trott

ok ce n'est pas grave ça peut arriver mon pc va bien maintenant grâce à toi. merci mais j'ai une dernière question. que me conseilles-tu au niveau antivirus, firewall et anti-spyware, anti-malware. est-ce mieux d'avoir une solution a la kaspersky ou plutot prendre des produits différents (bitdefender pour antivirus, zonealarm pour firewall et superantimalware pour ces fameux malwares) merci pour tes précieuses réponses et bonne soirée

bonsoir, je t ai déjà envoyé le scan de bitdefender et de plus je n ai pas de "navilog" moi ne t ai tu pas trompé de personne bonne soirée

bonsoir ci-dessous le fichier complet BitDefender Online Scanner Rapport d'analyse généré à: Mon, Sep 22, 2008 - 20:45:51 Voie d'analyse: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;M:\; Statistiques Temps 00:36:20 Fichiers 91432 Directoires 22144 Secteurs de boot 0 Archives 1786 Paquets programmes 7389 Résultats Virus identifiés 3 Fichiers infectés 4 Fichiers suspects 1 Avertissements 0 Désinfectés 0 Fichiers effacés 5 Info sur les moteurs Définition virus 1773842 Version des moteurs AVCORE v1.7 (build 8314.19) (i386) (Sep 10 2008 19:37:42) Analyse des plugins 16 Archive des plugins 43 Unpack des plugins 7 E-mail plugins 6 Système plugins 4 Paramètres d'analyse Première action Désinfecté Seconde Action Supprimé Heuristique Oui Acceptez les avertissements Oui Extensions analysées exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;pp t;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm ;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas; Excludez les extensions Analyse d'emails Oui Analyse des Archives Oui Analyser paquets programmes Oui Analyse des fichiers Oui Analyse de boot Oui Fichier analysé Statut D:\Avast AntiVirus\Avast! Professional Edition v4.6.623 Keygen.exe Infecté par: Trojan.Generic.494218 D:\Avast AntiVirus\Avast! Professional Edition v4.6.623 Keygen.exe Supprimé D:\Avast AntiVirus\Keygen.exe Infecté par: Trojan.Generic.494218 D:\Avast AntiVirus\Keygen.exe Supprimé D:\PaintShopPro8\Patcher.exe Détecté avec: Application.Tool.Tpatch.Z D:\PaintShopPro8\Patcher.exe Echec de la désinfection D:\PaintShopPro8\Patcher.exe Supprimé D:\Password\ca_setup.exe=>wise0026 Détecté avec: Application.Pwcrack.Cain.AE D:\Password\ca_setup.exe=>wise0026 Echec de la désinfection D:\Password\ca_setup.exe=>wise0026 Supprimé D:\Password\ca_setup.exe Echec de la mise à jour D:\System Volume Information\_restore{C8173D54-8600-4961-AF95-F8F245EA45EF}\RP287\A0033731.exe Suspecté de: Generic.Malware.dld!.22855BC3 D:\System Volume Information\_restore{C8173D54-8600-4961-AF95-F8F245EA45EF}\RP287\A0033731.exe Echec de la désinfection D:\System Volume Information\_restore{C8173D54-8600-4961-AF95-F8F245EA45EF}\RP287\A0033731.exe Supprimé

ci-dessous, le log demandé. désolé du retard mais j'étais en vacances 3 semaines. merci encore pour l'aide BitDefender Online Scanner - Rapport virus en temps réel Généré à: Mon, Sep 22, 2008 - 21:40:05 ________________________________________ Info d'analyse Fichiers scannés 113634 Infectés Fichiers 5 Virus Détectés Trojan.Generic.494218 2 Generic.Malware.dld!.22855BC3 1 Application.Pwcrack.Cain.AE 1 Application.Tool.Tpatch.Z 1 ________________________________________ Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.

Malwarebytes' Anti-Malware 1.26 Version de la base de données: 1119 Windows 6.0.6000 06.09.2008 13:17:55 mbam-log-2008-09-06 (13-17-55).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|K:\|) Eléments examinés: 144846 Temps écoulé: 1 hour(s), 17 minute(s), 56 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\gksraemq.brsf (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Ci-dessous les logs demandés --------------------------------------------- ComboFix 08-09-01.05 - gaisdavi 2008-09-04 18:05:31.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1036.18.2213 [GMT 2:00] Endroit: C:\Users\gaisdavi\Desktop\ComboFix.exe Command switches used :: C:\Users\gaisdavi\Desktop\CFScript.txt * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\MSA.cpl . ((((((((((((((((((((((((((((( Fichiers créés 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))))))) . 2008-09-02 17:48 . 2008-09-02 17:48 <DIR> d-------- C:\_OTMoveIt 2008-09-01 22:40 . 2008-09-01 22:43 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-09-01 22:40 . 2008-09-01 22:43 <DIR> d-------- C:\ProgramData\Lavasoft 2008-09-01 22:40 . 2008-09-01 22:40 <DIR> d-------- C:\Program Files\Lavasoft 2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-01 20:55 . 2008-09-01 20:55 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-09-01 20:55 . 2008-09-01 20:55 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-09-01 20:55 . 2008-09-01 22:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-09-01 20:16 . 