Tedbel

Ok, je suis ton conseil et ne m'aventure pas dans le nettoyage du registre. J'ai désinstallé ComboFix, Log S&D et Ccleaner, j'ai supprimé DSS et MSNFix. Je n'ai gardé que Antivir, MBAM et Hijack. Mes enfants ont un portable et un autre PC sur lesquels j'ai viré Avast et auxquels j'ai appliqué MBAM et Antivir. J'élimine quelques résidus et ensuite je crois que l'on pourra tous naviguer serein. Bonne nuit Tedbel PS : Je recommanderai Zebulon

Bonsoir, Excuse, je n'étais plus connecté à distance ... Voici les derniers rapports : Avira AntiVir Personal Report file date: 2008-07-27 21:18 Scanning for 1512830 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: Edouard Computer name: PC-EDOUARD Version information: BUILD.DAT : 8.1.0.326 16933 Bytes 2008-07-11 12:57:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 13:54:15 ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 2008-07-25 16:29:48 ANTIVIR3.VDF : 7.0.5.176 40960 Bytes 2008-07-26 16:28:54 Engineversion : 8.1.1.12 AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-07-09 08:46:50 AESCRIPT.DLL : 8.1.0.59 307579 Bytes 2008-07-26 16:29:55 AESCN.DLL : 8.1.0.23 119156 Bytes 2008-07-26 16:29:55 AERDL.DLL : 8.1.0.20 418165 Bytes 2008-07-09 08:46:50 AEPACK.DLL : 8.1.2.1 364917 Bytes 2008-07-26 16:29:54 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 2008-07-26 16:29:53 AEHEUR.DLL : 8.1.0.44 1343863 Bytes 2008-07-26 16:29:53 AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-09 08:46:50 AEGEN.DLL : 8.1.0.31 311669 Bytes 2008-07-26 16:29:50 AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-07-09 08:46:50 AECORE.DLL : 8.1.1.7 172406 Bytes 2008-07-26 16:29:49 AEBB.DLL : 8.1.0.1 53617 Bytes 2008-04-24 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 09:28:01 AVREP.DLL : 8.0.0.2 98561 Bytes 2008-07-26 16:29:49 AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2008-07-27 21:18 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned Scan process 'HPBPRO.EXE' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'jucheck.exe' - '1' Module(s) have been scanned Scan process 'InstantTimeZone.exe' - '1' Module(s) have been scanned Scan process 'SmartUI.exe' - '1' Module(s) have been scanned Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned Scan process 'javaw.exe' - '1' Module(s) have been scanned Scan process 'CAPM4SWK.EXE' - '1' Module(s) have been scanned Scan process 'CAPM4LAK.EXE' - '1' Module(s) have been scanned Scan process 'InstantTimeZone.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'StatusClient.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'InCD.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'scardsvr.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned Scan process 'ramaint.exe' - '1' Module(s) have been scanned Scan process 'Brmfrmps.exe' - '1' Module(s) have been scanned Scan process 'CAPM4RSK.EXE' - '1' Module(s) have been scanned Scan process 'BRSS01A.EXE' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'BRSVC01A.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'incdsrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 51 processes with 51 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '75' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\Driver Cache\i386\driver.cab [0] Archive type: CAB (Microsoft) --> 2gmgsmt.sf2 [WARNING] No further files can be extracted from this archive. The archive will be closed End of the scan: 2008-07-27 21:48 Used time: 30:48 Minute(s) The scan has been done completely. 5893 Scanning directories 351059 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 351058 Files not concerned 3771 Archives were scanned 2 Warnings 0 Notes ---------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:54, on 2008-07-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\CAPM4RSK.EXE C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.isaserver.be;*.isanet.be;info.BBL.be;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p LPT1: -pn "" -n 1 -l 1036 -sl 120000 O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Fenêtre d'état de Canon iR1510-1670.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SmartUI.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://ccff02.minfin.fgov.be/CCFF_Authenti...ure/capicom.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O17 - HKLM\Software\..\Telephony: DomainName = KESTELOOT.LOCAL O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: jajtfmsy.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 11316 bytes -------------------------------------------------------------------------------------------------------------------------------------- Un grand merci pour ton aide Un conseil s.t.p. Quel programme ou processus à employer pour l'entretien ou la remise à niveau du régistre ? Bonne soirée Super ton site ! @ + Tedbel

Il est NICKEL .. Malwarebytes' Anti-Malware 1.23 Version de la base de données: 993 Windows 5.1.2600 Service Pack 2 15:36:18 2008-07-26 mbam-log-7-26-2008 (15-36-18).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 124900 Temps écoulé: 22 minute(s), 11 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ------------------------------------------------------------------------------------------------------------------------------------------------------ Pour être complet, je viens de lancer Avast et il m'a trouvé six virus qu'l ne peut déplacer Il me les avait déjà signalé par le passé, ils sont dans : 1. Infection : Win32Bugbear-B dans C:\Documents ans settings\Edouard\Local Settings\Application Data\Microsoft\Outlook\archive.pst\Dossiers d'archivage\Partie supérieure des Dossiers Personnels\Elements envoyés\Fw DJ Middelkoop\Driver.doc.Exe 2. Infection : Win32Netsky-BY [Wim] dans C:\Documents ans settings\Edouard\Local Settings\Application Data\Microsoft\Outlook\archive.pst\Dossiers d'archivage\Partie supérieure des Dossiers Personnels\Elements envoyés\Fw \paypal_incest.zip\paypal_incest.txt.com 3. Infection : Win32Netsky-CM [Wim] dans C:\Documents ans settings\Edouard\Local Settings\Application Data\Microsoft\Outlook\archive.pst\Dossiers d'archivage\Partie supérieure des Dossiers Personnels\Elements envoyés\Fw\Important_dupont.zip\documents.txt 4. Infection : Win32Bugbear-B dans C:\Documents ans settings\Edouard\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers Personnels\Elements envoyés\Fw DJ Middelkoop\Driver.doc.Exe 5. Infection : Win32Netsky-BY [Wim] dans C:\Documents ans settings\Edouard\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers Personnels\Elements envoyés\Fw \paypal_incest.zip\paypal_incest.txt.com 6. Infection : Win32Netsky-CM [Wim] dans C:\Documents ans settings\Edouard\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst\Dossiers personnels\Partie supérieure des Dossiers Personnels\Elements envoyés\Fw\Important_dupont.zip\documents.txt Y-a t'il lieu de faire quelque chose ? Merci, tu es super ...

