004-10-28 552960] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) [HKLM\~\startupfolder\C:^Documents and Settings^famille^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk] path=c:\documents and settings\famille\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk backup=c:\windows\pss\MSN Pictures Displayer.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^famille^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] path=c:\documents and settings\famille\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2004-10-26 23:35 61440 c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor] --a------ 2004-10-26 23:35 417431 c:\program files\Acronis\TrueImage\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a--c--- 2004-09-29 07:15 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-06-18 15:51 289088 c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 04:33 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] --a------ 2003-12-22 08:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2003-08-04 17:28 49152 c:\program files\HP\HP Software Update\hpwuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 16:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a--c--- 2006-11-10 13:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2004-06-03 22:05 32881 c:\program files\Java\j2re1.4.2_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-08-28 10:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-11-03 10:59 204288 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-01-08 20:54 65536 c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\Team17\\Worms World Party\\wwp.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12700:TCP"= 12700:TCP:*:Disabled:emule: TCP entrant "17153:TCP"= 17153:TCP:BitComet 17153 TCP "17153:UDP"= 17153:UDP:BitComet 17153 UDP R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-03-23 55152] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2004-10-28 14601] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S3 VRETRACE;VRETRACE;\??\d:\temp\VRETRACE.sys --> d:\temp\VRETRACE.sys [?] S4 Audiu3shss;Audiu3shss; [x] . Contenu du dossier 'Tâches planifiées' 2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-QUAD Scheduler - c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe MSConfigStartUp-!AVG Anti-Spyware - c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe MSConfigStartUp-BitComet - d:\ma musique\Musique de GEORGE\LE SLAVE\WORMS\BitComet\BitComet.exe MSConfigStartUp-CursorFX - c:\program files\Stardock\CursorFX\CursorFX.exe MSConfigStartUp-DAEMON Tools-1033 - c:\program files\D-Tools\daemon.exe MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-SweetIM - c:\program files\Macrogaming\SweetIM\SweetIM.exe MSConfigStartUp-TkBellExe - c:\program files\Fichiers communs\Real\Update_OB\realsched.exe MSConfigStartUp-WinampAgent - c:\program files\Winamp\wianmpa.exe MSConfigStartUp-DXDllRegExe - dxdllreg.exe . ------- Examen supplémentaire ------- . uInternet Connection Wizard,ShellNext = iexplore IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Analyser avec LeechGet - file://c:\program files\LeechGet 2007\\Parser.html IE: Télécharger en utilisant l'assistant LeechGet - file://c:\program files\LeechGet 2007\\Wizard.html IE: Télécharger en utilisant LeechGet - file://c:\program files\LeechGet 2007\\AddUrl.html TCP: {41A2A0D2-DEF3-4302-A5CD-011A400F0509} = 84.103.237.141 86.64.145.141 DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-07 20:56:15 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1078081533-1454471165-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(832) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\documents and settings\famille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-04-07 20:58:49 - La machine a redémarré ComboFix-quarantined-files.txt 2009-04-07 18:58:46 Avant-CF: 227 700 736 octets libres Après-CF: 599,097,344 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn 219 --- E O F --- 2009-03-14 13:21:06

Bonjour, Le dernier RSIT a été posté hier soir (voir message précédent). Pour le reste je verrai ce soir à la maison. Merci pour votre disponibilité.

Bonjour, Après tout cela, je n'arrive toujours pas à lancer mon kaspersky.... Quand j'eteinds mon ordi (maintenant de façon normale) j'ai un message "avp.exe en cours de fermeture" à+

