obaka

oui ca as fonctionne merci cette fois tout a l ère correct (beaucoup plus fluide ) on voit vraiment la différence as moins d avoir d autre manip a faire encore je te remercie beaucoup pour cette patience

hop voila Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=dword:00000002 "ConsentPromptBehaviorUser"=dword:00000001 "EnableInstallerDetection"=dword:00000001 "EnableSecureUIAPaths"=dword:00000001 "EnableVirtualization"=dword:00000001 "PromptOnSecureDesktop"=dword:00000001 "ValidateAdminCodeSignatures"=dword:00000000 "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "scforceoption"=dword:00000000 "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "FilterAdministratorToken"=dword:00000000 "EnableUIADesktopToggle"=dword:00000000 "DisableRegistryTools"=dword:00000000 "HideLegacyLogonScripts"=dword:00000000 "HideLogoffScripts"=dword:00000000 "RunLogonScriptSync"=dword:00000001 "RunStartupScriptSync"=dword:00000000 "HideStartupScripts"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats] "CF_TEXT"=dword:00000001 "CF_BITMAP"=dword:00000002 "CF_OEMTEXT"=dword:00000007 "CF_DIB"=dword:00000008 "CF_PALETTE"=dword:00000009 "CF_UNICODETEXT"=dword:0000000d "CF_DIBV5"=dword:00000011

bon apparemment plus de message d erreur au démarrage mais toujours l autorisation du compte utilisateur qui fait défaut

voila j ai lance le scan mais vu le temps je ne penses pas avoir le rapport avent un petit bout de temps donc je ne pourrais le poster que ce soir sinon pour les dysfonctionnement j ai un autre message d erreur au démarrage de mon pc "CTXfiHlp Aplication a cesse de fonctionner " j ai aussi au niveau de mon contrôle utilisateur que j avais désactive volontairement avant infection qui maintenant fait un peut ce qu il veut en fonction des programme, j ai essayer d aller dans le panneau de config et de décocher/recocher la case mais c est pareil la case reste décoché pourtant il me demande parfois une autorisation bon finalement voila le rapport BitDefender Online Scanner Rapport d'analyse généré à: Thu, Oct 02, 2008 - 12:12:23 Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;K:\; Statistiques Temps 00:17:33 Fichiers 98171 Directoires 16872 Secteurs de boot 0 Archives 1306 Paquets programmes 11094 Résultats Virus identifiés 0 Fichiers infectés 0 Fichiers suspects 0 Avertissements 0 Désinfectés 0 Fichiers effacés 0 Info sur les moteurs Définition virus 1829043 Version des moteurs AVCORE v1.7 (build 8314.19) (i386) (Sep 10 2008 19:37:42) Analyse des plugins 16 Archive des plugins 43 Unpack des plugins 7 E-mail plugins 6 Système plugins 4 Paramètres d'analyse Première action Désinfecté Seconde Action Supprimé Heuristique Oui Acceptez les avertissements Oui Extensions analysées exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;pp t;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm ;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas; Excludez les extensions Analyse d'emails Oui Analyse des Archives Oui Analyser paquets programmes Oui Analyse des fichiers Oui Analyse de boot Oui Fichier analysé Statut Aucun virus trouvé.