J'ai fait cela à distance par LogmeIn que j'ai installé sur l'ordinateur ce matin. Voici les rapports : --------------------\\ Lop S&D 4.2.2-4 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Edouard ] [ "C:\Lop SD" ] [ Selection : 2 ] [ 2008-07-26 | 14:50:07.12 ] [ PC : PC-EDOUARD ] [ MAJ : 25-07-2008 | 17:45 ] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ///////////////////////////// Supprime! - C:\DOCUME~1\Edouard\Cookies\[email protected][1].txt Supprime! - C:\DOCUME~1\Edouard\Cookies\edouard@adultfriendfinder[2].txt Supprime! - C:\DOCUME~1\Edouard\Cookies\[email protected][1].txt Supprime! - C:\DOCUME~1\Edouard\Cookies\edouard@partypoker[2].txt Supprime! - C:\DOCUME~1\Edouard\Cookies\edouard@32vegas[2].txt Supprime! - C:\DOCUME~1\Edouard\Cookies\[email protected][2].txt Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [2006-09-20|15:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe [2006-08-22|09:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [2006-09-05|17:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [2007-04-25|13:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [2006-08-22|09:35] C:\DOCUME~1\ADMINI~1.KES\APPLIC~1\desktop.ini [2007-05-22|09:55] C:\DOCUME~1\ADMINI~1.KES\APPLIC~1\Identities [2007-05-22|09:54] C:\DOCUME~1\ADMINI~1.KES\APPLIC~1\Microsoft [2008-07-18|21:50] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Adobe [2007-04-11|15:11] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\AdobeUM [2006-08-22|09:35] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\desktop.ini [2007-09-03|18:07] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Google [2006-09-06|13:58] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Identities [2007-03-28|15:20] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Macromedia [2008-07-14|18:16] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Malwarebytes [2007-09-03|18:07] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Microsoft [2008-07-25|19:37] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Mozilla [2007-06-21|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [2007-05-25|12:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems [2006-08-22|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead [2006-08-22|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [2008-02-18|14:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat [2007-05-31|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [2007-05-23|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [2008-07-26|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogMeIn [2008-07-14|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [2008-06-01|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [2007-12-19|18:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [2008-07-24|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA [2007-11-15|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [2007-08-21|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft [2008-02-18|14:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [2008-07-14|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [2007-12-17|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUIIMAGE [2006-09-05|23:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [2007-07-26|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [2007-05-24|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\zeon [2006-09-12|17:15] C:\DOCUME~1\Compta\APPLIC~1\Adobe [2006-10-13|14:26] C:\DOCUME~1\Compta\APPLIC~1\AdobeUM [2006-09-20|10:59] C:\DOCUME~1\Compta\APPLIC~1\beid-cache [2006-08-22|09:35] C:\DOCUME~1\Compta\APPLIC~1\desktop.ini [2007-02-06|12:10] C:\DOCUME~1\Compta\APPLIC~1\Help [2006-09-07|11:56] C:\DOCUME~1\Compta\APPLIC~1\Identities [2006-09-15|22:42] C:\DOCUME~1\Compta\APPLIC~1\InstallShield [2006-10-13|09:48] C:\DOCUME~1\Compta\APPLIC~1\Macromedia [2006-10-03|11:51] C:\DOCUME~1\Compta\APPLIC~1\Microsoft [2006-08-22|09:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [2006-08-22|07:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [2008-01-29|12:06] C:\DOCUME~1\Edouard\APPLIC~1\Adobe [2007-07-09|08:38] C:\DOCUME~1\Edouard\APPLIC~1\AdobeUM [2008-06-26|11:45] C:\DOCUME~1\Edouard\APPLIC~1\beid-cache [2007-05-25|10:50] C:\DOCUME~1\Edouard\APPLIC~1\Brother [2006-08-22|09:35] C:\DOCUME~1\Edouard\APPLIC~1\desktop.ini [2007-06-20|16:32] C:\DOCUME~1\Edouard\APPLIC~1\Google [2007-05-22|10:26] C:\DOCUME~1\Edouard\APPLIC~1\Help [2007-05-22|09:56] C:\DOCUME~1\Edouard\APPLIC~1\Identities [2007-05-23|11:16] C:\DOCUME~1\Edouard\APPLIC~1\InstallShield [2008-05-05|13:44] C:\DOCUME~1\Edouard\APPLIC~1\ISL Online Cache [2007-05-22|10:02] C:\DOCUME~1\Edouard\APPLIC~1\Macromedia [2008-07-14|16:39] C:\DOCUME~1\Edouard\APPLIC~1\Malwarebytes [2008-06-07|14:35] C:\DOCUME~1\Edouard\APPLIC~1\Microsoft [2008-06-11|18:48] C:\DOCUME~1\Edouard\APPLIC~1\Mozilla [2008-06-03|11:45] C:\DOCUME~1\Edouard\APPLIC~1\Notepad++ [2007-08-10|13:33] C:\DOCUME~1\Edouard\APPLIC~1\ScanSoft [2008-07-25|18:17] C:\DOCUME~1\Edouard\APPLIC~1\Skype [2008-07-25|16:07] C:\DOCUME~1\Edouard\APPLIC~1\skypePM [2007-05-30|20:00] C:\DOCUME~1\Edouard\APPLIC~1\Sun [2007-05-24|15:55] C:\DOCUME~1\Edouard\APPLIC~1\Zeon [2007-12-19|17:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help [2006-08-22|07:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [2006-08-22|07:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [2007-07-06|12:25] C:\DOCUME~1\Severine\APPLIC~1\Adobe [2006-08-22|09:35] C:\DOCUME~1\Severine\APPLIC~1\desktop.ini [2007-07-06|12:27] C:\DOCUME~1\Severine\APPLIC~1\Google [2007-07-06|12:25] C:\DOCUME~1\Severine\APPLIC~1\Identities [2007-07-06|12:27] C:\DOCUME~1\Severine\APPLIC~1\Microsoft [2006-08-22|08:07] C:\DOCUME~1\USER\APPLIC~1\Adobe [2006-08-22|08:06] C:\DOCUME~1\USER\APPLIC~1\AdobeDLM.log [2006-08-22|08:14] C:\DOCUME~1\USER\APPLIC~1\Ahead [2006-08-22|09:35] C:\DOCUME~1\USER\APPLIC~1\desktop.ini [2006-08-22|08:06] C:\DOCUME~1\USER\APPLIC~1\dm.ini [2006-08-22|07:52] C:\DOCUME~1\USER\APPLIC~1\Identities [2006-08-22|08:02] C:\DOCUME~1\USER\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [2008-07-26 14:50][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [2008-07-26 03:15][--ah-----] C:\WINDOWS\tasks\SA.DAT [2006-03-02 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [2006-08-22|08:06] C:\Program Files\Adobe [2006-08-22|08:13] C:\Program Files\Ahead [2007-08-10|12:03] C:\Program Files\Alwil Software [2008-07-14|16:50] C:\Program Files\a-squared Free [2007-06-01|18:34] C:\Program Files\BBL [2007-05-22|09:51] C:\Program Files\BOB [2007-05-25|10:33] C:\Program Files\Brother [2007-08-10|13:35] C:\Program Files\CA [2008-01-10|13:28] C:\Program Files\CapAlpha [2007-06-01|10:37] C:\Program Files\CBC-Online [2008-07-25|18:45] C:\Program Files\CCleaner [2007-12-17|15:34] C:\Program Files\Clever Age [2007-05-25|09:21] C:\Program Files\Common Files [2006-08-22|07:43] C:\Program Files\ComPlus Applications [2008-07-09|23:38] C:\Program Files\Exp2000 [2008-07-25|13:36] C:\Program Files\Fichiers communs [2007-06-01|18:36] C:\Program Files\FileZilla [2007-06-20|16:32] C:\Program Files\Google [2007-12-14|09:21] C:\Program Files\Hewlett-Packard [2007-03-28|15:22] C:\Program Files\HP [2007-06-01|18:40] C:\Program Files\ING [2007-09-05|17:02] C:\Program Files\Installation Borland Database Engine [2008-06-30|08:37] C:\Program Files\InstallShield Installation Information [2008-07-03|09:53] C:\Program Files\InstantTimeZone [2008-07-26|03:08] C:\Program Files\Internet Explorer [2007-09-03|18:07] C:\Program Files\ISABEL [2008-04-11|09:49] C:\Program Files\Java [2007-12-14|08:56] C:\Program Files\Kluwer [2008-07-26|12:04] C:\Program Files\LogMeIn [2008-07-24|19:02] C:\Program Files\Malwarebytes' Anti-Malware [2006-08-22|10:34] C:\Program Files\Messenger [2008-06-01|17:51] C:\Program Files\Messenger Plus! Live [2007-07-28|03:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2007-05-30|19:38] C:\Program Files\Microsoft CAPICOM 2.1.0.2 SDK [2007-03-27|08:10] C:\Program Files\microsoft frontpage [2007-12-17|15:33] C:\Program Files\Microsoft Office [2006-09-05|23:11] C:\Program Files\Microsoft Visual Studio [2007-07-28|03:03] C:\Program Files\Microsoft Works [2007-12-17|15:34] C:\Program Files\Microsoft.NET [2006-08-22|07:44] C:\Program Files\Movie Maker [2008-07-26|12:07] C:\Program Files\Mozilla Firefox [2007-12-17|15:33] C:\Program Files\MSECache [2006-08-22|07:42] C:\Program Files\MSN [2006-08-22|07:43] C:\Program Files\MSN Gaming Zone [2008-06-01|17:51] C:\Program Files\MSN Messenger [2006-08-22|07:53] C:\Program Files\MSXML 4.0 [2006-08-22|07:44] C:\Program Files\NetMeeting [2008-06-03|11:44] C:\Program Files\Notepad++ [2006-08-22|07:43] C:\Program Files\Online Services [2007-06-14|03:01] C:\Program Files\Outlook Express [2008-07-25|14:47] C:\Program Files\Panda Security [2006-08-22|07:59] C:\Program Files\Realtek [2007-05-25|09:15] C:\Program Files\ScanSoft [2006-08-22|07:45] C:\Program Files\Services en ligne [2007-07-02|18:21] C:\Program Files\Simple PDF [2008-02-18|14:34] C:\Program Files\Skype [2007-05-22|10:16] C:\Program Files\Snapshot Viewer [2008-07-14|16:50] C:\Program Files\Spybot - Search & Destroy [2008-07-25|15:11] C:\Program Files\Trend Micro [2006-08-22|07:52] C:\Program Files\Uninstall Information [2008-06-01|17:46] C:\Program Files\Windows Live [2007-12-01|04:01] C:\Program Files\Windows Live Favorites [2007-12-01|04:02] C:\Program Files\Windows Live Toolbar [2006-08-22|10:34] C:\Program Files\Windows Media Player [2006-08-22|07:42] C:\Program Files\Windows NT [2006-08-22|07:45] C:\Program Files\WindowsUpdate [2008-03-27|21:24] C:\Program Files\WinRAR [2006-08-22|07:47] C:\Program Files\xerox [2007-12-14|09:21] C:\Program Files\Zero G Registry --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [2007-06-22|16:01] C:\Program Files\Fichiers communs\Adobe [2007-05-25|12:37] C:\Program Files\Fichiers communs\Adobe Systems Shared [2006-08-22|08:10] C:\Program Files\Fichiers communs\Ahead [2007-05-30|16:34] C:\Program Files\Fichiers communs\Borland Shared [2007-05-23|11:18] C:\Program Files\Fichiers communs\crystal decisions [2006-09-05|23:11] C:\Program Files\Fichiers communs\DESIGNER [2007-05-25|09:21] C:\Program Files\Fichiers communs\InstallShield [2007-05-30|20:00] C:\Program Files\Fichiers communs\Java [2008-07-26|03:04] C:\Program Files\Fichiers communs\Microsoft Shared [2006-08-22|07:44] C:\Program Files\Fichiers communs\MSSoap [2006-08-22|09:35] C:\Program Files\Fichiers communs\ODBC [2007-08-10|13:33] C:\Program Files\Fichiers communs\ScanSoft Shared [2006-08-22|07:44] C:\Program Files\Fichiers communs\Services [2008-02-18|14:34] C:\Program Files\Fichiers communs\Skype [2006-08-22|09:35] C:\Program Files\Fichiers communs\SpeechEngines [2007-03-28|15:20] C:\Program Files\Fichiers communs\SWF Studio [2007-11-23|17:01] C:\Program Files\Fichiers communs\System --------------------\\ Process ( 55 Processus ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-26 14:51:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:35][D:6]-> C:\DOCUME~1\Edouard\LOCALS~1\Temp [F:142][D:0]-> C:\DOCUME~1\Edouard\Cookies [F:445][D:8]-> C:\DOCUME~1\Edouard\LOCALS~1\TEMPOR~1\content.IE5 --------------------\\ Fin du rapport a 14:52:03.46 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:55, on 2008-07-26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CAPM4RSK.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.isaserver.be;*.isanet.be;info.BBL.be;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p LPT1: -pn "" -n 1 -l 1036 -sl 120000 O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Fenêtre d'état de Canon iR1510-1670.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SmartUI.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://ccff02.minfin.fgov.be/CCFF_Authenti...ure/capicom.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O17 - HKLM\Software\..\Telephony: DomainName = KESTELOOT.LOCAL O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 11374 bytes Merci @+

Salut, je reviens sur la [email protected] Voici le rapport LogR.txt --------------------\\ Lop S&D 4.2.2-4 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Edouard ] [ "C:\Lop SD" ] [ Selection : 1 ] [ 2008-07-26 | 11:25:54.99 ] [ PC : PC-EDOUARD ] [ MAJ : 25-07-2008 | 17:45 ] --------------------\\ Listing des dossiers dans APPLIC~1 [2006-09-20|15:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe [2006-08-22|09:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [2006-09-05|17:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [2007-04-25|13:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [2006-08-22|09:35] C:\DOCUME~1\ADMINI~1.KES\APPLIC~1\desktop.ini [2007-05-22|09:55] C:\DOCUME~1\ADMINI~1.KES\APPLIC~1\Identities [2007-05-22|09:54] C:\DOCUME~1\ADMINI~1.KES\APPLIC~1\Microsoft [2008-07-18|21:50] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Adobe [2007-04-11|15:11] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\AdobeUM [2006-08-22|09:35] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\desktop.ini [2007-09-03|18:07] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Google [2006-09-06|13:58] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Identities [2007-03-28|15:20] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Macromedia [2008-07-14|18:16] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Malwarebytes [2007-09-03|18:07] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Microsoft [2008-07-25|19:37] C:\DOCUME~1\ADMINI~1.PC-\APPLIC~1\Mozilla [2007-06-21|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [2007-05-25|12:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems [2006-08-22|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead [2006-08-22|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [2008-02-18|14:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ezsid.dat [2007-05-31|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [2007-05-23|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [2008-07-01|11:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch [2008-07-14|16:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [2008-06-01|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [2007-12-19|18:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [2008-07-24|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA [2007-11-15|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [2007-08-21|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft [2008-02-18|14:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [2008-07-14|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [2007-12-17|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUIIMAGE [2006-09-05|23:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [2007-07-26|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [2007-05-24|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\zeon [2006-09-12|17:15] C:\DOCUME~1\Compta\APPLIC~1\Adobe [2006-10-13|14:26] C:\DOCUME~1\Compta\APPLIC~1\AdobeUM [2006-09-20|10:59] C:\DOCUME~1\Compta\APPLIC~1\beid-cache [2006-08-22|09:35] C:\DOCUME~1\Compta\APPLIC~1\desktop.ini [2007-02-06|12:10] C:\DOCUME~1\Compta\APPLIC~1\Help [2006-09-07|11:56] C:\DOCUME~1\Compta\APPLIC~1\Identities [2006-09-15|22:42] C:\DOCUME~1\Compta\APPLIC~1\InstallShield [2006-10-13|09:48] C:\DOCUME~1\Compta\APPLIC~1\Macromedia [2006-10-03|11:51] C:\DOCUME~1\Compta\APPLIC~1\Microsoft [2006-08-22|09:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [2006-08-22|07:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [2008-01-29|12:06] C:\DOCUME~1\Edouard\APPLIC~1\Adobe [2007-07-09|08:38] C:\DOCUME~1\Edouard\APPLIC~1\AdobeUM [2008-06-26|11:45] C:\DOCUME~1\Edouard\APPLIC~1\beid-cache [2007-05-25|10:50] C:\DOCUME~1\Edouard\APPLIC~1\Brother [2006-08-22|09:35] C:\DOCUME~1\Edouard\APPLIC~1\desktop.ini [2007-06-20|16:32] C:\DOCUME~1\Edouard\APPLIC~1\Google [2007-05-22|10:26] C:\DOCUME~1\Edouard\APPLIC~1\Help [2007-05-22|09:56] C:\DOCUME~1\Edouard\APPLIC~1\Identities [2007-05-23|11:16] C:\DOCUME~1\Edouard\APPLIC~1\InstallShield [2008-05-05|13:44] C:\DOCUME~1\Edouard\APPLIC~1\ISL Online Cache [2007-05-22|10:02] C:\DOCUME~1\Edouard\APPLIC~1\Macromedia [2008-07-14|16:39] C:\DOCUME~1\Edouard\APPLIC~1\Malwarebytes [2008-06-07|14:35] C:\DOCUME~1\Edouard\APPLIC~1\Microsoft [2008-06-11|18:48] C:\DOCUME~1\Edouard\APPLIC~1\Mozilla [2008-06-03|11:45] C:\DOCUME~1\Edouard\APPLIC~1\Notepad++ [2007-08-10|13:33] C:\DOCUME~1\Edouard\APPLIC~1\ScanSoft [2008-07-25|18:17] C:\DOCUME~1\Edouard\APPLIC~1\Skype [2008-07-25|16:07] C:\DOCUME~1\Edouard\APPLIC~1\skypePM [2007-05-30|20:00] C:\DOCUME~1\Edouard\APPLIC~1\Sun [2007-05-24|15:55] C:\DOCUME~1\Edouard\APPLIC~1\Zeon [2007-12-19|17:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help [2006-08-22|07:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [2006-08-22|07:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [2007-07-06|12:25] C:\DOCUME~1\Severine\APPLIC~1\Adobe [2006-08-22|09:35] C:\DOCUME~1\Severine\APPLIC~1\desktop.ini [2007-07-06|12:27] C:\DOCUME~1\Severine\APPLIC~1\Google [2007-07-06|12:25] C:\DOCUME~1\Severine\APPLIC~1\Identities [2007-07-06|12:27] C:\DOCUME~1\Severine\APPLIC~1\Microsoft [2006-08-22|08:07] C:\DOCUME~1\USER\APPLIC~1\Adobe [2006-08-22|08:06] C:\DOCUME~1\USER\APPLIC~1\AdobeDLM.log [2006-08-22|08:14] C:\DOCUME~1\USER\APPLIC~1\Ahead [2006-08-22|09:35] C:\DOCUME~1\USER\APPLIC~1\desktop.ini [2006-08-22|08:06] C:\DOCUME~1\USER\APPLIC~1\dm.ini [2006-08-22|07:52] C:\DOCUME~1\USER\APPLIC~1\Identities [2006-08-22|08:02] C:\DOCUME~1\USER\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [2008-07-26 10:50][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [2008-07-26 03:15][--ah-----] C:\WINDOWS\tasks\SA.DAT [2006-03-02 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [2006-08-22|08:06] C:\Program Files\Adobe [2006-08-22|08:13] C:\Program Files\Ahead [2007-08-10|12:03] C:\Program Files\Alwil Software [2008-07-14|16:50] C:\Program Files\a-squared Free [2007-06-01|18:34] C:\Program Files\BBL [2007-05-22|09:51] C:\Program Files\BOB [2007-05-25|10:33] C:\Program Files\Brother [2007-08-10|13:35] C:\Program Files\CA [2008-01-10|13:28] C:\Program Files\CapAlpha [2007-06-01|10:37] C:\Program Files\CBC-Online [2008-07-25|18:45] C:\Program Files\CCleaner [2007-12-17|15:34] C:\Program Files\Clever Age [2007-05-25|09:21] C:\Program Files\Common Files [2006-08-22|07:43] C:\Program Files\ComPlus Applications [2008-07-09|23:38] C:\Program Files\Exp2000 [2008-07-25|13:36] C:\Program Files\Fichiers communs [2007-06-01|18:36] C:\Program Files\FileZilla [2007-06-20|16:32] C:\Program Files\Google [2007-12-14|09:21] C:\Program Files\Hewlett-Packard [2007-03-28|15:22] C:\Program Files\HP [2007-06-01|18:40] C:\Program Files\ING [2007-09-05|17:02] C:\Program Files\Installation Borland Database Engine [2008-06-30|08:37] C:\Program Files\InstallShield Installation Information [2008-07-03|09:53] C:\Program Files\InstantTimeZone [2008-07-26|03:08] C:\Program Files\Internet Explorer [2007-09-03|18:07] C:\Program Files\ISABEL [2008-04-11|09:49] C:\Program Files\Java [2007-12-14|08:56] C:\Program Files\Kluwer [2008-07-24|19:02] C:\Program Files\Malwarebytes' Anti-Malware [2006-08-22|10:34] C:\Program Files\Messenger [2008-06-01|17:51] C:\Program Files\Messenger Plus! Live [2007-07-28|03:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2007-05-30|19:38] C:\Program Files\Microsoft CAPICOM 2.1.0.2 SDK [2007-03-27|08:10] C:\Program Files\microsoft frontpage [2007-12-17|15:33] C:\Program Files\Microsoft Office [2006-09-05|23:11] C:\Program Files\Microsoft Visual Studio [2007-07-28|03:03] C:\Program Files\Microsoft Works [2007-12-17|15:34] C:\Program Files\Microsoft.NET [2006-08-22|07:44] C:\Program Files\Movie Maker [2008-07-26|11:21] C:\Program Files\Mozilla Firefox [2007-12-17|15:33] C:\Program Files\MSECache [2006-08-22|07:42] C:\Program Files\MSN [2006-08-22|07:43] C:\Program Files\MSN Gaming Zone [2008-06-01|17:51] C:\Program Files\MSN Messenger [2006-08-22|07:53] C:\Program Files\MSXML 4.0 [2006-08-22|07:44] C:\Program Files\NetMeeting [2008-06-03|11:44] C:\Program Files\Notepad++ [2006-08-22|07:43] C:\Program Files\Online Services [2007-06-14|03:01] C:\Program Files\Outlook Express [2008-07-25|14:47] C:\Program Files\Panda Security [2006-08-22|07:59] C:\Program Files\Realtek [2007-05-25|09:15] C:\Program Files\ScanSoft [2006-08-22|07:45] C:\Program Files\Services en ligne [2007-07-02|18:21] C:\Program Files\Simple PDF [2008-02-18|14:34] C:\Program Files\Skype [2007-05-22|10:16] C:\Program Files\Snapshot Viewer [2008-07-14|16:50] C:\Program Files\Spybot - Search & Destroy [2008-07-25|15:11] C:\Program Files\Trend Micro [2006-08-22|07:52] C:\Program Files\Uninstall Information [2008-06-01|17:46] C:\Program Files\Windows Live [2007-12-01|04:01] C:\Program Files\Windows Live Favorites [2007-12-01|04:02] C:\Program Files\Windows Live Toolbar [2006-08-22|10:34] C:\Program Files\Windows Media Player [2006-08-22|07:42] C:\Program Files\Windows NT [2006-08-22|07:45] C:\Program Files\WindowsUpdate [2008-03-27|21:24] C:\Program Files\WinRAR [2006-08-22|07:47] C:\Program Files\xerox [2007-12-14|09:21] C:\Program Files\Zero G Registry --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [2007-06-22|16:01] C:\Program Files\Fichiers communs\Adobe [2007-05-25|12:37] C:\Program Files\Fichiers communs\Adobe Systems Shared [2006-08-22|08:10] C:\Program Files\Fichiers communs\Ahead [2007-05-30|16:34] C:\Program Files\Fichiers communs\Borland Shared [2007-05-23|11:18] C:\Program Files\Fichiers communs\crystal decisions [2006-09-05|23:11] C:\Program Files\Fichiers communs\DESIGNER [2007-05-25|09:21] C:\Program Files\Fichiers communs\InstallShield [2007-05-30|20:00] C:\Program Files\Fichiers communs\Java [2008-07-26|03:04] C:\Program Files\Fichiers communs\Microsoft Shared [2006-08-22|07:44] C:\Program Files\Fichiers communs\MSSoap [2006-08-22|09:35] C:\Program Files\Fichiers communs\ODBC [2007-08-10|13:33] C:\Program Files\Fichiers communs\ScanSoft Shared [2006-08-22|07:44] C:\Program Files\Fichiers communs\Services [2008-02-18|14:34] C:\Program Files\Fichiers communs\Skype [2006-08-22|09:35] C:\Program Files\Fichiers communs\SpeechEngines [2007-03-28|15:20] C:\Program Files\Fichiers communs\SWF Studio [2007-11-23|17:01] C:\Program Files\Fichiers communs\System --------------------\\ Process ( 49 Processus ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\ALLUSE~1\APPLIC~1\Long slow road itch C:\DOCUME~1\Edouard\Cookies\[email protected][1].txt C:\DOCUME~1\Edouard\Cookies\edouard@adultfriendfinder[2].txt C:\DOCUME~1\Edouard\Cookies\[email protected][1].txt C:\DOCUME~1\Edouard\Cookies\edouard@partypoker[2].txt C:\DOCUME~1\Edouard\Cookies\edouard@32vegas[2].txt C:\DOCUME~1\Edouard\Cookies\[email protected][2].txt --------------------\\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-26 11:27:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:34][D:5]-> C:\DOCUME~1\Edouard\LOCALS~1\Temp [F:148][D:0]-> C:\DOCUME~1\Edouard\Cookies [F:442][D:8]-> C:\DOCUME~1\Edouard\LOCALS~1\TEMPOR~1\content.IE5 --------------------\\ Fin du rapport a 11:27:54.87 Bonne journée A +