Pour terminer ce soir vloila le dernier rapport RSIT. Par contre je n'ai que le log.txt : Logfile of random's system information tool 1.06 (written by random/random) Run by famille at 2009-04-06 22:53:56 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 263 MB (1%) free of 21 GB Total RAM: 1535 MB (59% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:54:05, on 06/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\LiveUpdate\LiveUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\famille\Bureau\RSIT.exe C:\Karcher\famille.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run O4 - HKCU\..\Run: [QUAD Scheduler] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2007\\Wizard.html O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098827362531 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://girafoto.fr/uploaders/aurigma_4_5_5...geUploader4.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwared...ion_3_0_4_0.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41A2A0D2-DEF3-4302-A5CD-011A400F0509}: NameServer = 86.64.145.141 84.103.237.141 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 9314 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-17 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-17 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-17 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-28 352256] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] "P2P Networking"=C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-17 136600] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-04 206088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-03-26 401040] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BTCLiveUpdate"=C:\Program Files\LiveUpdate\LiveUpdate.exe [2004-03-08 430080] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] ""= [] "msnlivesearch"=C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe [2008-10-16 49152] "QUAD Scheduler"=C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe [2008-10-21 11264] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2004-10-26 61440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe [2004-10-26 417431] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-09-29 344064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] D:\Ma musique\Musique de GEORGE\LE SLAVE\WORMS\BitComet\BitComet.exe /tray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] C:\Program Files\DNA\btdna.exe [2008-06-18 289088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe] dxdllreg.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-08-04 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2004-01-08 65536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe [2004-06-03 32881] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\wianmpa.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^famille^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk] C:\PROGRA~1\MSNPIC~1\MSNPIC~1.EXE [2007-06-06 4579328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^famille^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] C:\PROGRA~1\OPENOF~2.3\program\QUICKS~1.EXE [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Documents and Settings\famille\Menu Démarrer\Programmes\Démarrage Outil de notification Live Search.lnk - C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-07-29 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "ConsentPromptBehaviorAdmin"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoRun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "AllowLegacyWebView"= "AllowUnhashedWebView"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client" "C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza" "D:\Ma musique\Musique de GEORGE\LE SLAVE\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Ma musique\Musique de GEORGE\LE SLAVE\TrackMania Nations ESWC\TmNationsESWC.exe:*:Disabled:TmNationsESWC" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent" "D:\Ma musique\Musique de GEORGE\LE SLAVE\g\eMule\emule.exe"="D:\Ma musique\Musique de GEORGE\LE SLAVE\g\eMule\emule.exe:*:Disabled:eMule" "C:\Documents and Settings\scoobydoo\Mes documents\Mes fichiers reçus\gabytounu3360782685\Historique\gaby\eMule\emule.exe"="C:\Documents and Settings\scoobydoo\Mes documents\Mes fichiers reçus\gabytounu3360782685\Historique\gaby\eMule\emule.exe:*:Disabled:eMule" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking" "C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa" "C:\Program Files\Team17\Worms World Party\wwp.exe"="C:\Program Files\Team17\Worms World Party\wwp.exe:*:Disabled:Worms World Party" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06d0157c-ef17-11da-a32c-000c76efce19}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs ======List of files/folders created in the last 1 months====== 2009-04-06 21:55:01 ----D---- C:\Documents and Settings\famille\Application Data\Malwarebytes 2009-04-06 21:54:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-04-06 21:54:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-04-06 21:11:24 ----A---- C:\TB.txt 2009-04-06 21:10:00 ----A---- C:\WINDOWS\ntbtlog.txt 2009-04-06 21:05:24 ----D---- C:\ToolBar SD 2009-04-06 18:59:46 ----D---- C:\rsit 2009-04-05 13:04:22 ----D---- C:\Program Files\Photo Story 3 for Windows 2009-04-05 12:57:01 ----D---- C:\Program Files\SoftChris 2009-03-23 21:00:35 ----D---- C:\Program Files\Microsoft Sync Framework 2009-03-23 20:58:08 ----D---- C:\Program Files\Microsoft 2009-03-23 20:57:54 ----D---- C:\Program Files\Windows Live SkyDrive 2009-03-23 20:49:37 ----D---- C:\Program Files\Fichiers communs\Windows Live 2009-03-11 22:35:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 22:35:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-11 22:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ ======List of files/folders modified in the last 1 months====== 2009-04-06 22:54:05 ----D---- C:\WINDOWS\Prefetch 2009-04-06 22:54:00 ----D---- C:\Karcher 2009-04-06 21:55:00 ----D---- C:\WINDOWS\system32\drivers 2009-04-06 21:54:56 ----RD---- C:\Program Files 2009-04-06 21:45:39 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-04-06 21:45:37 ----D---- C:\WINDOWS\Temp 2009-04-06 21:42:19 ----D---- C:\WINDOWS\system32 2009-04-06 21:39:43 ----A---- C:\rapport.txt 2009-04-06 21:39:16 ----D---- C:\WINDOWS 2009-04-06 21:38:01 ----A---- C:\WINDOWS\system32\tmp.txt 2009-04-06 21:16:04 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-04-06 18:32:52 ----SHD---- C:\WINDOWS\Installer 2009-04-06 15:47:26 ----A---- C:\WINDOWS\NeroDigital.ini 2009-04-05 22:51:35 ----D---- C:\WINDOWS\system32\CatRoot2 2009-04-05 20:08:52 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-04-01 09:23:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-23 21:55:06 ----RSD---- C:\WINDOWS\assembly 2009-03-23 21:53:32 ----D---- C:\WINDOWS\Microsoft.NET 2009-03-23 21:04:28 ----SD---- C:\Documents and Settings\famille\Application Data\Microsoft 2009-03-23 21:04:25 ----HD---- C:\WINDOWS\inf 2009-03-23 21:04:17 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-23 21:04:17 ----D---- C:\Program Files\Windows Live 2009-03-23 21:01:57 ----D---- C:\WINDOWS\WinSxS 2009-03-23 21:00:51 ----SD---- C:\WINDOWS\Tasks 2009-03-23 21:00:51 ----D---- C:\Program Files\Windows Live Toolbar 2009-03-23 21:00:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-03-23 20:59:33 ----D---- C:\WINDOWS\system32\DirectX 2009-03-23 20:49:37 ----D---- C:\Program Files\Fichiers communs 2009-03-21 15:34:05 ----D---- C:\WINDOWS\Debug 2009-03-18 18:12:55 ----D---- C:\WINDOWS\system32\CatRoot 2009-03-11 22:35:29 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-03-11 22:01:37 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-27 43488] R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-04 213520] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2004-10-26 28096] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-01-09 601100] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-10-28 96832] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-12-05 2782208] R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 catchme;catchme; \??\D:\Temp\catchme.sys [] S3 CoolerXPDriver;CoolerXPDriver; \??\C:\Program Files\MSI\PC Alert 4\NTCooler.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-05 51056] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-05 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-05 21488] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MTK;Media Technology Kernel Driver; C:\WINDOWS\System32\Drivers\fide.sys [2004-10-28 14601] S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-10-24 38784] S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896] S3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-10-24 311936] S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 VRETRACE;VRETRACE; \??\D:\Temp\VRETRACE.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 Audiu3shss;Audiu3shss; C:\WINDOWS\system32\drivers\Audiu3shss.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2004-10-26 122880] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-17 152984] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-05 593920] S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-04 206088] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2004-10-26 68096] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-01-05 65795] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF-----------------