2008-09-01 20:33 96,976 --a------ C:\Windows\System32\drivers\klin.dat 2008-09-01 20:16 . 2008-09-01 20:16 87,855 --a------ C:\Windows\System32\drivers\klick.dat 2008-09-01 20:14 . 2008-09-04 18:01 <DIR> d-------- C:\Users\All Users\Kaspersky Lab 2008-09-01 20:14 . 2008-09-04 18:01 <DIR> d-------- C:\ProgramData\Kaspersky Lab 2008-09-01 20:14 . 2008-09-01 20:14 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-09-01 20:14 . 2008-09-03 21:39 3,842,080 --ahs---- C:\Windows\System32\drivers\fidbox.dat 2008-09-01 20:14 . 2008-09-04 18:04 368,672 --ahs---- C:\Windows\System32\drivers\fidbox2.dat 2008-09-01 20:14 . 2008-09-03 21:39 35,288 --ahs---- C:\Windows\System32\drivers\fidbox.idx 2008-09-01 20:14 . 2008-09-04 18:04 4,408 --ahs---- C:\Windows\System32\drivers\fidbox2.idx 2008-08-25 21:06 . 2008-08-25 21:06 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-08-25 21:06 . 2008-08-25 21:06 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-08-15 13:55 . 2008-08-15 13:55 <DIR> d-------- C:\Users\gaisdavi\AppData\Roaming\cmw 2008-08-15 13:51 . 2008-08-15 13:52 <DIR> d-------- C:\Program Files\winpwn 2008-08-13 22:06 . 2008-07-16 01:48 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-13 21:15 . 2008-06-19 05:25 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-13 21:15 . 2008-06-19 05:25 272,896 --a------ C:\Windows\System32\polstore.dll 2008-08-13 21:15 . 2008-06-19 05:25 61,440 --a------ C:\Windows\System32\winipsec.dll 2008-08-13 21:15 . 2008-06-19 05:25 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll 2008-08-13 21:13 . 2008-04-10 07:01 737,792 --a------ C:\Windows\System32\inetcomm.dll 2008-08-13 21:13 . 2008-04-10 04:43 84,480 --a------ C:\Windows\System32\INETRES.dll 2008-08-13 21:04 . 2008-04-19 10:13 268,800 --a------ C:\Windows\System32\es.dll 2008-08-11 11:12 . 2008-08-25 19:54 <DIR> d-------- C:\Users\Sarah\AppData\Roaming\Apple Computer 2008-08-10 15:24 . 2008-08-10 15:24 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-10 15:21 . 2008-08-10 15:21 <DIR> d-------- C:\Program Files\Safari 2008-08-06 21:28 . 2008-08-13 21:07 <DIR> d-------- C:\Users\gaisdavi\AppData\Roaming\Apple Computer 2008-08-06 21:28 . 2008-08-06 21:28 <DIR> d-------- C:\Program Files\iTunes 2008-08-06 21:28 . 2008-08-06 21:28 <DIR> d-------- C:\Program Files\iPod 2008-08-06 21:28 . 2008-08-06 21:28 <DIR> d-------- C:\Program Files\Bonjour 2008-08-06 21:27 . 2008-08-06 21:28 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-08-06 21:27 . 2008-08-06 21:28 <DIR> d-------- C:\ProgramData\Apple Computer 2008-08-06 21:27 . 2008-08-06 21:27 <DIR> d-------- C:\Program Files\QuickTime 2008-08-06 21:25 . 2008-08-06 21:25 <DIR> d-------- C:\Users\All Users\Apple 2008-08-06 21:25 . 2008-08-06 21:25 <DIR> d-------- C:\ProgramData\Apple 2008-08-06 21:25 . 2008-08-06 21:25 <DIR> d-------- C:\Program Files\Common Files\Apple . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-01 18:07 81,984 ----a-w C:\Windows\System32\bdod.bin 2008-09-01 18:07 --------- d-----w C:\ProgramData\BitDefender 2008-09-01 18:07 --------- d-----w C:\Program Files\Common Files\Softwin 2008-08-13 20:07 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-13 20:04 --------- d-----w C:\Program Files\Windows Mail 2008-08-03 17:30 --------- d-----w C:\Program Files\AIDA32 - Personal System Information 2008-07-29 18:21 218,376 ----a-w C:\Windows\System32\klogon.dll 2008-07-29 18:20 24,774 ----a-w C:\Windows\system32\drivers\klopp.dat 2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys 2008-07-21 16:34 121,872 ----a-w C:\Windows\system32\drivers\kl1.sys 2008-07-15 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-15 19:11 --------- d-----w C:\Program Files\Paragon Software 2008-07-15 19:10 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-10 15:30 174 --sha-w C:\Program Files\desktop.ini 2008-07-09 16:28 20,496 ----a-w C:\Windows\system32\drivers\klim6.sys 2008-07-08 19:40 --------- d-----w C:\Program Files\CCleaner 2008-07-08 19:30 --------- d-----w C:\Program Files\VSprint 2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll 2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-03-06 19:11 22,328 ----a-w C:\Users\gaisdavi\AppData\Roaming\PnkBstrK.sys . ((((((((((((((((((((((((((((( snapshot@2008-09-03_20.01.06.12 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-03 17:46:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-09-04 15:46:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-09-03 17:46:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-09-04 15:46:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-09-03 17:48:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-04 15:49:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-04 15:49:08 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-09-03 17:48:34 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-04 