bon désoler pour la reponsse tardive j ai dut m absenter (boulot) alors voila ce que j ai fait la manip avec combofix que tu m as cite au dessus et dont je post le rapport ensuite j ai fait le scan avc RSIT et je post le rapport en deuxieme puis un denier scan avec hijackthis avec le dernier rapport sinon je sais pas si c est important mais quand fait la manip de combofix en le lançant(mais ca fonctionne quand même) j ai un message d erreur " COM Suragate as cesser de fonctionner " je précise que j ai ce message a chaque démarrage de mon pc aussi voila les rapport ComboFix 08-09-30.03 - fabrice 2008-10-01 23:06:29.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2062 [GMT 2:00] Lancé depuis: C:\Users\fabrice\Desktop\ComboFix.exe Commutateurs utilisés :: C:\Users\fabrice\Desktop\CFScript.txt * Un nouveau point de restauration a été créé FILE :: C:\Windows\iun6002.exe C:\Windows\System32\nY.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\iun6002.exe C:\Windows\System32\nY.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-01 au 2008-10-01 )))))))))))))))))))))))))))))))))))) . 2008-10-01 23:05 . 2008-10-01 23:05 <REP> d-------- C:\32788R22FWJFW 2008-09-30 23:51 . 2008-09-30 23:51 19,236 --a------ C:\Windows\System32\TuneUpDefragService_20080930-215115.dmp 2008-09-30 15:53 . 2008-09-30 15:57 <REP> d-------- C:\ToolBar SD 2008-09-30 11:59 . 2008-10-01 15:50 <REP> d-------- C:\Program Files\trend micro 2008-09-28 17:02 . 2008-09-28 23:52 691 --a------ C:\Users\fabrice\AppData\Roaming\GetValue.vbs 2008-09-28 17:02 . 2008-09-28 23:52 35 --a------ C:\Users\fabrice\AppData\Roaming\SetValue.bat 2008-09-28 17:00 . 2008-09-30 15:51 4,154 --a------ C:\Windows\System32\tmp.reg 2008-09-28 08:18 . 2008-09-28 08:18 <REP> d-------- C:\Program Files\filehippo.com 2008-09-27 18:08 . 2008-09-27 18:08 <REP> d-------- C:\Windows\System32\Kaspersky Lab 2008-09-26 10:40 . 2008-09-26 10:40 <REP> d-------- C:\Program Files\iWizz 2008-09-26 10:35 . 2006-10-26 19:58 30,512 --a------ C:\Windows\System32\mdimon.dll 2008-09-26 10:34 . 2008-09-26 10:34 <REP> d-------- C:\Program Files\Microsoft Works 2008-09-26 10:33 . 2008-09-26 10:33 <REP> d-------- C:\Program Files\Microsoft.NET 2008-09-26 10:31 . 2008-10-01 18:01 <REP> d-------- C:\Users\All Users\Microsoft Help 2008-09-26 10:31 . 2008-10-01 18:01 <REP> d-------- C:\PROGRA~2\Microsoft Help 2008-09-26 10:30 . 2008-09-26 10:30 <REP> dr-h----- C:\MSOCache 2008-09-22 01:55 . 2008-09-22 01:55 <REP> d-------- C:\Program Files\Microsoft Silverlight 2008-09-21 20:00 . 2008-09-21 20:00 <REP> d-------- C:\Users\fabrice\AppData\Roaming\PeerNetworking 2008-09-21 18:51 . 2008-09-21 18:51 <REP> d-------- C:\Users\All Users\WindowsSearch 2008-09-21 18:51 . 2008-09-21 18:51 <REP> d-------- C:\PROGRA~2\WindowsSearch 2008-09-21 18:14 . 2008-09-21 18:41 <REP> d-------- C:\FSGX 2008-09-21 11:53 . 2008-09-21 11:53 <REP> d--hs---- C:\Diskeeper 2008-09-21 11:30 . 2008-09-21 11:30 <REP> d-------- C:\Users\All Users\Diskeeper Corporation 2008-09-21 11:30 . 2008-09-21 11:30 <REP> d-------- C:\PROGRA~2\Diskeeper Corporation 2008-09-21 11:27 . 2008-09-21 11:27 <REP> d--h----- C:\Windows\PIF 2008-09-20 23:40 . 2008-09-20 23:40 <REP> d-------- C:\Program Files\Sun 2008-09-20 23:38 . 2008-09-20 23:39 <REP> d-------- C:\Program Files\Java 2008-09-20 23:38 . 2008-09-20 23:38 <REP> d-------- C:\Program Files\Common Files\Java 2008-09-20 23:32 . 2008-09-20 23:33 <REP> d-------- C:\Users\fabrice\AppData\Roaming\Notepad++ 2008-09-20 23:32 . 2008-09-20 23:32 <REP> d-------- C:\Program Files\Notepad++ 2008-09-20 23:32 . 2008-09-20 23:32 <REP> d-------- C:\Program Files\AICarriers 2008-09-20 23:02 . 2008-09-22 14:51 <REP> d-------- C:\Program Files\JABX 2008-09-20 12:12 . 2008-09-20 12:12 <REP> d-------- C:\Program Files\Common Files\Microsoft Games 2008-09-20 11:33 . 2008-09-20 11:33 <REP> d-------- C:\Users\All Users\Adobe 2008-09-20 11:33 . 2008-09-20 11:33 <REP> d-------- C:\Program Files\Common Files\Adobe AIR 2008-09-20 02:21 . 2008-09-20 02:21 <REP> d-------- C:\Program Files\Diskeeper Corporation 2008-09-17 01:03 . 2008-09-17 01:03 <REP> d-------- C:\Program Files\Foxit Software 2008-09-17 00:17 . 