Enfin le rapport MBAM : Malwarebytes' Anti-Malware 1.35 Version de la base de données: 1945 Windows 5.1.2600 Service Pack 3 06/04/2009 22:50:36 mbam-log-2009-04-06 (22-50-36).txt Type de recherche: Examen complet (C:\|D:\|F:\|H:\|S:\|) Eléments examinés: 194099 Temps écoulé: 34 minute(s), 41 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{288c5f13-7e52-4ada-a32e-f5bf9d125f99} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\every toolbarevery toolbar (Adware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Le rapport smitfraudfix après nettoyage : SmitFraudFix v2.406 Rapport fait à 21:37:36,81, 06/04/2009 Executé à partir de C:\Documents and Settings\famille\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com ... »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{41A2A0D2-DEF3-4302-A5CD-011A400F0509}: NameServer=86.64.145.146 84.103.237.146 HKLM\SYSTEM\CS3\Services\Tcpip\..\{41A2A0D2-DEF3-4302-A5CD-011A400F0509}: NameServer=84.103.237.148 86.64.145.148 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Et maintenat SmitFraudFix : SmitFraudFix v2.406 Rapport fait à 21:32:13,45, 06/04/2009 Executé à partir de C:\Documents and Settings\famille\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\LiveUpdate\LiveUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\famille\Bureau\SmitfraudFix\Policies.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\famille »»»»»»»»»»»»»»»»»»»»»»»» D:\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\famille\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\famille\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\mzvkbd3.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\adialhk.dll,C:\\PROGRA~1\\KASPER~1\\KASPER~1\\kloehk.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: WAN (PPP/SLIP) Interface DNS Server Search Order: 86.64.145.146 DNS Server Search Order: 84.103.237.146 HKLM\SYSTEM\CCS\Services\Tcpip\..\{41A2A0D2-DEF3-4302-A5CD-011A400F0509}: NameServer=86.64.145.146 84.103.237.146 HKLM\SYSTEM\CS3\Services\Tcpip\..\{41A2A0D2-DEF3-4302-A5CD-011A400F0509}: NameServer=84.103.237.148 86.64.145.148 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Voila le rapport apres menu 2 de s&d -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon XP 3000+ ) BIOS : Version 07.00T USER : famille ( Administrator ) BOOT : Fail-safe boot Antivirus : Kaspersky Internet Security 8.0.0.454 (Not Activated) Firewall : Kaspersky Internet Security 8.0.0.454 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:20 Go (Free:1 Go) D:\ (Local Disk) - NTFS - Total:87 Go (Free:27 Go) E:\ (CD or DVD) G:\ (USB) S:\ (Local Disk) - NTFS - Total:6 Go (Free:1 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 06/04/2009|21:15 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\KaZaA\ammp3.dll Supprime! - C:\Program Files\KaZaA\bdupd.dll Supprime! - C:\Program Files\KaZaA\BGP2P Supprime! - C:\Program Files\KaZaA\CKGFRs.dll Supprime! - C:\Program Files\KaZaA\Db Supprime! - C:\Program Files\KaZaA\Help Supprime! - C:\Program Files\KaZaA\Kazaa.url Supprime! - C:\Program Files\KaZaA\kzscan.dll Supprime! - C:\Program Files\KaZaA\libcurl.dll Supprime! - C:\Program Files\KaZaA\libeay32.dll Supprime! - C:\Program Files\KaZaA\libssl32.dll Supprime! - C:\Program Files\KaZaA\My Channels Supprime! - C:\Program Files\KaZaA\My Search Agents Supprime! - C:\Program Files\KaZaA\My Shared Folder Supprime! - C:\Program Files\KaZaA\My Unshared Folder Supprime! - C:\Program Files\KaZaA\myshare.ico Supprime! - C:\Program Files\KaZaA\Promotions Supprime! - C:\Program Files\KaZaA\Quarantine Supprime! - C:\Program Files\KaZaA\Skins Supprime! - C:\Program Files\KaZaA\ssleay32.dll Supprime! - C:\DOCUME~1\famille\MENUDM~1\PROGRA~1\Kazaa Supprime! - C:\WINDOWS\Prefetch\P2P NETWORKING.EXE-2D369395.pf Supprime! - C:\Program Files\RXToolbar\graphics Supprime! - C:\Program Files\RXToolbar\HTML Supprime! - C:\Program Files\RXToolbar\rx.xml Supprime! - C:\Program Files\RXToolbar\rxtoolbar.cfg Supprime! - C:\Program Files\RXToolbar\rxwebsearches.xsl Supprime! - C:\Program Files\RXToolbar\sfcont.bin Supprime! - C:\WINDOWS\System32\P2P Networking Supprime! - C:\WINDOWS\downloaded program files\webp2pinstaller.dll Supprime! - D:\Temp\nsp5C.tmp Supprime! - C:\Program Files\KaZaA Supprime! - C:\Program Files\RXToolbar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\windows\\system32\\blank.htm" "Start Page"="http://www.hotmail.com/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Local Page"="C:\\windows\\system32\\blank.htm" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 06/04/2009|21:12 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 06/04/2009|21:17 - Option : [2] -----------\\ Fin du rapport a 21:17:15,51