15:49:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-09-03 17:46:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-04 08:14:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-09-03 17:46:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-04 08:14:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-09-03 17:46:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-04 08:14:46 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-09-03 17:53:46 104,570 ----a-w C:\Windows\System32\perfc009.dat + 2008-09-04 16:02:21 104,570 ----a-w C:\Windows\System32\perfc009.dat - 2008-09-03 17:53:46 118,244 ----a-w C:\Windows\System32\perfc00C.dat + 2008-09-04 16:02:21 118,244 ----a-w C:\Windows\System32\perfc00C.dat - 2008-09-03 17:53:46 612,848 ----a-w C:\Windows\System32\perfh009.dat + 2008-09-04 16:02:21 612,848 ----a-w C:\Windows\System32\perfh009.dat - 2008-09-03 17:53:46 693,350 ----a-w C:\Windows\System32\perfh00C.dat + 2008-09-04 16:02:21 693,350 ----a-w C:\Windows\System32\perfh00C.dat - 2008-09-01 17:07:42 141,696,199 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-09-04 15:53:31 142,228,722 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-15 1232896] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{42C25C5F-5A7F-4BC8-A6DF-C4C730816DD0}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{59B6F086-A060-49A8-97D4-59FE4B2416A6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{913203AB-4967-4958-8BEF-8C5C497C944D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{C5DFCD50-06BC-403B-9DB9-DADA81149F9D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{318AD515-ACE9-46B4-9475-B60766FB0B32}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{BC9D8A4E-1DCE-44EF-9CD0-0DE9949DD52F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{06CA2D6E-5F72-4C25-B25B-138356C93287}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{55F8033A-2340-4B0C-B973-18DDE9A13701}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{613FAF68-5E6A-4051-AB30-E5708A94C588}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{CF49BD81-83C1-454D-8031-E8FC214BFB7B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{F08C3DF7-C281-4D47-9FEF-0BE42D79B3D4}C:\\program files\\filezilla\\filezilla.exe"= UDP:C:\program files\filezilla\filezilla.exe:FileZilla "UDP Query User{8266A803-32AE-469C-9BA0-5999674B98ED}C:\\program files\\filezilla\\filezilla.exe"= TCP:C:\program files\filezilla\filezilla.exe:FileZilla "{EF9FAE88-3702-4C7D-BC52-5383670F78BD}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{EFEDB35E-902E-49BD-9607-8F8AF9FAF450}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{C64E837C-11DF-4FAA-A616-F14D4AA792FB}"= UDP:C:\Windows\System32\cmd.exe:cmd.exe "{736F05C6-7810-415C-AE50-B0266FD781C0}"= TCP:C:\Windows\System32\cmd.exe:cmd.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2008-01-21 39472] R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 32784] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-07-24 240128] S3 MusCDriverV32;MusCDriverV32;C:\Windows\system32\drivers\MusCDriverV32.sys [2007-10-09 22528] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] rsmsvcs REG_MULTI_SZ ntmssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702e316e-ebab-11dc-a06e-000ea6288369}] \shell\AutoRun\command - L:\setup\rsrc\Autorun.exe \shell\dinstall\command - L:\Directx\dxsetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddd36b3d-ab0f-11dc-a541-000ea6288369}] \shell\AutoRun\command - J:\autorun6e.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-04 18:08:49 Windows 6.0.6000 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-09-04 18:10:20 ComboFix-quarantined-files.txt 2008-09-04 16:10:16 ComboFix2.txt 2008-09-03 18:01:43 Pre-Run: 10,763,931,648 bytes free Post-Run: 10,517,282,816 bytes free 192 --- E O F --- 2008-09-03 18:10:45 ---------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:27:50, on 04.09.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\conime.exe C:\Windows\system32\notepad.exe C:\Windows\Explorer.exe C:\Users\gaisdavi\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://trottserver/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 4722 bytes -------------------------------------------------- Si jamais "trottserver" c est la page web pour acceder a mon NAS... c est normal Je n'ai plus l icone "MS AV" dans le panneau de configuration ainsi que les diverses entrées "\VIE*" dans msconfig. Ca m a l'air tout bon Merci beaucoup pour ton aide