2008-09-17 00:17 <REP> d-------- C:\inetpub 2008-09-15 00:13 . 2008-09-15 00:13 151 --a------ C:\Windows\PhotoSnapViewer.INI 2008-09-14 15:36 . 2008-09-14 15:44 1,024 --a------ C:\Windows\utrafficx.lic 2008-09-14 11:04 . 2008-09-14 11:04 <REP> d-------- C:\Program Files\FS Recorder for FSX 2008-09-12 00:37 . 2008-09-28 00:12 69 --a------ C:\Windows\NeroDigital.ini 2008-09-11 23:50 . 2008-09-17 15:21 <REP> d-------- C:\Program Files\SquawkBox 2008-09-11 15:39 . 2008-09-11 15:39 <REP> d-------- C:\Program Files\PicNic 2008-09-11 15:15 . 2008-09-11 15:15 <REP> d-------- C:\Program Files\TreeX 2008-09-09 23:59 . 2008-09-09 23:59 118 --a------ C:\Windows\System32\MRT.INI 2008-09-09 20:57 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-09 20:57 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-09 20:57 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-09 20:57 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-09 20:57 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-09 20:57 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-09 20:57 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-09 20:57 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-09 20:57 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-09 08:49 . 2008-09-17 01:11 <REP> d-------- C:\Users\fabrice\AppData\Roaming\Ahead 2008-09-09 08:48 . 2008-09-09 08:48 <REP> d-------- C:\Users\All Users\Nero 2008-09-09 08:48 . 2008-09-09 08:48 <REP> d-------- C:\Program Files\Nero 2008-09-09 08:48 . 2008-09-09 08:50 <REP> d-------- C:\Program Files\Common Files\Ahead 2008-09-09 08:48 . 2008-09-09 08:48 <REP> d-------- C:\PROGRA~2\Nero 2008-09-09 02:09 . 2008-09-09 02:09 <REP> d-------- C:\Program Files\Smart Projects 2008-09-09 01:57 . 2008-09-09 01:57 <REP> d-------- C:\Program Files\DAEMON Tools 2008-09-09 00:36 . 2008-09-09 00:36 611,064 --a------ C:\Windows\System32\drivers\sptd.sys 2008-09-09 00:36 . 2008-09-09 00:36 142,904 --a------ C:\Windows\System32\drivers\sptddrv1.sys 2008-09-08 12:11 . 2008-09-08 12:11 <REP> d-------- C:\Users\All Users\Real 2008-09-08 12:11 . 2003-03-19 05:14 499,712 --a------ C:\Windows\System32\msvcp71.dll 2008-09-07 20:24 . 2008-09-08 12:12 <REP> d-------- C:\Program Files\K-Lite Codec Pack 2008-09-04 20:21 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-09-04 20:21 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-09-04 20:21 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-09-04 20:21 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-09-04 20:21 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-09-04 20:21 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-09-04 20:21 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-09-04 20:21 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-09-04 20:21 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-09-04 01:04 . 2008-09-04 01:04 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe 2008-09-04 01:03 . 2008-09-04 01:04 <REP> d-------- C:\Program Files\TuneUp Utilities 2008 2008-09-03 17:42 . 2008-09-03 17:42 <REP> d-------- C:\Users\fabrice\AppData\Roaming\Malwarebytes 2008-09-03 17:42 . 2008-09-03 17:42 <REP> d-------- C:\Users\All Users\Malwarebytes 2008-09-03 17:42 . 2008-09-09 23:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-03 17:42 . 2008-09-03 17:42 <REP> d-------- C:\PROGRA~2\Malwarebytes 2008-09-03 17:42 . 2008-09-08 00:11 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-03 17:42 . 2008-09-08 00:11 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-03 16:38 . 2008-05-01 16:35 53,248 --a------ C:\Windows\System32\CSVer.dll 2008-09-03 16:29 . 2006-11-10 09:25 319,456 --a------ C:\Windows\System32\difxapi.dll 2008-09-03 16:28 . 2008-09-03 16:38 <REP> d-------- C:\Program Files\Intel 2008-09-03 16:28 . 2008-09-03 16:28 <REP> d-------- C:\Intel 2008-09-03 16:28 . 2008-07-20 17:44 324,120 --a------ C:\Windows\System32\drivers\iaStor.sys 2008-09-03 00:59 . 2008-09-03 00:59 <REP> d-------- C:\Windows\System32\AGEIA 2008-09-03 00:59 . 2008-09-03 00:59 <REP> d-------- C:\Program Files\AGEIA Technologies 2008-09-03 00:42 . 2008-10-01 15:38 279,461,499 --a------ C:\Windows\MEMORY.DMP 2008-09-03 00:36 . 2008-07-15 01:08 24,089,151 --a------ C:\Windows\System32\AppSetup.exe 2008-09-03 00:36 . 