-----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Athlon XP 3000+ ) BIOS : Version 07.00T USER : famille ( Administrator ) BOOT : Fail-safe boot Antivirus : Kaspersky Internet Security 8.0.0.454 (Not Activated) Firewall : Kaspersky Internet Security 8.0.0.454 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:20 Go (Free:1 Go) D:\ (Local Disk) - NTFS - Total:87 Go (Free:27 Go) E:\ (CD or DVD) G:\ (USB) S:\ (Local Disk) - NTFS - Total:6 Go (Free:1 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 06/04/2009|21:11 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\KaZaA C:\Program Files\KaZaA\ammp3.dll C:\Program Files\KaZaA\bdupd.dll C:\Program Files\KaZaA\BGP2P C:\Program Files\KaZaA\CKGFRs.dll C:\Program Files\KaZaA\Db C:\Program Files\KaZaA\Help C:\Program Files\KaZaA\Kazaa.url C:\Program Files\KaZaA\kzscan.dll C:\Program Files\KaZaA\libcurl.dll C:\Program Files\KaZaA\libeay32.dll C:\Program Files\KaZaA\libssl32.dll C:\Program Files\KaZaA\My Channels C:\Program Files\KaZaA\My Search Agents C:\Program Files\KaZaA\My Shared Folder C:\Program Files\KaZaA\My Unshared Folder C:\Program Files\KaZaA\myshare.ico C:\Program Files\KaZaA\Promotions C:\Program Files\KaZaA\Quarantine C:\Program Files\KaZaA\Skins C:\Program Files\KaZaA\ssleay32.dll C:\Program Files\KaZaA\BGP2P\bdcore.dll C:\Program Files\KaZaA\BGP2P\libfn.dll C:\Program Files\KaZaA\BGP2P\plugins C:\Program Files\KaZaA\Db\config.cab C:\Program Files\KaZaA\Db\d01.cab C:\Program Files\KaZaA\Db\d02.cab C:\Program Files\KaZaA\Db\data1024.dbb C:\Program Files\KaZaA\Db\data256.dbb C:\Program Files\KaZaA\Db\k7tqkgkk_tssv125.dat C:\Program Files\KaZaA\Db\np.tmp C:\Program Files\KaZaA\Help\.svn C:\Program Files\KaZaA\Help\arrow.gif C:\Program Files\KaZaA\Help\arrow_sml.gif C:\Program Files\KaZaA\Help\background.gif C:\Program Files\KaZaA\Help\h_mykazaa.gif C:\Program Files\KaZaA\Help\h_myMedia.gif C:\Program Files\KaZaA\Help\h_myplaylists.gif C:\Program Files\KaZaA\Help\icon_gold_kap.gif C:\Program Files\KaZaA\Help\myKapsules.gif C:\Program Files\KaZaA\Help\mykapsules.htm C:\Program Files\KaZaA\Help\mykazaa.css C:\Program Files\KaZaA\Help\mykazaa.htm C:\Program Files\KaZaA\Help\mymedia.htm C:\Program Files\KaZaA\Help\myplaylists.htm C:\Program Files\KaZaA\Help\spacer.gif C:\Program Files\KaZaA\Help\.svn\dir-wcprops C:\Program Files\KaZaA\Help\.svn\empty-file C:\Program Files\KaZaA\Help\.svn\entries C:\Program Files\KaZaA\Help\.svn\format C:\Program Files\KaZaA\Help\.svn\prop-base C:\Program Files\KaZaA\Help\.svn\props C:\Program Files\KaZaA\Help\.svn\README.txt C:\Program Files\KaZaA\Help\.svn\text-base C:\Program Files\KaZaA\Help\.svn\tmp C:\Program Files\KaZaA\Help\.svn\wcprops C:\Program Files\KaZaA\Help\.svn\prop-base\arrow.gif.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\arrow_sml.gif.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\background.gif.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\h_mykazaa.gif.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\h_myMedia.gif.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\h_myplaylists.gif.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\icon_gold_kap.gif.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\myKapsules.gif.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\mykapsules.htm.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\mykazaa.css.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\mykazaa.htm.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\mymedia.htm.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\myplaylists.htm.svn-base C:\Program Files\KaZaA\Help\.svn\prop-base\spacer.gif.svn-base C:\Program Files\KaZaA\Help\.svn\props\arrow.gif.svn-work C:\Program Files\KaZaA\Help\.svn\props\arrow_sml.gif.svn-work C:\Program Files\KaZaA\Help\.svn\props\background.gif.svn-work C:\Program Files\KaZaA\Help\.svn\props\h_mykazaa.gif.svn-work C:\Program Files\KaZaA\Help\.svn\props\h_myMedia.gif.svn-work C:\Program Files\KaZaA\Help\.svn\props\h_myplaylists.gif.svn-work C:\Program Files\KaZaA\Help\.svn\props\icon_gold_kap.gif.svn-work C:\Program Files\KaZaA\Help\.svn\props\myKapsules.gif.svn-work C:\Program Files\KaZaA\Help\.svn\props\mykapsules.htm.svn-work C:\Program Files\KaZaA\Help\.svn\props\mykazaa.css.svn-work C:\Program Files\KaZaA\Help\.svn\props\mykazaa.htm.svn-work C:\Program Files\KaZaA\Help\.svn\props\mymedia.htm.svn-work C:\Program Files\KaZaA\Help\.svn\props\myplaylists.htm.svn-work C:\Program Files\KaZaA\Help\.svn\props\spacer.gif.svn-work C:\Program Files\KaZaA\Help\.svn\text-base\arrow.gif.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\arrow_sml.gif.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\background.gif.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\h_mykazaa.gif.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\h_myMedia.gif.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\h_myplaylists.gif.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\icon_gold_kap.gif.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\myKapsules.gif.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\mykapsules.htm.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\mykazaa.css.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\mykazaa.htm.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\mymedia.htm.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\myplaylists.htm.svn-base C:\Program Files\KaZaA\Help\.svn\text-base\spacer.gif.svn-base C:\Program Files\KaZaA\Help\.svn\tmp\prop-base C:\Program Files\KaZaA\Help\.svn\tmp\props C:\Program Files\KaZaA\Help\.svn\tmp\text-base C:\Program Files\KaZaA\Help\.svn\tmp\wcprops C:\Program Files\KaZaA\Help\.svn\wcprops\arrow.gif.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\arrow_sml.gif.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\background.gif.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\h_mykazaa.gif.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\h_myMedia.gif.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\h_myplaylists.gif.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\icon_gold_kap.gif.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\myKapsules.gif.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\mykapsules.htm.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\mykazaa.css.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\mykazaa.htm.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\mymedia.htm.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\myplaylists.htm.svn-work C:\Program Files\KaZaA\Help\.svn\wcprops\spacer.gif.svn-work C:\Program Files\KaZaA\My Channels\Bin C:\Program Files\KaZaA\My Channels\Images C:\Program Files\KaZaA\My Channels\Bin\crazyplaygames.kcd C:\Program Files\KaZaA\My Channels\Bin\dating.kcd C:\Program Files\KaZaA\My Channels\Bin\emerging_artists.kcd C:\Program Files\KaZaA\My Channels\Bin\g_spot.kcd C:\Program Files\KaZaA\My Channels\Bin\onelove_browse.kcd C:\Program Files\KaZaA\My Channels\Bin\ringtonechannel.kcd C:\Program Files\KaZaA\My Channels\Bin\rshiphop.kcd C:\Program Files\KaZaA\My Channels\Bin\skilledgames.kcd C:\Program Files\KaZaA\My Channels\Images\crazyplaygames.bmp C:\Program Files\KaZaA\My Channels\Images\dating.bmp C:\Program Files\KaZaA\My Channels\Images\emerging_artists.bmp C:\Program Files\KaZaA\My Channels\Images\g_spot.bmp C:\Program Files\KaZaA\My Channels\Images\onelove_browse.bmp C:\Program Files\KaZaA\My Channels\Images\ringtonechannel.bmp C:\Program Files\KaZaA\My Channels\Images\rshiphop_browse.bmp C:\Program Files\KaZaA\My Channels\Images\skilledgames.bmp C:\Program Files\KaZaA\My Shared Folder\Audio - Alternative Rock.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Barrington Levy.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Electronica.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Fine Arts Militia Album.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Folk.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Funk.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Hip Hop.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Jazz.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Pop Rock.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Public Enemy Revolverlution Album.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - R&B.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - Reggae.kpl C:\Program Files\KaZaA\My Shared Folder\Audio - The Honey Palace Album.kpl C:\Program Files\KaZaA\My Shared Folder\Kazaa.lnk C:\Program Files\KaZaA\Skins\Black Glass C:\Program Files\KaZaA\Skins\Black Glass\License.txt C:\Program Files\KaZaA\Skins\Black Glass\mainbar_mykazaa.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_mykazaa_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_mykazaa_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_mykazaa_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_peer.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_peer_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_peer_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_peer_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_search.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_search_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_search_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_search_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_shop.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_shop_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_shop_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_shop_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_start.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_start_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_start_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_start_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_tell.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_tell_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_tell_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_tell_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_theatre.