jakaranda

Voilà le rapport MBAM : Malwarebytes' Anti-Malware 1.25 Version de la base de données: 1078 Windows 5.1.2600 Service Pack 2 20:01:23 23/08/2008 mbam-log-08-23-2008 (20-01-23).txt Type de recherche: Examen rapide Eléments examinés: 48249 Temps écoulé: 28 minute(s), 50 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\pbfrv2.pbfrv2 (Adware.2020Search) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Save\ReadMe.txt (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\WINDOWS\system32\setup.bmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C'est pas encore ça quand même. Mise à part que pour désactiver les programmes qui se lancent au démarrage Hijack m'a bloqué le pc presque une journée et à fini quand même par rendre effective ma demande. J'ai installé Commodo et rebelotte il y a des longs moment de blocage. J'ai désactive défense+ mais ne trouve pas comment désactiver son module anti malwares. Apres: GROS GROS blocage puis écran bleu avec message que Windows à récupéré d'un problème sérieux. J'éteins et relance, quand même 16 minutes avant d'avoir accès à niveau. Là, pour chaque application il met, à peu près, 2.30min pour lancer le programme sans afficher le sablier. Tout ça c'est nouveau J'ai pu profiter quelques jours d'un pc à peu près normal mais là c'est super lent à nouveau. Je vais quand même poursuivre avec la mise à jour de windows. Petite question de débutante : Quel est la différence entre un anti virus et un firewall ? Bonne journée.

Le voilà : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:48:20, on 22/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Voyages-sncf\widget.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-2118638147-4160545921-2216644826-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2118638147-4160545921-2216644826-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-2118638147-4160545921-2216644826-1008 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User '?') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Fenêtre d'état Canon LBP-810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: Ajouter au fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?ca16c6cc38f64ca981feea6e2242954 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?ca16c6cc38f64ca981feea6e2242954 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - http://www.pixaco.fr/static/download/pixacodndupload.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/NET/Import/ImageUploader3.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Judet\Mes documents\photoperfect\Accueil.html -- End of file - 14290 bytes

Génial, ça marche beaucoup mieux. Seulement Hijack This bloque pendant l'exécution mais fini (après 15 min ) par débloquer. Mille merci pour votre aide. mais qui puis-je faire pour éviter ces problèmes dans le futur ? J'ai cru comprendre que msn et tous ce qu'il va avec est assez néfaste mais quoi d'autre ? J'ai déjà constaté une nette amélioration après avoir fais la mise à jour de Windows mais avec toutes la suite de vos conseils mon pc est comme neuf.Encore merci de votre aide, vous êtes un super pro !! jakaranda

Génial, ça marche beaucoup mieux. Seulement Hijack This bloque pendant l'exécution mais fini (après 15 min ) par débloquer. Mille merci pour votre aide. mais qui puis-je faire pour éviter ces problèmes dans le futur ? J'ai cru comprendre que msn et tous ce qu'il va avec est assez néfaste mais quoi d'autre ? J'ai déjà constaté une nette amélioration après avoir fais la mise à jour de Windows mais avec toutes la suite de vos conseils mon pc est comme neuf.Encore merci de votre aide, vous êtes un super pro !! jakaranda

et voilà le rapport Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:45:36, on 21/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing) O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-2118638147-4160545921-2216644826-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2118638147-4160545921-2216644826-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-2118638147-4160545921-2216644826-1008 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User '?') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Fenêtre d'état Canon LBP-810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT O8 - Extra context menu item: Ajouter au fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?ca16c6cc38f64ca981feea6e2242954 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?ca16c6cc38f64ca981feea6e2242954 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - http://www.pixaco.fr/static/download/pixacodndupload.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/NET/Import/ImageUploader3.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Judet\Mes documents\photoperfect\Accueil.html -- End of file - 14704 bytes