2004-07-30 14:47 20,480 --a------ C:\Windows\INRESFRN.DLL 2008-09-03 00:36 . 2006-06-09 15:20 3,072 --a------ C:\Windows\CTXFIFRN.DLL 2008-09-03 00:27 . 2008-09-03 00:27 <REP> d-------- C:\Users\fabrice\AppData\Roaming\TuneUp Software 2008-09-03 00:27 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll 2008-09-03 00:27 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll 2008-09-03 00:26 . 2008-09-04 01:03 <REP> d-------- C:\Users\All Users\TuneUp Software 2008-09-03 00:26 . 2008-09-04 01:03 <REP> d-------- C:\PROGRA~2\TuneUp Software 2008-09-02 17:20 . 2008-01-11 20:21 36,384 --a------ C:\Windows\System32\drivers\npusbio.sys 2008-09-02 17:11 . 2008-09-03 16:23 <REP> d-------- C:\Users\All Users\ma-config.com 2008-09-02 17:11 . 2008-09-03 16:23 <REP> d-------- C:\Program Files\ma-config.com 2008-09-02 17:11 . 2008-09-03 16:23 <REP> d-------- C:\PROGRA~2\ma-config.com 2008-09-02 16:24 . 2008-09-02 16:24 <REP> d-------- C:\Users\All Users\Saitek 2008-09-02 16:24 . 2008-09-02 16:24 <REP> d-------- C:\Program Files\Saitek 2008-09-02 16:24 . 2008-09-02 16:24 <REP> d-------- C:\PROGRA~2\Saitek 2008-09-02 16:20 . 2005-11-03 11:09 57,344 --a------ C:\Windows\System32\SAIGON.dll 2008-09-02 16:20 . 2005-10-18 14:31 45,056 --a------ C:\Windows\System32\SAIKICK.dll 2008-09-02 16:17 . 2007-05-01 16:11 8,252 --a------ C:\Windows\System32\SaiD075C.pr0 2008-09-02 16:07 . 2008-09-02 16:07 <REP> d-------- C:\Program Files\NaturalPoint 2008-09-02 16:07 . 2006-12-06 17:20 15,360 --a------ C:\Windows\System32\drivers\npusb.sys 2008-09-02 15:34 . 2008-09-03 01:02 <REP> d-------- C:\Users\All Users\nHancer 2008-09-02 15:34 . 2008-09-02 15:34 <REP> d-------- C:\Program Files\nHancer 2008-09-02 15:34 . 2008-09-03 01:02 <REP> d-------- C:\PROGRA~2\nHancer 2008-09-02 01:08 . 2008-09-27 23:27 268 --ah----- C:\sqmdata19.sqm 2008-09-02 01:08 . 2008-09-27 23:27 244 --ah----- C:\sqmnoopt19.sqm 2008-09-01 18:04 . 2008-09-27 16:01 268 --ah----- C:\sqmdata18.sqm 2008-09-01 18:04 . 2008-09-27 16:01 244 --ah----- C:\sqmnoopt18.sqm 2008-09-01 16:03 . 2008-09-01 16:03 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf 2008-09-01 00:21 . 2008-09-27 02:35 268 --ah----- C:\sqmdata17.sqm 2008-09-01 00:21 . 2008-09-27 02:35 244 --ah----- C:\sqmnoopt17.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-01 20:42 --------- d-----w C:\Users\fabrice\AppData\Roaming\BitTorrent 2008-10-01 20:14 --------- d-----w C:\Program Files\McAfee 2008-10-01 16:03 --------- d-----w C:\Program Files\Dl_cats 2008-09-21 16:13 --------- d-----w C:\Program Files\Microsoft Games 2008-09-20 10:12 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-09 22:07 --------- d-----w C:\Users\fabrice\AppData\Roaming\SiteAdvisor 2008-09-07 18:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-02 23:02 --------- d-----w C:\PROGRA~2\NVIDIA 2008-09-02 14:07 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-02 09:01 --------- d-----w C:\Users\fabrice\AppData\Roaming\Creative 2008-08-29 14:07 --------- d-----w C:\Program Files\Lavasoft 2008-08-29 14:06 --------- d-----w C:\PROGRA~2\Lavasoft 2008-08-29 13:50 --------- d-----w C:\PROGRA~2\Applications 2008-08-29 13:26 --------- d-----w C:\PROGRA~2\arclmtyb 2008-08-29 06:16 --------- d-----w C:\Program Files\BitTorrent 2008-08-28 15:34 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-27 20:52 --------- d-----w C:\Program Files\SiteAdvisor 2008-08-27 14:35 174 --sha-w C:\Program Files\desktop.ini 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Mail 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Journal 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Defender 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Collaboration 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Calendar 2008-08-27 14:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-08-27 14:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-08-27 13:05 269,312 ----a-w C:\Windows\System32\es.dll 2008-08-27 06:39 --------- d-----w C:\Program Files\Windows Live 2008-08-27 06:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-08-27 06:30 --------- d-----w C:\PROGRA~2\WLInstaller 2008-08-27 06:19 --------- d-----w