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_theatre_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_theatre_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_theatre_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_traffic.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_traffic_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_traffic_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mainbar_traffic_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_addtoplay.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_addtoplay_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_addtoplay_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_addtoplay_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_next.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_next_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_next_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_next_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_pause.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_pause_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_pause_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_pause_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_play.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_play_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_play_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_play_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_prev.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_prev_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_prev_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_prev_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_slider.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_sliderThumb.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_sliderThumb_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_stop.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_stop_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_stop_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_stop_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_volume.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_volume_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_volume_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mediabar_volume_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_delete.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_delete_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_delete_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_delete_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_folders.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_folders_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_folders_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_folders_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_moreinfo.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_moreinfo_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_moreinfo_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_moreinfo_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_share.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_share_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_share_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\mykazaabar_share_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_closetabs.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_closetabs_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_closetabs_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_closetabs_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_download.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_download_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_download_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_download_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_messageuser.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_messageuser_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_messageuser_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_messageuser_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_newsearch.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_newsearch_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_newsearch_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_newsearch_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_searchuser.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_searchuser_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_searchuser_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_searchuser_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_showsearch.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_showsearch_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_showsearch_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\searchbar_showsearch_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\skin.xml C:\Program Files\KaZaA\Skins\Black Glass\startbar_back.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_back_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_back_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_back_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_fwd.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_fwd_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_fwd_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_fwd_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_home.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_home_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_home_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_home_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_refresh.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_refresh_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_refresh_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_refresh_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_stop.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_stop_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_stop_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\startbar_stop_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\theatrebar_fullscreen.bmp C:\Program Files\KaZaA\Skins\Black Glass\theatrebar_fullscreen_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\theatrebar_fullscreen_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\theatrebar_fullscreen_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_cancel.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_cancel_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_cancel_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_cancel_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_pause.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_pause_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_pause_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_pause_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_resume.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_resume_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_resume_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\trafficbar_resume_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_close.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_close_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_close_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_close_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_maximise.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_maximise_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_maximise_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_maximise_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_minimise.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_minimise_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_minimise_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_minimise_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_restore.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_restore_dis.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_restore_over.bmp C:\Program Files\KaZaA\Skins\Black Glass\windowbar_restore_sel.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_btm.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_btmLeft.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_btmright.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_left.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_right.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_top.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_topleft.bmp C:\Program Files\KaZaA\Skins\Black Glass\window_topright.bmp C:\DOCUME~1\famille\MENUDM~1\PROGRA~1\Kazaa C:\WINDOWS\Prefetch\P2P NETWORKING.EXE-2D369395.pf C:\Program Files\RXToolbar C:\Program Files\RXToolbar\graphics C:\Program Files\RXToolbar\HTML C:\Program Files\RXToolbar\rx.xml C:\Program Files\RXToolbar\rxtoolbar.cfg C:\Program Files\RXToolbar\rxwebsearches.xsl C:\Program Files\RXToolbar\sfcont.bin C:\Program Files\RXToolbar\graphics\additional.gif C:\Program Files\RXToolbar\graphics\additional_active.gif C:\Program Files\RXToolbar\graphics\background.jpg C:\Program Files\RXToolbar\graphics\blue_hr_horz.GIF C:\Program Files\RXToolbar\graphics\gray_hr_horz.GIF C:\Program Files\RXToolbar\graphics\thumbtack.gif C:\Program Files\RXToolbar\graphics\thumbtack_active.gif C:\Program Files\RXToolbar\graphics\thumbtack_click.gif C:\Program Files\RXToolbar\HTML\content.htm C:\Program Files\RXToolbar\HTML\main.htm C:\WINDOWS\System32\P2P Networking C:\WINDOWS\downloaded program files\webp2pinstaller.dll D:\Temp\nsp5C.tmp -----------\\ Extensions (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\windows\\system32\\blank.htm" "Start Page"="http://www.hotmail.com/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Local Page"="C:\\windows\\system32\\blank.htm" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 06/04/2009|21:12 - Option : [1] -----------\\ Fin du rapport a 21:12:47,43