voilà, je fais suivre le rapport Hijack. ComboFix 08-08-19.06 - Judet 2008-08-21 13:14:47.2 - NTFSx86 Endroit: C:\Documents and Settings\Judet\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Judet\Bureau\CFScript.txt . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\INSTAFINK C:\Program Files\INSTAFINK\Cache\instafinktb0302.cfg . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))))))) . 2008-08-20 21:44 . 2008-08-20 21:47 <REP> d-------- C:\Program Files\LeConjugueur 2008-08-18 13:58 . 2008-08-21 11:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-18 13:58 . 2008-08-18 13:58 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-16 20:27 . 2008-08-16 20:27 <REP> d-------- C:\Program Files\Avira 2008-08-16 20:27 . 2008-08-16 20:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-15 20:29 . 2008-08-15 20:29 <REP> d--hs---- C:\found.001 2008-08-15 20:17 . 2008-08-15 20:17 134 --a------ C:\WINDOWS\wininit.ini 2008-08-15 11:03 . 2008-08-15 11:06 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-15 11:03 . 2008-08-15 15:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-15 10:57 . 2008-08-15 10:57 <REP> d-------- C:\Program Files\Lavasoft 2008-08-15 10:57 . 2008-08-15 11:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-15 03:02 . 2008-08-15 03:11 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-14 18:06 . 2008-08-14 18:06 <REP> d--hs---- C:\found.000 2008-08-14 08:05 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 10:54 . 2008-08-12 10:56 <REP> d-------- C:\Program Files\CCleaner 2008-08-10 15:13 . 2008-08-10 15:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-07-21 17:09 . 2001-02-14 16:00 22,912 --a------ C:\WINDOWS\system32\drivers\CAPLPTN.SYS 2008-07-21 17:05 . 2008-07-21 17:05 <REP> d-------- C:\LBP810 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-21 09:42 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-16 08:02 --------- d-----w C:\Program Files\Extrafilm FotoFacil 2008-08-16 07:52 --------- d-----w C:\Program Files\Visicom Media 2008-08-16 07:28 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-08-16 07:26 --------- d-----w C:\Program Files\Gabest 2008-08-16 07:22 --------- d-----w C:\Program Files\vso 2008-08-16 07:21 --------- d-----w C:\Program Files\Bonjour 2008-08-16 07:18 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia 2008-08-16 07:18 --------- d-----w C:\Program Files\AVS4YOU 2008-08-15 08:55 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-08-12 08:54 --------- d-----w C:\Program Files\Yahoo! 2008-08-12 08:29 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-08 16:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-08 15:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-05 15:42 --------- d-----w C:\Program Files\Kikoo 2008-08-05 15:39 --------- d-----w C:\Program Files\Free Audio Pack 2008-07-25 13:19 --------- d-----w C:\Program Files\Book'In 2008-07-16 14:47 --------- d-----w C:\Program Files\Safari 2008-07-12 09:00 --------- d-----w C:\Program Files\Opera 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 12:22 164,352 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe 2008-06-24 12:14 --------- d-----w C:\Program Files\Interlogic 2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2007-06-12 12:14 43,028 ----a-w C:\Documents and Settings\Judet\Application Data\mdb.bin 2006-05-14 07:02 448 ----a-w C:\Documents and Settings\Judet\install.cmd 2004-08-05 13:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll 2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll 2004-08-05 13:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll 2004-08-05 13:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 2004-08-05 13:00 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2004-08-05 13:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll 2004-08-05 13:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll 2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll 2004-08-05 13:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll 2004-08-05 13:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-16 18:53 190024] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-05 15:43 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 22:10 339968] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 23:05 32881] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 04:14 81920] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576] "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2004-03-04 15:08 299008] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-28 03:18 180269] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-16 18:53 190024] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "Acrobat Assistant 8.0"="D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992] "Adobe_ID0EYTHM"="C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "CAPON"="C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2001-02-14 16:00 22528] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "SoundMan"="SOUNDMAN.EXE" [2004-09-10 19:29 77824 C:\WINDOWS\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 12:20 2557952 C:\WINDOWS\ALCWZRD.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360] "EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-10-11 10:53 98304] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Fenˆtre d'‚tat Canon LBP-810.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2002-09-25 16:00:00 114688] Hyperappel de l'Encyclop‚die Universelle Larousse.lnk - C:\Program Files\Larousse\Encyclop‚die Universelle Larousse\bin\hyperappel.exe [2005-03-26 11:03:08 53248] Microsoft Office.lnk - C:\Program Files\microsoft office\Office\OSA9.EXE [1999-02-17 23:05:56 65588] Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe [2005-09-20 18:10:04 238080] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= C:\Documents and Settings\Judet\Mes documents\photoperfect\Accueil.html FriendlyName= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "VIDC.MJPX"= pvmjpg20.dll "vidc.yv12"= yv12vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\APPS\\Inventime\\my.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Program Files\\FileZilla\\FileZilla.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\wamp\\Apache2\\bin\\httpd.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "D:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"= "C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4662:TCP"= 4662:TCP:*:Disabled:emule "4672:UDP"= 4672:UDP:*:Disabled:udpemule entrant "3703:TCP"= 3703:TCP:*:Disabled:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:*:Disabled:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:*:Disabled:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:*:Disabled:Adobe Version Cue CS3 Server [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66fa91fa-16d1-11dd-bfd1-0001360bccd4}] \Shell\AutoRun\command - G:\WD_Windows_Tools\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac28bfa6-71ac-11dc-bf77-0001360bccd4}] \Shell\AutoRun\command - G:\LaunchU3.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-15 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-21 13:37:44 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime" . Temps d'accomplissement: 2008-08-21 13:46:37 ComboFix-quarantined-files.txt 2008-08-21 11:45:57 ComboFix2.txt 2008-08-21 09:35:36 Pre-Run: 42,908,389,376 octets libres Post-Run: 42,891,956,224 octets libres 187 --- E O F --- 2008-08-15 01:12:07