ComboFix 08-09-01.05 - gaisdavi 2008-09-03 19:56:51.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1036.18.2140 [GMT 2:00] Endroit: C:\Users\gaisdavi\Desktop\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\envo.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))))))) . 2008-09-02 17:48 . 2008-09-02 17:48 <DIR> d-------- C:\_OTMoveIt 2008-09-01 22:40 . 2008-09-01 22:43 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-09-01 22:40 . 2008-09-01 22:43 <DIR> d-------- C:\ProgramData\Lavasoft 2008-09-01 22:40 . 2008-09-01 22:40 <DIR> d-------- C:\Program Files\Lavasoft 2008-09-01 22:37 . 2008-09-01 22:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-01 20:55 . 2008-09-01 20:55 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-09-01 20:55 . 2008-09-01 20:55 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-09-01 20:55 . 2008-09-01 22:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-09-01 20:16 . 2008-09-01 20:33 96,976 --a------ C:\Windows\System32\drivers\klin.dat 2008-09-01 20:16 . 2008-09-01 20:16 87,855 --a------ C:\Windows\System32\drivers\klick.dat 2008-09-01 20:14 . 2008-09-03 19:48 <DIR> d-------- C:\Users\All Users\Kaspersky Lab 2008-09-01 20:14 . 2008-09-03 19:48 <DIR> d-------- C:\ProgramData\Kaspersky Lab 2008-09-01 20:14 . 2008-09-01 20:14 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-09-01 20:14 . 2008-09-03 19:52 3,834,912 --ahs---- C:\Windows\System32\drivers\fidbox.dat 2008-09-01 20:14 . 2008-09-02 19:18 335,904 --ahs---- C:\Windows\System32\drivers\fidbox2.dat 2008-09-01 20:14 . 2008-09-03 19:51 35,204 --ahs---- C:\Windows\System32\drivers\fidbox.idx 2008-09-01 20:14 . 2008-09-02 19:18 3,276 --ahs---- C:\Windows\System32\drivers\fidbox2.idx 2008-09-01 19:40 . 2008-08-28 14:57 167,424 --a------ C:\Windows\System32\MSA.cpl 2008-08-25 21:06 . 2008-08-25 21:06 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-08-25 21:06 . 2008-08-25 21:06 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-08-15 13:55 . 2008-08-15 13:55 <DIR> d-------- C:\Users\gaisdavi\AppData\Roaming\cmw 2008-08-15 13:51 . 2008-08-15 13:52 <DIR> d-------- C:\Program Files\winpwn 2008-08-13 22:06 . 2008-07-16 01:48 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-13 21:15 . 2008-06-19 05:25 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-13 21:15 . 2008-06-19 05:25 272,896 --a------ C:\Windows\System32\polstore.dll 2008-08-13 21:15 . 2008-06-19 05:25 61,440 --a------ C:\Windows\System32\winipsec.dll 2008-08-13 21:15 . 2008-06-19 05:25 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll 2008-08-13 21:13 . 2008-04-10 07:01 737,792 --a------ C:\Windows\System32\inetcomm.dll 2008-08-13 21:13 . 2008-04-10 04:43 84,480 --a------ C:\Windows\System32\INETRES.dll 2008-08-13 21:04 . 2008-04-19 10:13 268,800 --a------ C:\Windows\System32\es.dll 2008-08-11 11:12 . 2008-08-25 19:54 <DIR> d-------- C:\Users\Sarah\AppData\Roaming\Apple Computer 2008-08-10 15:24 . 2008-08-10 15:24 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-10 15:21 . 2008-08-10 15:21 <DIR> d-------- C:\Program Files\Safari 2008-08-06 21:28 . 2008-08-13 21:07 <DIR> d-------- C:\Users\gaisdavi\AppData\Roaming\Apple Computer 2008-08-06 21:28 . 2008-08-06 21:28 <DIR> d-------- C:\Program Files\iTunes 2008-08-06 21:28 . 2008-08-06 21:28 <DIR> d-------- C:\Program Files\iPod 2008-08-06 21:28 . 2008-08-06 21:28 <DIR> d-------- C:\Program Files\Bonjour 2008-08-06 21:27 . 2008-08-06 21:28 <DIR> d-------- C:\Users\All Users\Apple Computer 2008-08-06 21:27 . 2008-08-06 21:28 <DIR> d-------- C:\ProgramData\Apple Computer 2008-08-06 21:27 . 2008-08-06 21:27 <DIR> d-------- C:\Program Files\QuickTime 2008-08-06 21:25 . 2008-08-06 21:25 <DIR> d-------- C:\Users\All Users\Apple 2008-08-06 21:25 . 2008-08-06 21:25 <DIR> d-------- C:\ProgramData\Apple 2008-08-06 21:25 . 2008-08-06 21:25 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-08-03 19:30 . 2008-08-03 19:30 <DIR> d-------- C:\Program Files\AIDA32 - Personal System Information . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-01 18:07 81,984 ----a-w C:\Windows\System32\bdod.bin 2008-09-01 18:07 --------- d-----w C:\ProgramData\BitDefender 2008-09-01 18:07 --------- d-----w C:\Program Files\Common Files\Softwin 2008-08-13 20:07 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-13 20:04 --------- d-----w C:\Program Files\Windows Mail 2008-07-29 18:21 218,376 ----a-w C:\Windows\System32\klogon.dll 2008-07-29 18:20 24,774 ----a-w C:\Windows\system32\drivers\klopp.dat 2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys 2008-07-21 16:34 121,872 ----a-w C:\Windows\system32\drivers\kl1.sys 2008-07-15 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-15 19:11 --------- d-----w C:\Program Files\Paragon Software 2008-07-15 19:10 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-10 15:30 174 --sha-w C:\Program Files\desktop.ini 2008-07-09 16:28 20,496 ----a-w C:\Windows\system32\drivers\klim6.sys 2008-07-08 19:40 --------- d-----w C:\Program Files\CCleaner 2008-07-08 19:30 --------- d-----w C:\Program Files\VSprint 2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll 2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-03-06 19:11 22,328 ----a-w C:\Users\gaisdavi\AppData\Roaming\PnkBstrK.