Voilà log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by famille at 2009-04-06 18:59:46 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 286 MB (1%) free of 21 GB Total RAM: 1535 MB (70% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:59:54, on 06/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\LiveUpdate\LiveUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\famille\Bureau\RSIT.exe C:\Karcher\famille.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run O4 - HKCU\..\Run: [QUAD Scheduler] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2007\\Wizard.html O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098827362531 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://girafoto.fr/uploaders/aurigma_4_5_5...geUploader4.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwared...ion_3_0_4_0.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41A2A0D2-DEF3-4302-A5CD-011A400F0509}: NameServer = 86.64.145.140 84.103.237.140 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 9566 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-17 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-17 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-17 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-28 352256] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-04 206088] "P2P Networking"=C:\WINDOWS\system32\P2P Networking\P2P Networking.exe [2009-01-31 468152] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-17 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BTCLiveUpdate"=C:\Program Files\LiveUpdate\LiveUpdate.exe [2004-03-08 430080] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] ""= [] "msnlivesearch"=C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe [2008-10-16 49152] "QUAD Scheduler"=C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe [2008-10-21 11264] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2004-10-26 61440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe [2004-10-26 417431] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-09-29 344064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] D:\Ma musique\Musique de GEORGE\LE SLAVE\WORMS\BitComet\BitComet.exe /tray [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] C:\Program Files\DNA\btdna.exe [2008-06-18 289088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe -lang 1033 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe] dxdllreg.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-08-04 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2004-01-08 65536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe [2004-06-03 32881] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-28 3660848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\wianmpa.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^famille^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk] C:\PROGRA~1\MSNPIC~1\MSNPIC~1.EXE [2007-06-06 4579328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^famille^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk] C:\PROGRA~1\OPENOF~2.3\program\QUICKS~1.EXE [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Documents and Settings\famille\Menu Démarrer\Programmes\Démarrage Outil de notification Live Search.lnk - C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-07-29 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "ConsentPromptBehaviorAdmin"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoRun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "AllowLegacyWebView"= "AllowUnhashedWebView"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA" "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client" "C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza" "D:\Ma musique\Musique de GEORGE\LE SLAVE\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Ma musique\Musique de GEORGE\LE SLAVE\TrackMania Nations ESWC\TmNationsESWC.exe:*:Disabled:TmNationsESWC" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent" "D:\Ma musique\Musique de GEORGE\LE SLAVE\g\eMule\emule.exe"="D:\Ma musique\Musique de GEORGE\LE SLAVE\g\eMule\emule.exe:*:Disabled:eMule" "C:\Documents and Settings\scoobydoo\Mes documents\Mes fichiers reçus\gabytounu3360782685\Historique\gaby\eMule\emule.exe"="C:\Documents and Settings\scoobydoo\Mes documents\Mes fichiers reçus\gabytounu3360782685\Historique\gaby\eMule\emule.exe:*:Disabled:eMule" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking" "C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa" "C:\Program Files\Team17\Worms World Party\wwp.exe"="C:\Program Files\Team17\Worms World Party\wwp.exe:*:Disabled:Worms World Party" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06d0157c-ef17-11da-a32c-000c76efce19}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs ======List of files/folders created in the last 1 months====== 2009-04-06 18:59:46 ----D---- C:\rsit 2009-04-05 13:04:22 ----D---- C:\Program Files\Photo Story 3 for Windows 2009-04-05 12:57:01 ----D---- C:\Program Files\SoftChris 2009-03-23 21:00:35 ----D---- C:\Program Files\Microsoft Sync Framework 2009-03-23 20:58:08 ----D---- C:\Program Files\Microsoft 2009-03-23 20:57:54 ----D---- C:\Program Files\Windows Live SkyDrive 2009-03-23 20:49:37 ----D---- C:\Program Files\Fichiers communs\Windows Live 2009-03-11 22:35:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 22:35:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-11 22:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ ======List of files/folders modified in the last 1 months====== 2009-04-06 18:59:50 ----D---- C:\Karcher 2009-04-06 18:59:45 ----D---- C:\WINDOWS\Prefetch 2009-04-06 18:40:31 ----D---- C:\WINDOWS\system32 2009-04-06 18:39:11 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2009-04-06 18:37:26 ----D---- C:\WINDOWS 2009-04-06 18:37:18 ----D---- C:\WINDOWS\Temp 2009-04-06 18:32:52 ----SHD---- C:\WINDOWS\Installer 2009-04-06 15:47:26 ----A---- C:\WINDOWS\NeroDigital.ini 2009-04-05 22:51:35 ----D---- C:\WINDOWS\system32\CatRoot2 2009-04-05 20:08:52 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-04-05 13:04:22 ----RD---- C:\Program Files 2009-04-01 09:23:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-23 21:55:06 ----RSD---- C:\WINDOWS\assembly 2009-03-23 21:53:32 ----D---- C:\WINDOWS\Microsoft.NET 2009-03-23 21:04:28 ----SD---- C:\Documents and Settings\famille\Application Data\Microsoft 2009-03-23 21:04:26 ----D---- C:\WINDOWS\system32\drivers 2009-03-23 21:04:25 ----HD---- C:\WINDOWS\inf 2009-03-23 21:04:17 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-23 21:04:17 ----D---- C:\Program Files\Windows Live 2009-03-23 21:01:57 ----D---- C:\WINDOWS\WinSxS 2009-03-23 21:00:51 ----SD---- C:\WINDOWS\Tasks 2009-03-23 21:00:51 ----D---- C:\Program Files\Windows Live Toolbar 2009-03-23 21:00:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-03-23 20:59:33 ----D---- C:\WINDOWS\system32\DirectX 2009-03-23 20:49:37 ----D---- C:\Program Files\Fichiers communs 2009-03-21 15:34:05 ----D---- C:\WINDOWS\Debug 2009-03-18 18:12:55 ----D---- C:\WINDOWS\system32\CatRoot 2009-03-11 22:35:29 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-03-11 22:01:37 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-27 43488] R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-04 213520] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152] R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] R2 tifsfilter;Acronis TrueImage FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2004-10-26 28096] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-01-09 601100] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-10-28 96832] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-12-05 2782208] R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592] R3 PCAlertDriver;PCAlertDriver; \??\C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys [] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 catchme;catchme; \??\D:\Temp\catchme.sys [] S3 CoolerXPDriver;CoolerXPDriver; \??\C:\Program Files\MSI\PC Alert 4\NTCooler.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-05 51056] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-05 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-05 21488] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MTK;Media Technology Kernel Driver; C:\WINDOWS\System32\Drivers\fide.sys [2004-10-28 14601] S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys [] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-10-24 38784] S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896] S3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-10-24 311936] S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 VRETRACE;VRETRACE; \??\D:\Temp\VRETRACE.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 Audiu3shss;Audiu3shss; C:\WINDOWS\system32\drivers\Audiu3shss.