Voilà mon rapport. Ouf c'est chaud quand on y connaît rien ! ComboFix 08-08-19.06 - Judet 2008-08-21 10:29:52.1 - NTFSx86 Endroit: C:\Documents and Settings\Judet\Bureau\ComboFix.exe . ADS - svchost.exe: deleted 68 bytes in 1 streams. ADS - ntoskrnl.exe: deleted 228 bytes in 1 streams. ADS - explorer.exe: deleted 132 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Judet\real.txt C:\Program Files\Dynamic Toolbar C:\Program Files\Dynamic Toolbar\batch.bat C:\Program Files\Dynamic Toolbar\Cache\go.bmp C:\Program Files\Dynamic Toolbar\Cache\home.bmp C:\Program Files\Dynamic Toolbar\Cache\logo_pb.bmp C:\Program Files\Dynamic Toolbar\Cache\parent_off.bmp C:\Program Files\Dynamic Toolbar\Cache\parent_on.bmp C:\Program Files\Dynamic Toolbar\Cache\pbfrv2tb0200.cfg C:\Program Files\Dynamic Toolbar\Cache\popup_off.bmp C:\Program Files\Dynamic Toolbar\Cache\popup_on.bmp C:\Program Files\Dynamic Toolbar\Cache\search.bmp C:\Program Files\Dynamic Toolbar\Cache\services.bmp C:\Program Files\Dynamic Toolbar\Cache\skin.bmp C:\Program Files\Dynamic Toolbar\Cache\skin1.bmp C:\Program Files\Dynamic Toolbar\Cache\skin2.bmp C:\Program Files\Dynamic Toolbar\Cache\skin3.bmp C:\Program Files\Dynamic Toolbar\Cache\skin4.bmp C:\Program Files\Dynamic Toolbar\Cache\skin5.bmp C:\Program Files\Dynamic Toolbar\Cache\store.bmp C:\Program Files\Dynamic Toolbar\Cache\style.css C:\Program Files\Dynamic Toolbar\Cache\support.bmp C:\Program Files\Dynamic Toolbar\Cache\ticker.xml C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\_Ticker_ticker.txt C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\ErrorLog.txt C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\go.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\home.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\logo_pb.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\parent_off.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\parent_on.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\popup_off.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\popup_on.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\search.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\services.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\skin.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\skin1.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\skin2.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\skin3.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\skin4.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\skin5.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\store.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\style.css C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\support.bmp C:\Program Files\Dynamic Toolbar\PBFRV2\Cache\ticker.xml C:\Program Files\Dynamic Toolbar\unins000.dat C:\Program Files\Dynamic Toolbar\unins000.exe C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\Shared\01D4A4C7.dat C:\Program Files\Need2Find C:\Program Files\Need2Find\bar\2.bin\N2FFXTBR.JAR C:\Program Files\Need2Find\bar\2.bin\N2NTSTBR.JAR C:\Program Files\Need2Find\bar\2.bin\PARTNER.DAT C:\Program Files\Need2Find\bar\Cache\0007855A C:\Program Files\Need2Find\bar\Cache\00229CE6 C:\Program Files\Need2Find\bar\Cache\files.ini C:\Program Files\Need2Find\bar\History\search C:\Program Files\Need2Find\bar\Settings\prevcfg.htm C:\Program Files\RXToolBar C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat C:\WINDOWS\cdmxtras C:\WINDOWS\cdmxtras\uninst.exe C:\WINDOWS\pack.epk C:\WINDOWS\smdat32m.sys C:\WINDOWS\system32\_000006_.tmp.dll C:\WINDOWS\system32\cache329 C:\WINDOWS\system32\system C:\WINDOWS\system32\system\EMPOP3.DLL C:\WINDOWS\system32\system\MSCREATE.DIR . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NNSERV -------\Service_NNServ ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))))))) . 2008-08-20 21:44 . 2008-08-20 21:47 <REP> d-------- C:\Program Files\LeConjugueur 2008-08-18 13:58 . 2008-08-21 11:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-18 13:58 . 2008-08-18 13:58 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-16 20:27 . 2008-08-16 20:27 <REP> d-------- C:\Program Files\Avira 2008-08-16 20:27 . 2008-08-16 20:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-15 20:29 . 2008-08-15 20:29 <REP> d--hs---- C:\found.001 2008-08-15 20:17 . 2008-08-15 20:17 134 --a------ C:\WINDOWS\wininit.ini 2008-08-15 11:03 . 2008-08-15 11:06 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-15 11:03 . 2008-08-15 15:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-15 10:57 . 2008-08-15 10:57 <REP> d-------- C:\Program Files\Lavasoft 2008-08-15 10:57 . 2008-08-15 11:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-15 03:02 . 2008-08-15 03:11 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-14 18:06 . 2008-08-14 18:06 <REP> d--hs---- C:\found.000 2008-08-14 08:05 . 2008-05-01 16:31 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 10:54 . 2008-08-12 10:56 <REP> d-------- C:\Program Files\CCleaner 2008-08-10 15:13 . 2008-08-10 15:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-07-21 17:09 . 2001-02-14 16:00 22,912 --a------ C:\WINDOWS\system32\drivers\CAPLPTN.SYS 2008-07-21 17:05 . 2008-07-21 17:05 <REP> d-------- C:\LBP810 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-21 04:55 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-16 08:02 --------- d-----w C:\Program Files\Extrafilm FotoFacil 2008-08-16 07:52 --------- d-----w C:\Program Files\Visicom Media 2008-08-16 07:28 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-08-16 07:26 --------- d-----w C:\Program Files\Gabest 2008-08-16 07:22 --------- d-----w C:\Program Files\vso 2008-08-16 07:21 --------- d-----w C:\Program Files\Bonjour 2008-08-16 07:18 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia 2008-08-16 07:18 --------- d-----w C:\Program Files\AVS4YOU 2008-08-15 18:17 --------- d-----w C:\Program Files\INSTAFINK 2008-08-15 08:55 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-08-12 08:54 --------- d-----w C:\Program Files\Yahoo! 