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-15 1232896] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{42C25C5F-5A7F-4BC8-A6DF-C4C730816DD0}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{59B6F086-A060-49A8-97D4-59FE4B2416A6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{913203AB-4967-4958-8BEF-8C5C497C944D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{C5DFCD50-06BC-403B-9DB9-DADA81149F9D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{318AD515-ACE9-46B4-9475-B60766FB0B32}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{BC9D8A4E-1DCE-44EF-9CD0-0DE9949DD52F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{06CA2D6E-5F72-4C25-B25B-138356C93287}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{55F8033A-2340-4B0C-B973-18DDE9A13701}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{613FAF68-5E6A-4051-AB30-E5708A94C588}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{CF49BD81-83C1-454D-8031-E8FC214BFB7B}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{F08C3DF7-C281-4D47-9FEF-0BE42D79B3D4}C:\\program files\\filezilla\\filezilla.exe"= UDP:C:\program files\filezilla\filezilla.exe:FileZilla "UDP Query User{8266A803-32AE-469C-9BA0-5999674B98ED}C:\\program files\\filezilla\\filezilla.exe"= TCP:C:\program files\filezilla\filezilla.exe:FileZilla "{EF9FAE88-3702-4C7D-BC52-5383670F78BD}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{EFEDB35E-902E-49BD-9607-8F8AF9FAF450}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{C64E837C-11DF-4FAA-A616-F14D4AA792FB}"= UDP:C:\Windows\System32\cmd.exe:cmd.exe "{736F05C6-7810-415C-AE50-B0266FD781C0}"= TCP:C:\Windows\System32\cmd.exe:cmd.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2008-01-21 39472] R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\drivers\klbg.sys [2008-01-29 32784] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] S0 OemBiosDevice;Royalty OEM Bios Extension;C:\Windows\system32\drivers\royal.sys [2007-07-24 240128] S3 MusCDriverV32;MusCDriverV32;C:\Windows\system32\drivers\MusCDriverV32.sys [2007-10-09 22528] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] rsmsvcs REG_MULTI_SZ ntmssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{702e316e-ebab-11dc-a06e-000ea6288369}] \shell\AutoRun\command - L:\setup\rsrc\Autorun.exe \shell\dinstall\command - L:\Directx\dxsetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddd36b3d-ab0f-11dc-a541-000ea6288369}] \shell\AutoRun\command - J:\autorun6e.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' . - - - - ORPHANS REMOVED - - - - HKCU-Run-\VIE5FF6.exe - C:\Windows\System32\VIE5FF6.exe HKCU-Run-\VIEE644.exe - C:\Windows\System32\VIEE644.exe HKCU-Run-\VIE1CD9.exe - C:\Windows\System32\VIE1CD9.exe HKCU-Run-\VIE1E70.exe - C:\Windows\System32\VIE1E70.exe HKCU-Run-\VIE1EED.exe - C:\Windows\System32\VIE1EED.exe HKCU-Run-\VIE1DA5.exe - C:\Windows\System32\VIE1DA5.exe HKCU-Run-\VIE9D5C.exe - C:\Windows\System32\VIE9D5C.exe HKCU-Run-\VIEA654.exe - C:\Windows\System32\VIEA654.exe HKCU-Run-\VIEAA6B.exe - C:\Windows\System32\VIEAA6B.exe HKCU-Run-\VIEAC9E.exe - C:\Windows\System32\VIEAC9E.exe HKCU-Run-\VIEC582.exe - C:\Windows\System32\VIEC582.exe HKCU-Run-\VIEC6CA.exe - C:\Windows\System32\VIEC6CA.exe HKCU-Run-\VIEC7A5.exe - C:\Windows\System32\VIEC7A5.exe HKCU-Run-\VIECB20.exe - C:\Windows\System32\VIECB20.exe HKCU-Run-\VIE470E.exe - C:\Windows\System32\VIE470E.exe HKCU-Run-\VIE4C3E.exe - C:\Windows\System32\VIE4C3E.exe HKCU-Run-\VIE4FB9.exe - C:\Windows\System32\VIE4FB9.exe HKCU-Run-\VIEF6D3.exe - C:\Windows\System32\VIEF6D3.exe HKCU-Run-\VIEF6C3.exe - C:\Windows\System32\VIEF6C3.exe HKCU-Run-\VIEF889.exe - C:\Windows\System32\VIEF889.exe HKCU-Run-\VIE39.exe - C:\Windows\System32\VIE39.exe HKLM-Run-\VIE5FF6.exe - C:\Windows\System32\VIE5FF6.exe HKLM-Run-\VIEE644.exe - C:\Windows\System32\VIEE644.exe HKLM-Run-\VIE1CD9.exe - C:\Windows\System32\VIE1CD9.exe HKLM-Run-\VIE1E70.exe - C:\Windows\System32\VIE1E70.exe HKLM-Run-\VIE1DA5.exe - C:\Windows\System32\VIE1DA5.exe HKLM-Run-\VIE1EED.exe - C:\Windows\System32\VIE1EED.exe HKLM-Run-\VIE9D5C.exe - C:\Windows\System32\VIE9D5C.exe HKLM-Run-\VIEA654.exe - C:\Windows\System32\VIEA654.exe HKLM-Run-\VIEAA6B.exe - C:\Windows\System32\VIEAA6B.exe HKLM-Run-\VIEAC9E.exe - C:\Windows\System32\VIEAC9E.exe HKLM-Run-\VIEC582.exe - C:\Windows\System32\VIEC582.exe HKLM-Run-\VIEC6CA.exe - C:\Windows\System32\VIEC6CA.exe HKLM-Run-\VIEC7A5.exe - C:\Windows\System32\VIEC7A5.exe HKLM-Run-\VIECB20.exe - C:\Windows\System32\VIECB20.exe HKLM-Run-\VIE470E.exe - C:\Windows\System32\VIE470E.exe HKLM-Run-\VIE4C3E.exe - C:\Windows\System32\VIE4C3E.exe HKLM-Run-\VIE4FB9.exe - C:\Windows\System32\VIE4FB9.exe HKLM-Run-\VIEF6D3.exe - C:\Windows\System32\VIEF6D3.exe HKLM-Run-\VIEF6C3.exe - C:\Windows\System32\VIEF6C3.exe HKLM-Run-\VIEF889.exe - C:\Windows\System32\VIEF889.exe HKLM-Run-\VIE39.exe - C:\Windows\System32\VIE39.exe MSConfigStartUp-Antivirus - C:\Program Files\MSA\MSA.