Voici les rapports : Main.txt : Deckard's System Scanner v20071014.68 Run by Administrateur on 2008-07-25 19:34:02 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 4 Restore Point(s) -- 4: 2008-07-25 17:34:10 UTC - RP4 - Deckard's System Scanner Restore Point 3: 2008-07-25 11:49:02 UTC - RP3 - Software Distribution Service 3.0 2: 2008-07-25 11:33:52 UTC - RP2 - ComboFix created restore point 1: 2008-07-25 11:31:17 UTC - RP1 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Administrateur.exe) -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:35:09, on 25/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CAPM4RSK.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Documents and Settings\Administrateur.PC-COMPTA\Bureau\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrateur.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p LPT1: -pn "" -n 1 -l 1036 -sl 120000 O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-2454988912-795016585-332110382-1112\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Edouard') O4 - HKUS\S-1-5-21-2454988912-795016585-332110382-1112\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Edouard') O4 - Global Startup: Fenêtre d'état de Canon iR1510-1670.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SmartUI.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://ccff02.minfin.fgov.be/CCFF_Authenti...ure/capicom.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O17 - HKLM\Software\..\Telephony: DomainName = KESTELOOT.LOCAL O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 10883 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080725-181058-449 O16 - DPF: {1D46BE0D-C314-4E20-A291-D1E66265725A} (CryptoActiveX Control) - https://business.isabel.be/OfficeSignTestYo...yptoActiveX.ocx backup-20080725-181058-669 O2 - BHO: (no name) - {DFF03FB7-D8BF-4304-BF4B-9EEB23C5557D} - C:\WINDOWS\system32\hgGaaBrS.dll (file missing) backup-20080725-181058-687 O2 - BHO: (no name) - {AF371985-BC07-4A73-AF97-1EE573EAFD15} - C:\WINDOWS\system32\opnnmNEw.dll (file missing) backup-20080725-181100-124 O16 - DPF: {B5C31DCB-8469-4EB7-8355-EBBD63944C18} (UTCRegistration Control) - https://business.isabel.be/OfficeSignRegist...egistration.cab backup-20080725-181101-517 O20 - Winlogon Notify: khfghffD - khfghffD.dll (file missing) backup-20080725-181101-920 O20 - Winlogon Notify: ljJCvwTK - ljJCvwTK.dll (file missing) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 catchme - c:\combofix\catchme.sys (file missing) S3 LMImirr - c:\windows\system32\drivers\lmimirr.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-07-25 18:50:03 256 --a------ C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job -- Files created between 2008-06-25 and 2008-07-25 ----------------------------- 2008-07-25 19:15:33 0 dr-h----- C:\Documents and Settings\Administrateur.PC-COMPTA\Recent 2008-07-25 18:45:10 0 d-------- C:\Program Files\CCleaner 2008-07-25 15:11:54 0 d-------- C:\Program Files\Trend Micro 2008-07-25 14:47:27 0 d-------- C:\Program Files\Panda Security 2008-07-25 13:38:15 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec> 2008-07-25 13:35:04 0 d-------- C:\cmdcons 2008-07-25 13:30:46 68096 --a------ C:\WINDOWS\zip.exe 2008-07-25 13:30:46 49152 --a------ C:\WINDOWS\VFind.exe 2008-07-25 13:30:46 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-07-25 13:30:46 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-07-25 13:30:46 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-07-25 13:30:46 98816 --a------ C:\WINDOWS\sed.exe 2008-07-25 13:30:46 80412 --a------ C:\WINDOWS\grep.exe 2008-07-25 13:30:46 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-07-24 15:04:15 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA 2008-07-18 22:24:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-07-14 18:57:25 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-07-14 18:57:25 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-07-14 18:57:25 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-07-14 18:57:25 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-07-14 18:57:24 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-07-14 18:57:24 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-07-14 18:57:24 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-07-14 18:57:23 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-07-14 18:16:04 0 d-------- C:\Documents and Settings\Administrateur.PC-COMPTA\Application Data\Malwarebytes 2008-07-14 17:40:47 4702 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-14 16:39:55 0 d-------- C:\Documents and Settings\Edouard\Application Data\Malwarebytes 2008-07-14 16:39:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-14 16:39:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-03 09:52:01 0 d-------- C:\Program Files\InstantTimeZone 2008-07-01 10:47:39 0 d-------- C:\WINDOWS\pss 2008-06-30 09:03:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-26 11:39:39 0 d-------- C:\Documents and Settings\Edouard\Application Data\beid-cache -- Find3M Report --------------------------------------------------------------- 2008-07-25 13:36:41 0 d-------- C:\Program Files\Fichiers communs 2008-07-18 21:50:48 0 d-------- C:\Documents and Settings\Administrateur.PC-COMPTA\Application Data\Adobe 2008-07-14 16:50:30 0 d-------- C:\Program Files\a-squared Free 2008-07-09 23:38:38 0 d-------- C:\Program Files\Exp2000 2008-06-30 08:37:43 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-11 18:50:43 1160 --a------ C:\WINDOWS\mozver.dat 2008-06-11 18:48:39 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-03 11:44:24 0 d-------- C:\Program Files\Notepad++ 2008-06-01 17:51:35 0 d-------- C:\Program Files\MSN Messenger 2008-06-01 17:51:35 0 d-------- C:\Program Files\Messenger Plus! Live 2008-06-01 17:46:48 0 d-------- C:\Program Files\Windows Live -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [15/10/2005 03:51 C:\WINDOWS\RTHDCPL.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [09/03/2004 19:27] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [02/03/2006 14:00] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [07/01/2004 13:02] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [24/09/2005 07:30] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/08/2006 15:43] "nwiz"="nwiz.exe" [11/08/2006 15:43 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11/08/2006 15:43] "StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [27/02/2004 19:29] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [20/05/2004 18:40] "HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe" [31/03/2003 19:32] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/03/2006 14:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/06/2007 10:31] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Fenˆtre d'‚tat de Canon iR1510-1670.