2008-08-12 08:29 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-08-08 16:42 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-08 15:47 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-05 15:42 --------- d-----w C:\Program Files\Kikoo 2008-08-05 15:39 --------- d-----w C:\Program Files\Free Audio Pack 2008-07-25 13:19 --------- d-----w C:\Program Files\Book'In 2008-07-16 14:47 --------- d-----w C:\Program Files\Safari 2008-07-12 09:00 --------- d-----w C:\Program Files\Opera 2008-06-24 12:14 --------- d-----w C:\Program Files\Interlogic 2007-06-12 12:14 43,028 ----a-w C:\Documents and Settings\Judet\Application Data\mdb.bin 2006-05-14 07:02 448 ----a-w C:\Documents and Settings\Judet\install.cmd 2004-08-05 13:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll 2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll 2004-08-05 13:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll 2004-08-05 13:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll 2004-08-05 13:00 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll 2004-08-05 13:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll 2004-08-05 13:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll 2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll 2004-08-05 13:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll 2004-08-05 13:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-16 18:53 190024] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2008-01-05 15:43 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 15:00 208952] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 15:00 455168] "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 22:10 339968] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 23:05 32881] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-10-08 04:14 81920] "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576] "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2004-03-04 15:08 299008] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-28 03:18 180269] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-05-16 18:53 190024] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "Acrobat Assistant 8.0"="D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992] "Adobe_ID0EYTHM"="C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "CAPON"="C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2001-02-14 16:00 22528] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "SoundMan"="SOUNDMAN.EXE" [2004-09-10 19:29 77824 C:\WINDOWS\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2004-09-15 12:20 2557952 C:\WINDOWS\ALCWZRD.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360] "EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-10-11 10:53 98304] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= C:\Documents and Settings\Judet\Mes documents\photoperfect\Accueil.html FriendlyName= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= pvmjpg21.dll "VIDC.PIM1"= pclepim1.dll "VIDC.MJPX"= pvmjpg20.dll "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\APPS\\Inventime\\my.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Program Files\\FileZilla\\FileZilla.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\wamp\\Apache2\\bin\\httpd.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\iTunes\\iTunes.exe"= "D:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"= "C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4662:TCP"= 4662:TCP:*:Disabled:emule "4672:UDP"= 4672:UDP:*:Disabled:udpemule entrant "3703:TCP"= 3703:TCP:*:Disabled:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:*:Disabled:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:*:Disabled:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:*:Disabled:Adobe Version Cue CS3 Server [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66fa91fa-16d1-11dd-bfd1-0001360bccd4}] \Shell\AutoRun\command - G:\WD_Windows_Tools\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac28bfa6-71ac-11dc-bf77-0001360bccd4}] \Shell\AutoRun\command - G:\LaunchU3.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-08-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2008-08-15 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [] . - - - - ORPHANS REMOVED - - - - HKCU-Run-SsAAD.exe - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe HKCU-Run-Magentic - C:\PROGRA~1\Magentic\bin\Magentic.exe HKCU-Run-OM_Monitor - D:\Program Files\Monitor.exe HKLM-Run-CleanEasyImg - c:\apps\easydvd\cleanall.exe HKLM-Run-KAZAA - C:\Program Files\Kazaa\kazaa.exe HKLM-Run-EoEngine - (no file) HKLM-Run-EoWeather - (no file) HKU-Default-Run-Symantec NetDriver Warning - C:\PROGRA~1\SYMNET~1\SNDWarn.exe MSConfigStartUp-WhenUSave - C:\PROGRA~1\Save\Save.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Judet\Application Data\Mozilla\Firefox\Profiles\ge694adk.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/ FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_05\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_05\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_05\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_05\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_05\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_05\bin\NPOJI610.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll . ************************************************************************** Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe C:\APPS\ABOARD\AOSD.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\Larousse\Encyclopédie Universelle Larousse\Bin\hyperappel.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe C:\Program Files\MSN Toolbar Suite\SL\02.05.0001.1119\fr-fr\msn_sl.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-21 11:35:34 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-21 09:35:29 Pre-Run: 43,031,379,968 octets libres Post-Run: 42,901,905,408 octets libres 288 --- E O F --- 2008-08-15 01:12:07