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\gaisdavi\AppData\Roaming\Mozilla\Firefox\Profiles\6lglwr7i.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ch/ FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-03 20:00:09 Windows 6.0.6000 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... C:\Windows\TEMP\TMP000000511770FE675505282B Scan terminé avec succès Les fichiers cachés: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "\\VIE5FF6.exe"="C:\\Windows\\System32\\VIE5FF6.exe" "\\VIEE644.exe"="C:\\Windows\\System32\\VIEE644.exe" "\\VIE1CD9.exe"="C:\\Windows\\System32\\VIE1CD9.exe" "\\VIE1E70.exe"="C:\\Windows\\System32\\VIE1E70.exe" "\\VIE1DA5.exe"="C:\\Windows\\System32\\VIE1DA5.exe" "\\VIE1EED.exe"="C:\\Windows\\System32\\VIE1EED.exe" "\\VIE9D5C.exe"="C:\\Windows\\System32\\VIE9D5C.exe" "\\VIEA654.exe"="C:\\Windows\\System32\\VIEA654.exe" "\\VIEAA6B.exe"="C:\\Windows\\System32\\VIEAA6B.exe" "\\VIEAC9E.exe"="C:\\Windows\\System32\\VIEAC9E.exe" "\\VIEC582.exe"="C:\\Windows\\System32\\VIEC582.exe" "\\VIEC6CA.exe"="C:\\Windows\\System32\\VIEC6CA.exe" "\\VIEC7A5.exe"="C:\\Windows\\System32\\VIEC7A5.exe" "\\VIECB20.exe"="C:\\Windows\\System32\\VIECB20.exe" "\\VIE470E.exe"="C:\\Windows\\System32\\VIE470E.exe" "\\VIE4C3E.exe"="C:\\Windows\\System32\\VIE4C3E.exe" "\\VIE4FB9.exe"="C:\\Windows\\System32\\VIE4FB9.exe" "\\VIEF6D3.exe"="C:\\Windows\\System32\\VIEF6D3.exe" "\\VIEF6C3.exe"="C:\\Windows\\System32\\VIEF6C3.exe" "\\VIEF889.exe"="C:\\Windows\\System32\\VIEF889.exe" "\\VIE39.exe"="C:\\Windows\\System32\\VIE39.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "\\VIE5FF6.exe"="C:\\Windows\\System32\\VIE5FF6.exe" "\\VIEE644.exe"="C:\\Windows\\System32\\VIEE644.exe" "\\VIE1CD9.exe"="C:\\Windows\\System32\\VIE1CD9.exe" "\\VIE1E70.exe"="C:\\Windows\\System32\\VIE1E70.exe" "\\VIE1EED.exe"="C:\\Windows\\System32\\VIE1EED.exe" "\\VIE1DA5.exe"="C:\\Windows\\System32\\VIE1DA5.exe" "\\VIE9D5C.exe"="C:\\Windows\\System32\\VIE9D5C.exe" "\\VIEA654.exe"="C:\\Windows\\System32\\VIEA654.exe" "\\VIEAA6B.exe"="C:\\Windows\\System32\\VIEAA6B.exe" "\\VIEAC9E.exe"="C:\\Windows\\System32\\VIEAC9E.exe" "\\VIEC582.exe"="C:\\Windows\\System32\\VIEC582.exe" "\\VIEC6CA.exe"="C:\\Windows\\System32\\VIEC6CA.exe" "\\VIEC7A5.exe"="C:\\Windows\\System32\\VIEC7A5.exe" "\\VIECB20.exe"="C:\\Windows\\System32\\VIECB20.exe" "\\VIE470E.exe"="C:\\Windows\\System32\\VIE470E.exe" "\\VIE4C3E.exe"="C:\\Windows\\System32\\VIE4C3E.exe" "\\VIE4FB9.exe"="C:\\Windows\\System32\\VIE4FB9.exe" "\\VIEF6D3.exe"="C:\\Windows\\System32\\VIEF6D3.exe" "\\VIEF6C3.exe"="C:\\Windows\\System32\\VIEF6C3.exe" "\\VIEF889.exe"="C:\\Windows\\System32\\VIEF889.exe" "\\VIE39.exe"="C:\\Windows\\System32\\VIE39.exe" . Temps d'accomplissement: 2008-09-03 20:01:41 ComboFix-quarantined-files.txt 2008-09-03 18:01:37 Pre-Run: 9,954,025,472 bytes free Post-Run: 10,620,420,096 bytes free 259 --- E O F --- 2008-08-29 12:57:54 ------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:07:41, on 03.09.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\gaisdavi\Desktop\HiJackThis.exe C:\Windows\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://trottserver/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 4845 bytes -------------- le seul probleme est que j ai toujours l icone "MS AV" dans le panneau de configuration !?!? Merci pour ton aide

j ai enlevé la ligne [EmptyTemp] sinon ça me faisait planter le programme "OTMoveIT2.exe" ci-dessous, les 2 logs demandés Explorer killed successfully File/Folder C:\Windows\System32\VIE5FF6.exe not found. File/Folder C:\Windows\System32\VIEE644.exe not found. File/Folder C:\Windows\System32\VIE1CD9.exe not found. File/Folder C:\Windows\System32\VIE1E70.exe not found. File/Folder C:\Windows\System32\VIE1DA5.exe not found. File/Folder C:\Windows\System32\VIE1EED.exe not found. File/Folder C:\Windows\System32\VIE9D5C.exe not found. File/Folder C:\Windows\System32\VIEA654.exe not found. File/Folder C:\Windows\System32\VIEAA6B.exe not found. File/Folder C:\Windows\System32\VIEAC9E.exe not found. File/Folder C:\Windows\System32\VIEC582.exe not found. File/Folder C:\Windows\System32\VIEC6CA.exe not found. File/Folder C:\Windows\System32\VIEC7A5.exe not found. File/Folder C:\Windows\System32\VIECB20.exe not found. File/Folder C:\Windows\System32\VIE470E.exe not found. File/Folder C:\Windows\System32\VIE4C3E.exe not found. File/Folder C:\Windows\System32\VIE4FB9.exe not found. File/Folder C:\Windows\System32\VIEF6D3.exe not found. File/Folder C:\Windows\System32\VIEF6C3.exe not found. File/Folder C:\Windows\System32\VIEF889.exe not found. File/Folder C:\Windows\System32\VIE39.exe not found. File/Folder C:\Windows\xrdwbfgn.dll not found. < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\xrdwbfgn > Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\xrdwbfgn not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE5FF6.