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2004-10-26 122880] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-17 152984] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-05 593920] S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-02-04 206088] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2004-10-26 68096] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-01-05 65795] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- et voici info.txt info.txt logfile of random's system information tool 1.06 2009-04-06 19:00:26 ======Uninstall list====== -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61FB6DAF-197D-4404-A58D-B75268F35D01}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61FB6DAF-197D-4404-A58D-B75268F35D01}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679B41F-EE6E-4727-B131-47101785420A}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x40c /remove -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acronis True Image-->C:\Program Files\Acronis\TrueImage\MediaBuilder.exe -uninstall Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01} Adobe Download Manager 2.0 (Supprimer uniquement)-->"C:\Program Files\Fichiers communs\Adobe\ESD\uninst.exe" Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x3f5c ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45} Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C} Capturino 1.4-->C:\Program Files\Capturino 1.4\Uninstal.exe CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2" Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Creative MediaSource-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x40c /remove Creative MuVo N200 Media Explorer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C679B41F-EE6E-4727-B131-47101785420A}\setup.exe" -l0x40c /remove DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0} Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976} Diaporama version 3.0.0.1-->"C:\Program Files\SoftChris\Diaporama\unins000.exe" Dofus 1.26.0-->C:\Program Files\Dofus\uninstall.exe ExcelPipe Evaluation 2.9-->"C:\Program Files\ExcelPipe\unins000.exe" Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D} ffdshow-->"C:\Program Files\Matroska Pack\ffdshow\uninstall.exe" Florensia-->C:\Program Files\InstallShield Installation Information\{9A8CE87B-CF81-48CA-B882-91445A71323F}\setup.exe -runfromtemp -l0x0009 -removeonly Free Games Offer, Desktop Shortcut-->MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66} Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF} Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe" HijackThis 2.0.2-->"C:\Karcher\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050} Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Kazaa 3.2.7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC8923CA-D7F5-46E4-98BB-E083E6E1C40D}\Setup.exe" -l0x9 --AddRemove Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LeechGet 2007 Version 2.1-->"C:\Program Files\LeechGet 2007\unins000.exe" LiveUpdate-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAFA84F8-5A33-4ACD-AD10-58356B27A0F1} Macrogaming SweetIM 2.0-->MsiExec.exe /X{D9BBFA60-4514-4F08-A78F-91957F957495} Matroska Pack (remove only)-->C:\Program Files\Matroska Pack\Uninstall.exe MaxiCompte-->"C:\Program Files\MaxiCompte\unins000.exe" Medi@Show-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\CyberLink\MediaShow\Uninst.isu" Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA} Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" MSN Pictures Displayer 4.5-->"C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe" /U MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MuVo Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\setup.exe" -l0x40c /remove Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NVIDIA nForce Drivers-->C:\WINDOWS\system32\nvuninst.exe Uninstall C:\WINDOWS\system32\NVU001.nvu,NVIDIA nForce Drivers OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585} OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} P2P Networking-->C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /UNINSTALL PC Alert 4-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\PC Alert 4\Uninst.isu" PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Photorécit 3 pour Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E} PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerPoint Slide Show Converter 3.1.2-->"C:\Program Files\DzSoft\PowerPoint Slide Show Converter\unins000.exe" QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE RGSS de RMXP version 1.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RGSS\unins000.exe" Ricarou51 Photos off 800 11-->"C:\Program Files\MagicPic4\unins000.exe" RMXP version 1.0.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RMXP\unins000.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe" SweetIM For Internet Explorer 3.0b-->MsiExec.exe /X{F6D63A65-BD23-46F3-B9A3-87F442423481} VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Webcam Video Capture 4.4.2-->"C:\Program Files\Webcam Video Capture\unins000.exe" Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919} Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E} Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353} Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Worms World Party-->C:\PROGRA~1\Team17\WORMSW~1\UNWISE.EXE C:\PROGRA~1\Team17\WORMSW~1\INSTALL.LOG XnView 1.74-->"C:\Program Files\XnView\unins000.exe" XP-AntiSpy-->"C:\Program Files\XP-AntiSpy\uninstall.exe" =====HijackThis Backups===== R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) [2008-07-21] O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateforietool.com/redirect.php (file missing) [2008-07-21] R3 - URLSearchHook: (no name) - - (no file) [2008-07-21] O2 - BHO: (no name) - {E2090673-256B-4632-94EE-FEC7F551543C} - C:\Program Files\Web Technologies\iebt.dll [2008-07-21] O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe [2008-07-21] O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Web Technologies\wcs.exe [2008-07-21] O3 - Toolbar: Internet Service - {C46F137F-2C2A-4714-AA14-323137F882AE} - C:\Program Files\Web Technologies\iebr.dll [2008-07-21] O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) [2008-07-21] O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2008-07-21] O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab [2008-07-21] O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.girafoto.fr/XUpload.ocx [2008-07-21] O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateforietool.com/redirect.php (file missing) [2008-07-21] O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} (PackageHTML) - http://acces.blonde.com/package/op/PackageHtmlCab.CAB [2008-07-21] O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.girafoto.fr/uploaders/aurigma_4...geUploader4.cab [2008-07-21] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-07-22] O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe [2008-07-22] O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) [2008-07-22] O2 - BHO: (no name) - {E2090673-256B-4632-94EE-FEC7F551543C} - C:\Program Files\Web Technologies\iebt.dll (file missing) [2008-07-22] ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Kaspersky Internet Security (disabled) (outdated) FW: Kaspersky Internet Security (disabled) ======System event log====== Computer Name: PERSO-1ML8Y5LR5 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Services Terminal Server. Record Number: 13404 Source Name: Service Control Manager Time Written: 20090311135303.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: PERSO-1ML8Y5LR5 Event Code: 14204 Message: Le service ‘WMPNetworkSvc’ a démarré. Record Number: 13403 Source Name: WMPNetworkSvc Time Written: 20090311135258.000000+060 Event Type: Informations User: Computer Name: PERSO-1ML8Y5LR5 Event Code: 1007 Message: Votre ordinateur a automatiquement configuré l'adresse IP pour la carte avec l'adresse réseau 0050FC25DAAA. L'adresse IP utilisée est 169.254.180.137. Record Number: 13402 Source Name: Dhcp Time Written: 20090311135243.000000+060 Event Type: Avertissement User: Computer Name: PERSO-1ML8Y5LR5 Event Code: 45062 Message: CRT invalid display type Record Number: 13401 Source Name: ati2mtag Time Written: 20090311135203.000000+060 Event Type: erreur User: Computer Name: PERSO-1ML8Y5LR5 Event Code: 26 Message: Application popup : : Machine Check: Regs Record Number: 13400 Source Name: Application Popup Time Written: 20090311135203.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: PERSO-1ML8Y5LR5 Event Code: 105 Message: The service was started. Record Number: 5 Source Name: Creative Service for CDROM Access Time Written: 20081215103602.000000+060 Event Type: Informations User: Computer Name: PERSO-1ML8Y5LR5 Event Code: 105 Message: The service was started. Record Number: 4 Source Name: ATI Smart Time Written: 20081215103601.000000+060 Event Type: Informations User: Computer Name: PERSO-1ML8Y5LR5 Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 3 Source Name: SecurityCenter Time Written: 20081214173620.000000+060 Event Type: Informations User: Computer Name: PERSO-1ML8Y5LR5 Event Code: 105 Message: The service was started. Record Number: 2 Source Name: Creative Service for CDROM Access Time Written: 20081214173600.000000+060 Event Type: Informations User: Computer Name: PERSO-1ML8Y5LR5 Event Code: 105 Message: The service was started. Record Number: 1 Source Name: ATI Smart Time Written: 20081214173559.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=1 "OS"=Windows_NT "Path"=C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=0a00 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "windir"=%SystemRoot% "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------