si je le vire ça ne suffit pas ?

Ok, maintenant spybot me dit : décelé une modification importante du registre. Autoriser ou refuser ? J'autorise ? merci

Ben non justement ce rapport est introuvable.

Bon, j'ai suivie les conseils mais Antivir me dit qu'il y a un virus et me propose "deny acess" que j'ai accepté. Ensuite s'ouvre un panneau disant que windows ne parvient pas a accéder au service ?? ensuite dans mon C:\ il y a bien un dossier plein de chiffres qui contient les objets Combofix mais aucun fichier txt. Je fais quoi maintenant ? Et que dit mon fichier Hijack ? Merci d'avance

Bonjour, J'ai des gros problèmes de lenteur et blocage sur mon pc. J'ai bien suivie toutes les indications dans les conseils sur votre site : j'ai vidé les fichiers temporaires, installés et exécutés ad-aware et spybot, cwshredder, désinstallé avast et installé Antivir (pas moyen de le faire fonctionner en mode sans echec !!), mise à jour de windows etc. Voilà donc mon rapport Hijack, si quelqu'un peut m'aider à y voir plus clair il en sera remercié d'avance. Jakaranda Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:12:02, on 18/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CAPRPCSK.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe C:\apps\ABoard\AOSD.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe C:\Program Files\microsoft office\Office\OSA9.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Voyages-sncf\widget.exe C:\Documents and Settings\Judet\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: (no name) - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - (no file) O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL (file missing) O2 - BHO: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing) O3 - Toolbar: PBFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - C:\WINDOWS\system32\pbfrv2.dll (file missing) O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll O3 - Toolbar: Need2Find Bar - {4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [OM_Monitor] D:\Program Files\Monitor.exe -NoStart O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-2118638147-4160545921-2216644826-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2118638147-4160545921-2216644826-1008\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c (User '?') O4 - HKUS\S-1-5-21-2118638147-4160545921-2216644826-1008\..\Run: [OM_Monitor] D:\Program Files\Monitor.exe -NoStart (User '?') O4 - HKUS\S-1-5-21-2118638147-4160545921-2216644826-1008\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?') O4 - HKUS\S-1-5-21-2118638147-4160545921-2216644826-1008\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?') O4 - HKUS\S-1-5-21-2118638147-4160545921-2216644826-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-2118638147-4160545921-2216644826-1008 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User '?') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Fenêtre d'état Canon LBP-810.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT O8 - Extra context menu item: Ajouter au fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?ca16c6cc38f64ca981feea6e2242954 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?ca16c6cc38f64ca981feea6e2242954 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} - http://www.pixaco.fr/static/download/pixacodndupload.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/NET/Import/ImageUploader3.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Judet\Mes documents\photoperfect\Accueil.html -- End of file - 17400 bytes