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE [19/12/2007 16:55:52] InstantTimeZone.lnk - C:\Program Files\InstantTimeZone\InstantTimeZone.exe [29/04/2007 17:09:01] Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [25/05/2007 12:37:47] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 21:05:26] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 9:01:04] SmartUI.lnk - C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe [6/02/2003 16:07:12] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{E4C232D9-4310-4F47-8BD1-1E61975F2505}"= C:\WINDOWS\system32\khfghffD.dll [ ] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" *Newly Created Service* - PAVBOOT -- End of Deckard's System Scanner: finished at 2008-07-25 19:35:54 ------------ ----------------------------------------------------------------------------------------------------------------------------- Extra.txt : Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professionnel (build 2600) SP 2.0 Architecture: X86; Language: French CPU 0: Intel® Pentium® D CPU 2.80GHz CPU 1: Intel® Pentium® D CPU 2.80GHz Percentage of Memory in Use: 44% Physical Memory (total/avail): 958.48 MiB / 530.75 MiB Pagefile Memory (total/avail): 2313.73 MiB / 1952.95 MiB Virtual Memory (total/avail): 2047.88 MiB / 1921.07 MiB A: is Removable (Unformatted) C: is Fixed (NTFS) - 37.27 GiB total, 21.2 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD400JD-00LSA0 - 37.27 GiB - 1 partition \PARTITION0 (bootable) - Système de fichiers installable - 37.27 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: avast! antivirus 4.8.1201 [VPS 080725-1] v4.8.1201 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe:*:Enabled:javaw" "C:\\WINDOWS\\system32\\CAPM4RSK.EXE"="C:\\WINDOWS\\system32\\CAPM4RSK.EXE:*:Enabled:Canon iR1510-1670 RPC Server Process" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\WINDOWS\\system32\\ntvdm.exe"="C:\\WINDOWS\\system32\\ntvdm.exe:*:Enabled:NTVDM.EXE" "C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe:*:Disabled:javaw" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrateur.PC-COMPTA\Application Data CommonProgramFiles=C:\Program Files\Fichiers communs COMPUTERNAME=PC-EDOUARD ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrateur.PC-COMPTA LOGONSERVER=\\PC-EDOUARD NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\isabel\bin;c:\isabel\maxware;c:\progra~1\ca\shared~1\scanen~1 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0604 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1.PC-\LOCALS~1\Temp TMP=C:\DOCUME~1\ADMINI~1.PC-\LOCALS~1\Temp USERDOMAIN=PC-EDOUARD USERNAME=Administrateur USERPROFILE=C:\Documents and Settings\Administrateur.PC-COMPTA windir=C:\WINDOWS __COMPAT_LAYER=DisableNXShowUI -- User Profiles --------------------------------------------------------------- Severine (new local, net ready) Edouard (admin) Administrateur.KESTELOOT (new local, admin, net ready) Compta (admin) juana administrateur (admin) USER (admin) Administrateur.PC-COMPTA (admin) -- Add/Remove Programs --------------------------------------------------------- --> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Add-in ODF pour Microsoft Word --> MsiExec.exe /I{8D774B5B-A1D9-45B3-AFB4-3F85604961BC} Adobe Acrobat 7.0.5 Professional - English, Français, Deutsch --> msiexec /I {AC76BA86-1033-F400-7760-000000000002} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0.8 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70800000002} Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Barre d'outils Outlook de Windows Live (Windows Live Toolbar) --> MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45} Bloqueur de fenêtres pop-up (Windows Live Toolbar) --> MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C} Borland Database Engine v5.0.1.33 --> "C:\Program Files\Installation Borland Database Engine\unins000.exe" Brother MFL Pro --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7CB56B9-1059-4729-8F2C-5D49E515CBF5}\Setup.exe" -l0x40c Brunin03.dllBrunin03.dll Canon iR1510-1670 --> C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPM4UNK.EXE CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Correctif pour Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe" Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Correctif Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Crystal Reports 9.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1062E2EE-2547-4D37-8588-2133878F255D}\setup.exe" -l0x40c -removeonly Détecteur de flux Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976} Expert/m for Windows-Office 2000 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85363530-7EEC-47EF-9308-3D79F6CDB53C}\Setup.exe" -l0x40c Extension de Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D} Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall hp LaserJet 1160/1320 series --> MsiExec.exe /x {7F04B272-E0DD-47E7-8B55-D97483DB0EBD} HP Software Update --> MsiExec.exe /X{90B5E602-1867-449D-86FD-FC9DEA4434BF} InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL InstantTimeZone --> C:\Program Files\InstantTimeZone\uninstall.exe Isabel Business Suite 5.01 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39118C8C-0F3C-4B41-821E-8CE2F9553D92}\setup.exe" Isabel: Dexia --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE8A5E9B-929B-4FF1-9732-34E5DA6C9B8C}\setup.exe" -uninst Isabel: Fortis --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAE30209-DDEC-4F93-8215-8B6481800146}\setup.exe" -uninst Isabel: ING --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{517E027B-B0C3-4109-AB35-FDD7754C3A43}\setup.exe" -uninst Isabel: KBC/CBC --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{270D89FC-B90A-4381-9C78-D626E39AD2FA}\setup.exe" -uninst Java 2 Runtime Environment, SE v1.4.2_14 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142140} Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Kaspersky On-line Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Menus intelligents (Windows Live Toolbar) --> MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929} Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Access 2000 SR-1 Runtime --> MsiExec.exe /I{00180409-78E1-11D2-B60F-006097C998E7} Microsoft CAPICOM 2.1.0.2 SDK --> MsiExec.exe /I{2FF43F5D-5729-4E02-A548-310E30A5F29B} Microsoft Office 2003 Primary Interop Assemblies --> MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9} Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA040C-6000-11D3-8CFE-0150048383C9} Microsoft Office XP Professional avec FrontPage --> MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB911164) --> Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Montpellier Business Plan Classic --> MsiExec.exe /I{EDA1C1F7-F27E-4B20-B9BC-39964452DBB1} Mozilla Firefox (2.0.0.16) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL Notepad++ --> C:\Program Files\Notepad++\uninstall.exe NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585} Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PaperPort 8.0 SE --> MsiExec.exe /I{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234} REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x40c REMOVE Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Services Off-line de Home'Bank 4.03 --> "C:\Program Files\ING\Off-line\unins000.exe" Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Table Update Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FBC278F-F6ED-4D22-AA96-C68A38446AF5}\setup.exe" Windows Live Favorites pour Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D} Windows Live Toolbar --> MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D} -- Application Event Log ------------------------------------------------------- Event Record #/Type4927 / Warning Event Submitted/Written: 07/25/2008 07:17:23 PM Event ID/Source: 4356 / EventSystem Event Description: Le système d'événements de COM+ n'a pas pu créer d'instance de l'abonné partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject a renvoyé HRESULT 8000401A. Event Record #/Type4926 / Warning Event Submitted/Written: 07/25/2008 07:17:21 PM Event ID/Source: 32068 / Microsoft Fax Event Description: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement. Code de pays/région : '*' Indicatif régional : '*' Event Record #/Type4925 / Warning Event Submitted/Written: 07/25/2008 07:17:21 PM Event ID/Source: 32026 / Microsoft Fax Event Description: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI). Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé. Event Record #/Type4921 / Error Event Submitted/Written: 07/25/2008 06:54:37 PM Event ID/Source: 1 / nview_info Event Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (thread 0xa90) (cmdName:Explorer.EXE) WindowManager.cpp 3329 Event Record #/Type4920 / Error Event Submitted/Written: 07/25/2008 06:54:37 PM Event ID/Source: 1 / nview_info Event Description: NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (tid: 0xa90) (pid: 0xfd0) -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type69328 / Error Event Submitted/Written: 07/23/2008 00:34:01 AM Event ID/Source: 10006 / DCOM Event Description: DCOM a reçu l'erreur "%SERVEUR147746132" de l'ordinateur SERVEUR lors de l'activation du serveur : {5A5AA0AA-1DEB-4683-96B0-B43301E83971} Event Record #/Type69327 / Error Event Submitted/Written: 07/23/2008 00:34:00 AM Event ID/Source: 10006 / DCOM Event Description: DCOM a reçu l'erreur "%SERVEUR147746132" de l'ordinateur SERVEUR lors de l'activation du serveur : {5A5AA0AA-1DEB-4683-96B0-B43301E83971} Event Record #/Type69326 / Error Event Submitted/Written: 07/23/2008 00:34:00 AM Event ID/Source: 10006 / DCOM Event Description: DCOM a reçu l'erreur "%SERVEUR147746132" de l'ordinateur SERVEUR lors de l'activation du serveur : {5A5AA0AA-1DEB-4683-96B0-B43301E83971} Event Record #/Type69325 / Error Event Submitted/Written: 07/23/2008 00:33:24 AM Event ID/Source: 10006 / DCOM Event Description: DCOM a reçu l'erreur "%SERVEUR147746132" de l'ordinateur SERVEUR lors de l'activation du serveur : {5A5AA0AA-1DEB-4683-96B0-B43301E83971} Event Record #/Type69324 / Error Event Submitted/Written: 07/23/2008 00:33:24 AM Event ID/Source: 10006 / DCOM Event Description: DCOM a reçu l'erreur "%SERVEUR147746132" de l'ordinateur SERVEUR lors de l'activation du serveur : {5A5AA0AA-1DEB-4683-96B0-B43301E83971} -- End of Deckard's System Scanner: finished at 2008-07-25 19:35:54 ------------ J'espère que cela pourra aider A + Tedbel

J'ai du le faire en administrateur MSNFix 1.735 C:\Documents and Settings\Administrateur.PC-COMPTA\Bureau\MSNFix\MSNFix Fix exécuté le ven. 25/07/2008 - 19:12:43,90 By Administrateur mode sans échec ************************ Recherche les fichiers présents Aucun Fichier trouvé ************************ Recherche les dossiers présents Aucun dossier trouvé ************************ Fichiers suspects /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention [C:\WINDOWS\system32\Wint351.exe] 81E6A16BBD2F41A44F8794CA269AC66A ==> SVP merci d'envoyer le fichier C:\DOCUME~1\ADMINI~1.PC-\Bureau\Upload_Me.zip sur http://upload.changelog.fr ************************ HKLM\...\Winlogon\Userinit Userinit = C:\WINDOWS\system32\userinit.exe, Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- Aucun Fichier trouvé ************************ Fichiers suspects /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention [C:\WINDOWS\system32\Wint351.exe] 81E6A16BBD2F41A44F8794CA269AC66A ==> SVP merci d'envoyer le fichier C:\DOCUME~1\Edouard\Bureau\Upload_Me.zip sur http://upload.changelog.fr Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 2008-07-25_191739.71.zip ************************ HKLM\...\Winlogon\Userinit Userinit = C:\WINDOWS\system32\userinit.exe, Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:19, on 2008-07-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CAPM4RSK.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\WINDOWS\system32\userinit.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.isaserver.be;*.isanet.be;info.BBL.be;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p LPT1: -pn "" -n 1 -l 1036 -sl 120000 O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Fenêtre d'état de Canon iR1510-1670.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SmartUI.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://ccff02.minfin.fgov.be/CCFF_Authenti...ure/capicom.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O17 - HKLM\Software\..\Telephony: DomainName = KESTELOOT.LOCAL O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 10773 bytes Merci de votre patience Tedbel

OK je vais essayer A + Tedbel

J'ai vérifié, il n'y a rien de plus dans le fichier combofix.txt. Dois-je relancer, le ComboFix ? A +

J'ai fait comme tu as dis mais cela n'a rien donné Je te joins les log de Malwarebytes et je relance un scan: Malwarebytes' Anti-Malware 1.23 Version de la base de données: 990 Windows 5.1.2600 Service Pack 2 16:43:40 2008-07-25 mbam-log-7-25-2008 (16-43-40).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 124891 Temps écoulé: 27 minute(s), 11 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ------------------------------------------------------------------------------------------------------------------------------------------ Malwarebytes' Anti-Malware 1.23 Version de la base de données: 990 Windows 5.1.2600 Service Pack 2 12:22:11 25/07/2008 mbam-log-7-25-2008 (12-22-11).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 124735 Temps écoulé: 23 minute(s), 32 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) -------------------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.23 Version de la base de données: 990 Windows 5.1.2600 Service Pack 2 11:45:55 25/07/2008 mbam-log-7-25-2008 (11-45-55).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 124503 Temps écoulé: 27 minute(s), 3 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) A + Merci pour l'aide, je suis perdu

Salut, J'ai été infecté par Vundo. J'ai utilisé Avast, puis Malwarebytes, mais il reste en permanence des Malware.Trace de MS Juan J'ai téléchargé ComboFix.Exe et ai scanné mon PC. Il m'a été conseillé dans le tuto que j'ai conculté d'envoyer le log sur un forum au cas où il reste des résidus d'infection (Ce qu'Avast a détecté). Quelqu'un peut-il interpréter le rapport ComboFix.Exe que voici : ComboFix 08-07-24.3 - Edouard 2008-07-25 13:35:27.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.535 [GMT 2:00] Endroit: C:\Documents and Settings\Edouard\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Edouard\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\aqagrrot.ini C:\WINDOWS\system32\avotemby.ini C:\WINDOWS\system32\bknurfuh.dll C:\WINDOWS\system32\bsoiooaf.dll C:\WINDOWS\system32\bsxeecgb.dll C:\WINDOWS\system32\bxqsdcgu.ini C:\WINDOWS\system32\chrnmgky.dll C:\WINDOWS\system32\cyevagdc.ini C:\WINDOWS\system32\ddqkqdhi.dll C:\WINDOWS\system32\dfjpmkem.dll C:\WINDOWS\system32\domnpnts.dll C:\WINDOWS\system32\drbyvest.dll C:\WINDOWS\system32\easuyqvf.dll C:\WINDOWS\system32\eeywopax.ini C:\WINDOWS\system32\ekdtnhuq.dll C:\WINDOWS\system32\eyqymlau.ini C:\WINDOWS\system32\fjmmea.dll C:\WINDOWS\system32\fpicgroq.dll C:\WINDOWS\system32\fuvycgbl.ini C:\WINDOWS\system32\fybuduqu.dll C:\WINDOWS\system32\gbwhstjk.dll C:\WINDOWS\system32\gnfxwwtt.ini C:\WINDOWS\system32\hdzwas.dll C:\WINDOWS\system32\inmlhsqq.dll C:\WINDOWS\system32\jajtfmsy.dll C:\WINDOWS\system32\jggjpcnx.dll C:\WINDOWS\system32\jhnvdmjn.dll C:\WINDOWS\system32\jjjonxej.dll C:\WINDOWS\system32\krckvbfs.dll C:\WINDOWS\system32\ksxqxcjq.dll C:\WINDOWS\system32\lvvqftjg.