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEE644.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE1CD9.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE1E70.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE1DA5.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE1EED.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE9D5C.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEA654.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEAA6B.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEAC9E.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEC582.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEC6CA.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEC7A5.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIECB20.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE470E.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE4C3E.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE4FB9.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEF6D3.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEF6C3.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEF889.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKLM\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE39.exe > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE5FF6.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEE644.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE1CD9.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE1E70.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE1DA5.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE1EED.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE9D5C.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEA654.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEAA6B.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEAC9E.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEC582.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEC6CA.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEC7A5.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIECB20.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE470E.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE4C3E.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE4FB9.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEF6D3.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEF6C3.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIEF889.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. < HKCU\SOFTWARE\Microsoft\Window\CurrentVersion\Run\\VIE39.exe > Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Window\CurrentVersion\Run not found. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09022008_180645 --------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:08:28, on 02.09.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\gaisdavi\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://trottserver/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [\VIE5FF6.exe] C:\Windows\System32\VIE5FF6.exe O4 - HKLM\..\Run: [\VIEE644.exe] C:\Windows\System32\VIEE644.exe O4 - HKLM\..\Run: [\VIE1CD9.exe] C:\Windows\System32\VIE1CD9.exe O4 - HKLM\..\Run: [\VIE1E70.exe] C:\Windows\System32\VIE1E70.exe O4 - HKLM\..\Run: [\VIE1DA5.exe] C:\Windows\System32\VIE1DA5.exe O4 - HKLM\..\Run: [\VIE1EED.exe] C:\Windows\System32\VIE1EED.exe O4 - HKLM\..\Run: [\VIE9D5C.exe] C:\Windows\System32\VIE9D5C.exe O4 - HKLM\..\Run: [\VIEA654.exe] C:\Windows\System32\VIEA654.exe O4 - HKLM\..\Run: [\VIEAA6B.exe] C:\Windows\System32\VIEAA6B.exe O4 - HKLM\..\Run: [\VIEAC9E.exe] C:\Windows\System32\VIEAC9E.exe O4 - HKLM\..\Run: [\VIEC582.exe] C:\Windows\System32\VIEC582.exe O4 - HKLM\..\Run: [\VIEC6CA.exe] C:\Windows\System32\VIEC6CA.exe O4 - HKLM\..\Run: [\VIEC7A5.exe] C:\Windows\System32\VIEC7A5.exe O4 - HKLM\..\Run: [\VIECB20.exe] C:\Windows\System32\VIECB20.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [\VIE470E.exe] C:\Windows\System32\VIE470E.exe O4 - HKLM\..\Run: [\VIE4C3E.exe] C:\Windows\System32\VIE4C3E.exe O4 - HKLM\..\Run: [\VIE4FB9.exe] C:\Windows\System32\VIE4FB9.exe O4 - HKLM\..\Run: [\VIEF6D3.exe] C:\Windows\System32\VIEF6D3.exe O4 - HKLM\..\Run: [\VIEF6C3.exe] C:\Windows\System32\VIEF6C3.exe O4 - HKLM\..\Run: [\VIEF889.exe] C:\Windows\System32\VIEF889.exe O4 - HKLM\..\Run: [\VIE39.exe] C:\Windows\System32\VIE39.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [\VIE5FF6.exe] C:\Windows\System32\VIE5FF6.exe O4 - HKCU\..\Run: [\VIEE644.exe] C:\Windows\System32\VIEE644.exe O4 - HKCU\..