Voilà le rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:53:29, on 06/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\P2P Networking\P2P Networking.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\LiveUpdate\LiveUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Karcher\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [bTCLiveUpdate] "C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run O4 - HKCU\..\Run: [QUAD Scheduler] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\famille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2007\\Parser.html O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2007\\Wizard.html O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2007\\AddUrl.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098827362531 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://girafoto.fr/uploaders/aurigma_4_5_5...geUploader4.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwared...ion_3_0_4_0.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.girafoto.fr/uploaders/ImageUploader3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41A2A0D2-DEF3-4302-A5CD-011A400F0509}: NameServer = 86.64.145.140 84.103.237.140 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 9518 bytes

Bonjour, Depuis hier soir je n'arrive plus a avoir la main sur mon anti virus kaspersky. Je n'arrive pas à le désinstaller....ni à le réinstaller. De plus je n'arrive plus à éteindre mon ordi correctement (en passant par le menu démarrer). J'en suis à faire des extinction sauvage à l'interrupteur!! Qui peut et veut m'aider?

Ok merci de tes conseils. Je m'y mets quand je rentre à la maison ce soir. Je te tiens au courant des évènements. a bientot.

Bonjour à tous, Voilà ce qui se passe : Depuis hier j'ai quelques soucis (liés ou non ??) avec windows et Kaspersky. 1°) Le centre de sécurité windows me dit que mon ordi n'est pas protége, or j'ai kaspersky installé. 2°) J'essaie de lancer mon antivirus manuellement et je n'ai aucune réponse.... 3°) Quand je veux éteindre mon ordi, je passe par "Démarrer - Arreter" et mon ordi ne s'éteint pas. Je suis obligé de l'éteindre à la sauvage (interrupteur). J'aimerai savoir si en désinstallant ma version de kaspersky (8.0.0.454)et en installant une nouvelle(8.0.0.506), je pourrai l'activer avec ma clé ancienne version? Est ce que en faisant cela mes problèmes disparaitront? Merci de vos réponses, à bientot de vous lire. Excellente journée à tous.

Bonsoir, Faut-il que je desinstalle adobe reader version 6.0.1 et l'update 6.0.2 pour ensuite installer adobe reader 9? Cela m'apportera il des solutions?

Je sais cela comment? pour Kaspersky c'est en français

Bonsoir, désolé de me remettre si tard à l'ouvrage. 15 jours ont déjà passés!! Voilà le message :"Setup cannot update your windows XP files because the language installed on yout system is different from the update language". Le titre de la fentre de ce message est : KB943460 Setup error. J'arrive là en passant par le lien que me propose Kaspersky.

Ben j'ai des problemes au niveau mise a jour microsoft. J'ai un message qui me dit (en anglais) que la version telechargée n'est pas compatible avec la version installee ???

Merci à tous pour vos renseignements. Je vais donc me lancer dans les mises à jour. Je vous souhaite à tous plein d'excellentes choses....

Quand je fait une analyse complete de mon systeme

J'ai service pack 3. La mise à jour windows est automatique !!

Bonsoir, j'ai 14 alertes de vulnerabilités decouvert par kaspersky. Que dois-je faire? http://www.viruslist.com/fr/advisories/26201 http://www.viruslist.com/fr/advisories/31821 http://www.viruslist.com/fr/advisories/27620 http://www.viruslist.com/fr/advisories/23233 http://www.viruslist.com/fr/advisories/31010 http://www.viruslist.com/fr/advisories/30416 http://www.viruslist.com/fr/advisories/32270 http://www.viruslist.com/fr/advisories/23655 http://www.viruslist.com/fr/advisories/26027 Certains se repetent plusieurs fois.... Merci de vos réponses

Bonjour, Je dispose d'un disque dur externe. Est ce que je peux copier l'ensemble de mon disque dur interne (3 partitions), départitionner et repartionner differemment (afin d'allouer plus de place à "C" par exemple) et de recopier tout ce qu'il faut là où je le désire ??? Désolé, J'ai posé une question bête ou quoi?

Oui c'est cela. J'ai meme une partition "S" de sauvegarde dont je ne me suis jamais servi.