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mflnfilo.ini C:\WINDOWS\system32\mldidwdj.ini C:\WINDOWS\system32\mqclruoi.ini C:\WINDOWS\system32\oldaejrr.dll C:\WINDOWS\system32\orguinre.dll C:\WINDOWS\system32\piklvxng.dll C:\WINDOWS\system32\qfcoytfx.dll C:\WINDOWS\system32\rtrflwtt.dll C:\WINDOWS\system32\sfgmiyjd.ini C:\WINDOWS\system32\SrBaaGgh.ini C:\WINDOWS\system32\SrBaaGgh.ini2 C:\WINDOWS\system32\tcrvjvfp.dll C:\WINDOWS\system32\thdvgyig.dll C:\WINDOWS\system32\vnvsiiao.dll C:\WINDOWS\system32\vqxugwdn.ini C:\WINDOWS\system32\vuqcatki.ini C:\WINDOWS\system32\wENmnnpo.ini C:\WINDOWS\system32\wENmnnpo.ini2 C:\WINDOWS\system32\wksmujry.ini C:\WINDOWS\system32\wqfvyjgt.dll C:\WINDOWS\system32\wxibposa.ini C:\WINDOWS\system32\xcncgjss.dll C:\WINDOWS\system32\xkmnkkdk.dll C:\WINDOWS\system32\xmjisw.dll C:\WINDOWS\system32\ynxavhxe.ini C:\WINDOWS\system32\ytmcts.dll C:\WINDOWS\system32\zcsnvu.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))))))) . 2008-07-24 19:02 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-24 15:04 . 2008-07-24 15:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA 2008-07-18 22:24 . 2008-07-18 22:24 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-07-14 18:57 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-07-14 18:57 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-07-14 18:57 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-07-14 18:57 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-07-14 18:57 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-07-14 18:57 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe 2008-07-14 18:57 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-07-14 18:57 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-07-14 18:57 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-07-14 18:16 . 2008-07-14 18:16 <REP> d-------- C:\Documents and Settings\Administrateur.PC-COMPTA\Application Data\Malwarebytes 2008-07-14 17:40 . 2008-07-14 17:58 4,702 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-14 16:39 . 2008-07-24 19:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-14 16:39 . 2008-07-14 16:39 <REP> d-------- C:\Documents and Settings\Edouard\Application Data\Malwarebytes 2008-07-14 16:39 . 2008-07-14 16:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-14 16:39 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-03 09:52 . 2008-07-03 09:53 <REP> d-------- C:\Program Files\InstantTimeZone 2008-06-30 11:04 . 2008-06-30 11:07 587 --a------ C:\WINDOWS\wininit.ini 2008-06-30 09:03 . 2008-07-14 16:50 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-30 09:03 . 2008-07-14 16:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-26 11:39 . 2008-06-26 11:45 <REP> d-------- C:\Documents and Settings\Edouard\Application Data\beid-cache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-25 11:10 --------- d-----w C:\Documents and Settings\Edouard\Application Data\Skype 2008-07-25 10:10 --------- d-----w C:\Documents and Settings\Edouard\Application Data\skypePM 2008-07-14 14:50 --------- d-----w C:\Program Files\a-squared Free 2008-07-09 21:38 --------- d-----w C:\Program Files\Exp2000 2008-07-01 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Long slow road itch 2008-06-30 06:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-03 09:45 --------- d-----w C:\Documents and Settings\Edouard\Application Data\Notepad++ 2008-06-03 09:44 --------- d-----w C:\Program Files\Notepad++ 2008-06-01 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-06-01 15:51 --------- d-----w C:\Program Files\MSN Messenger 2008-06-01 15:51 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-06-01 15:46 --------- d-----w C:\Program Files\Windows Live 2008-02-18 12:39 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 10:31 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-03-09 19:27 1294446] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 13:02 49152] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 07:30 483328] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 15:43 86016] "StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 19:29 61440] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 18:40 188416] "HPLJ Config"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe" [2003-03-31 19:32 28672] "RTHDCPL"="RTHDCPL.EXE" [2005-10-15 03:51 14864384 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=jajtfmsy.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 RapidPortM4;RapidPortM4;C:\WINDOWS\system32\Drivers\CAPM4LP.SYS [2003-12-02 17:00] R3 ACSSCR;ACR38 Smart Card Reader;C:\WINDOWS\system32\DRIVERS\a38usb.sys [2006-03-24 19:14] S3 brfilt;Pilote de filtre Brother MFC;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 21:12] S3 BrSerWDM;Pilote série WDM Brother;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2003-03-14 02:04] S3 BrUsbMdm;Brother MFC USB modem télécopieur uniquement;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 21:12] S3 BrUsbScn;Pilote de scanneur Brother MFC USB;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 21:12] S3 cmeu0wdm;CardMan 2020;C:\WINDOWS\system32\DRIVERS\cmeu0wdm.sys [2002-09-13 10:28] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-07-25 10:50:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" J'ai ensuite lancé Malwarebytes : Résultats = Aucune infection J'ai ensuite lancé Avast : Résultats = 4 infections J'ai ensuite lancé HiJackThis dont voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:42, on 2008-07-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\CAPM4RSK.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4SWK.EXE C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe C:\Program Files\InstantTimeZone\InstantTimeZone.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe C:\DOCUME~1\Edouard\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\Edouard\LOCALS~1\Temp\Adobelm_Cleanup.0001 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.isaserver.be;*.isanet.be;info.BBL.be;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {AF371985-BC07-4A73-AF97-1EE573EAFD15} - C:\WINDOWS\system32\opnnmNEw.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {DFF03FB7-D8BF-4304-BF4B-9EEB23C5557D} - C:\WINDOWS\system32\hgGaaBrS.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p LPT1: -pn "" -n 1 -l 1036 -sl 120000 O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Fenêtre d'état de Canon iR1510-1670.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM4LAK.EXE O4 - Global Startup: InstantTimeZone.lnk = C:\Program Files\InstantTimeZone\InstantTimeZone.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: SmartUI.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {1D46BE0D-C314-4E20-A291-D1E66265725A} (CryptoActiveX Control) - https://business.isabel.be/OfficeSignTestYo...yptoActiveX.ocx O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - http://ccff02.minfin.fgov.be/CCFF_Authenti...ure/capicom.cab O16 - DPF: {B5C31DCB-8469-4EB7-8355-EBBD63944C18} (UTCRegistration Control) - https://business.isabel.be/OfficeSignRegist...egistration.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O17 - HKLM\Software\..\Telephony: DomainName = KESTELOOT.LOCAL O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = KESTELOOT.LOCAL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: khfghffD - khfghffD.dll (file missing) O20 - Winlogon Notify: ljJCvwTK - ljJCvwTK.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 11832 bytes Merci d'avance A + Tedbel