\Run: [\VIE1CD9.exe] C:\Windows\System32\VIE1CD9.exe O4 - HKCU\..\Run: [\VIE1E70.exe] C:\Windows\System32\VIE1E70.exe O4 - HKCU\..\Run: [\VIE1EED.exe] C:\Windows\System32\VIE1EED.exe O4 - HKCU\..\Run: [\VIE1DA5.exe] C:\Windows\System32\VIE1DA5.exe O4 - HKCU\..\Run: [\VIE9D5C.exe] C:\Windows\System32\VIE9D5C.exe O4 - HKCU\..\Run: [\VIEA654.exe] C:\Windows\System32\VIEA654.exe O4 - HKCU\..\Run: [\VIEAA6B.exe] C:\Windows\System32\VIEAA6B.exe O4 - HKCU\..\Run: [\VIEAC9E.exe] C:\Windows\System32\VIEAC9E.exe O4 - HKCU\..\Run: [\VIEC582.exe] C:\Windows\System32\VIEC582.exe O4 - HKCU\..\Run: [\VIEC6CA.exe] C:\Windows\System32\VIEC6CA.exe O4 - HKCU\..\Run: [\VIEC7A5.exe] C:\Windows\System32\VIEC7A5.exe O4 - HKCU\..\Run: [\VIECB20.exe] C:\Windows\System32\VIECB20.exe O4 - HKCU\..\Run: [\VIE470E.exe] C:\Windows\System32\VIE470E.exe O4 - HKCU\..\Run: [\VIE4C3E.exe] C:\Windows\System32\VIE4C3E.exe O4 - HKCU\..\Run: [\VIE4FB9.exe] C:\Windows\System32\VIE4FB9.exe O4 - HKCU\..\Run: [\VIEF6D3.exe] C:\Windows\System32\VIEF6D3.exe O4 - HKCU\..\Run: [\VIEF6C3.exe] C:\Windows\System32\VIEF6C3.exe O4 - HKCU\..\Run: [\VIEF889.exe] C:\Windows\System32\VIEF889.exe O4 - HKCU\..\Run: [\VIE39.exe] C:\Windows\System32\VIE39.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7904 bytes De plus, j'ai remarqué dans le panneau de configuration que j'avais une icone "MS AV" ainsi qu'une entrée dans "msconfig" "c:\programes files\MSA\MSA.exe". J'ai supprimé le fichier manuellement mais je n'arrive pas à enlever l'icone dans le panneau de configuration Merci pour l'aide

Merci d'analyser mon log Hijack et de me donner les démarches à effectuer Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:31:47, on 02.09.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\gaisdavi\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://trottserver/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [\VIE5FF6.exe] C:\Windows\System32\VIE5FF6.exe O4 - HKLM\..\Run: [\VIEE644.exe] C:\Windows\System32\VIEE644.exe O4 - HKLM\..\Run: [\VIE1CD9.exe] C:\Windows\System32\VIE1CD9.exe O4 - HKLM\..\Run: [\VIE1E70.exe] C:\Windows\System32\VIE1E70.exe O4 - HKLM\..\Run: [\VIE1DA5.exe] C:\Windows\System32\VIE1DA5.exe O4 - HKLM\..\Run: [\VIE1EED.exe] C:\Windows\System32\VIE1EED.exe O4 - HKLM\..\Run: [\VIE9D5C.exe] C:\Windows\System32\VIE9D5C.exe O4 - HKLM\..\Run: [\VIEA654.exe] C:\Windows\System32\VIEA654.exe O4 - HKLM\..\Run: [\VIEAA6B.exe] C:\Windows\System32\VIEAA6B.exe O4 - HKLM\..\Run: [\VIEAC9E.exe] C:\Windows\System32\VIEAC9E.exe O4 - HKLM\..\Run: [\VIEC582.exe] C:\Windows\System32\VIEC582.exe O4 - HKLM\..\Run: [\VIEC6CA.exe] C:\Windows\System32\VIEC6CA.exe O4 - HKLM\..\Run: [\VIEC7A5.exe] C:\Windows\System32\VIEC7A5.exe O4 - HKLM\..\Run: [\VIECB20.exe] C:\Windows\System32\VIECB20.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [\VIE470E.exe] C:\Windows\System32\VIE470E.exe O4 - HKLM\..\Run: [\VIE4C3E.exe] C:\Windows\System32\VIE4C3E.exe O4 - HKLM\..\Run: [\VIE4FB9.exe] C:\Windows\System32\VIE4FB9.exe O4 - HKLM\..\Run: [\VIEF6D3.exe] C:\Windows\System32\VIEF6D3.exe O4 - HKLM\..\Run: [\VIEF6C3.exe] C:\Windows\System32\VIEF6C3.exe O4 - HKLM\..\Run: [\VIEF889.exe] C:\Windows\System32\VIEF889.exe O4 - HKLM\..\Run: [\VIE39.exe] C:\Windows\System32\VIE39.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [\VIE5FF6.exe] C:\Windows\System32\VIE5FF6.exe O4 - HKCU\..\Run: [\VIEE644.exe] C:\Windows\System32\VIEE644.exe O4 - HKCU\..\Run: [\VIE1CD9.exe] C:\Windows\System32\VIE1CD9.exe O4 - HKCU\..\Run: [\VIE1E70.exe] C:\Windows\System32\VIE1E70.exe O4 - HKCU\..\Run: [\VIE1EED.exe] C:\Windows\System32\VIE1EED.exe O4 - HKCU\..\Run: [\VIE1DA5.exe] C:\Windows\System32\VIE1DA5.exe O4 - HKCU\..\Run: [\VIE9D5C.exe] C:\Windows\System32\VIE9D5C.exe O4 - HKCU\..\Run: [\VIEA654.exe] C:\Windows\System32\VIEA654.exe O4 - HKCU\..\Run: [\VIEAA6B.exe] C:\Windows\System32\VIEAA6B.exe O4 - HKCU\..\Run: [\VIEAC9E.exe] C:\Windows\System32\VIEAC9E.exe O4 - HKCU\..\Run: [\VIEC582.exe] C:\Windows\System32\VIEC582.exe O4 - HKCU\..\Run: [\VIEC6CA.exe] C:\Windows\System32\VIEC6CA.exe O4 - HKCU\..\Run: [\VIEC7A5.exe] C:\Windows\System32\VIEC7A5.exe O4 - HKCU\..\Run: [\VIECB20.exe] C:\Windows\System32\VIECB20.exe O4 - HKCU\..\Run: [\VIE470E.exe] C:\Windows\System32\VIE470E.exe O4 - HKCU\..\Run: [\VIE4C3E.exe] C:\Windows\System32\VIE4C3E.exe O4 - HKCU\..\Run: [\VIE4FB9.exe] C:\Windows\System32\VIE4FB9.exe O4 - HKCU\..\Run: [\VIEF6D3.exe] C:\Windows\System32\VIEF6D3.exe O4 - HKCU\..\Run: [\VIEF6C3.exe] C:\Windows\System32\VIEF6C3.exe O4 - HKCU\..\Run: [\VIEF889.exe] C:\Windows\System32\VIEF889.exe O4 - HKCU\..\Run: [\VIE39.exe] C:\Windows\System32\VIE39.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O21 - SSODL: xrdwbfgn - {3752C0DC-9EAB-40AD-AD90-9D1B2D4CC12F} - C:\Windows\xrdwbfgn.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 8065 bytes