C:\Users\fabrice\AppData\Roaming\Turbine 2008-08-27 05:59 --------- d-----w C:\Program Files\Codemasters 2008-08-26 17:17 --------- d-----w C:\Program Files\IncrediMail 2008-08-26 17:17 --------- d-----w C:\PROGRA~2\IM 2008-08-26 17:15 --------- d-----w C:\PROGRA~2\IncrediMail 2008-08-26 16:44 --------- d-----w C:\Program Files\MozBackup 1.4 2008-08-26 16:29 --------- d-----w C:\Users\fabrice\AppData\Roaming\DellFaxCtr 2008-08-26 16:17 61,440 ----a-w C:\Windows\System32\winipsec.dll 2008-08-26 16:17 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL 2008-08-26 16:17 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll 2008-08-26 16:17 272,896 ----a-w C:\Windows\System32\polstore.dll 2008-08-26 16:10 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-08-26 16:02 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-08-26 16:00 988,216 ----a-w C:\Windows\System32\winload.exe 2008-08-26 16:00 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-08-26 16:00 615,992 ----a-w C:\Windows\System32\ci.dll 2008-08-26 16:00 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-08-26 16:00 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-08-26 16:00 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-08-26 16:00 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-08-26 16:00 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-08-26 16:00 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-08-26 16:00 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-08-26 15:59 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-08-26 15:59 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-08-26 15:58 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-08-26 15:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-08-26 15:57 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-08-26 15:57 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-08-26 15:56 1,695,744 ----a-w C:\Windows\System32\gameux.dll 2008-08-26 15:56 --------- d-----w C:\PROGRA~2\SiteAdvisor 2008-08-26 15:56 --------- d-----w C:\PROGRA~2\McAfee 2008-08-26 15:55 84,480 ----a-w C:\Windows\System32\INETRES.dll 2008-08-26 15:55 738,304 ----a-w C:\Windows\System32\inetcomm.dll 2008-08-26 15:55 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-08-26 15:55 293,376 ----a-w C:\Windows\System32\psisdecd.dll 2008-08-26 15:55 1,314,816 ----a-w C:\Windows\System32\quartz.dll 2008-08-26 15:53 --------- d-----w C:\Program Files\McAfee.com 2008-08-26 15:53 --------- d-----w C:\Program Files\Common Files\McAfee 2008-08-26 15:32 --------- d-----w C:\Program Files\Dell Photo AIO Printer 926 2008-08-26 15:31 --------- d-----w C:\Program Files\Dell PC Fax 2008-08-26 15:31 --------- d-----w C:\Program Files\Dell 2008-08-26 15:31 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-08-26 15:30 --------- d-----w C:\PROGRA~2\DellFaxCtr 2008-08-26 15:21 --------- d-----w C:\Program Files\Logitech 2008-08-26 15:21 --------- d-----w C:\PROGRA~2\Logitech 2008-08-26 15:19 --------- d-----w C:\PROGRA~2\Creative 2008-08-26 15:07 --------- d--h--w C:\Program Files\Creative Installation Information 2008-08-26 15:06 --------- d-----w C:\Program Files\Creative 2008-08-26 15:06 --------- d-----w C:\Program Files\Common Files\Creative 2008-08-26 15:05 409,600 ----a-w C:\Windows\System32\wrap_oal.dll 2008-08-26 15:05 114,688 ----a-w C:\Windows\System32\OpenAL32.dll 2008-08-26 15:05 --------- d-----w C:\Program Files\OpenAL 2008-08-26 14:45 --------- d-sh--w C:\Program Files\Fichiers communs 2008-08-26 14:45 --------- d-sh--w C:\PROGRA~2\Modèles 2008-08-26 14:45 --------- d-sh--w C:\PROGRA~2\Menu Démarrer 2008-08-26 14:45 --------- d-sh--w C:\PROGRA~2\Favoris 2008-08-26 14:45 --------- d-sh--w C:\PROGRA~2\Bureau 2008-08-01 09:05 70,936 ----a-w C:\Windows\System32\PhysXLoader.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-29 16:05 453,152 ----a-w C:\Windows\System32\NVUNINST.EXE 2008-07-25 08:34 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w C:\Windows\System32\divx.dll 2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-07-15 15:23 72,728 ----a-w C:\Windows\System32\CTHWIUT.DLL 2008-07-15 15:23 170,520 ----a-w C:\Windows\System32\CT20XUT.DLL 2008-07-15 15:22 1,323,544 ----a-w C:\Windows\System32\CTEXFIFX.DLL . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "nHancer"="C:\Program Files\nHancer\nHancer.exe" [2008-05-07 1302528] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "filehippo.com"="C:\Program Files\filehippo.com\UpdateChecker.exe" [2008-07-03 137216] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 90112] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096] "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640] "FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-04 312200] "dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-04 291720] "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-04 304008] "DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472] "SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-08-02 13576736] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-08-02 92704] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "CTHelper"="CTHELPER.EXE" [2006-11-02 C:\Windows\System32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-07-11 C:\Windows\System32\Ctxfihlp.exe] "CTXFIREG"="CTxfiReg.exe" [2008-07-11 C:\Windows\System32\Ctxfireg.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSSMSGS"=rundll32.exe winfbn32.rom,MjxRun [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-432628767-3582115498-3613389281-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A9BDFD6C-70E7-45A0-B1AB-472219FC2C15}"= UDP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System "{9C814E7C-775C-4EB6-9D67-8B20AE6A01D7}"= TCP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System "{7AF7D115-E22F-41FC-B2AE-DA3800A2819E}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor "{41AD6838-D737-4974-9163-337BB02DE1B6}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor "{8498C9F3-A587-414D-9493-96ED7C54648C}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center "{71FF2ABB-EC7A-4862-96E4-71A325E733BD}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center "{268953B2-55CA-4376-AF30-EB76BB036102}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{A2EF53DF-9025-444A-AFE9-8377D62B6523}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{D83ACB5E-7FFC-45D8-8F0C-88F8ABFE109B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{0240763C-196F-45E3-B919-0698CCCC79A4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{54D78358-29D9-4D2C-9916-2776660D84D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C25EC348-CAA0-4AF3-AE10-C3651EA0E6F6}"= UDP:990:LocalSubnet:LocalSubnet|IF={40758039-CE9E-409A-8989-8F6D5A0EC1AB}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001 "{C6D7D9FF-F34A-4941-ACEB-391EBD904A78}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp "{61D31386-002B-4C35-A998-D41F5FE2155D}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp "{68DCCAE8-E237-4A31-8F37-43C749161AFB}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice "{0017FA62-7656-44C1-AF68-1027CFB13575}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice "{55A3DE2A-D196-43B3-9CE9-4003EA5CCD04}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail "{4FE3B8FA-7E3A-4B28-8932-78872FEBA877}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail "{3D197F33-7ED9-4A33-B646-59E35B7783C8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{792002A2-D5AA-4762-9714-CE241412DE71}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{A2881207-7D8D-4D29-A37A-434AE7272341}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{7992CC27-EFB9-4B59-8CF5-7DD12031293A}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "C:\\Windows\\system32\\winver.exe"= C:\Windows\system32\winver.exe:*:Enabled:winver R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe [2006-10-11 532480] R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504] R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-07-15 1173016] R3 npusbio;npusbio;C:\Windows\system32\Drivers\npusbio.sys [2008-01-11 36384] S2 0149261222892104mcinstcleanup;McAfee Application Installer Cleanup (0149261222892104);C:\Windows\TEMP\014926~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini [ ] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656] S3 NPUSB;NPUSB;C:\Windows\system32\DRIVERS\npusb.sys [2006-12-06 15360] S3 SaiH075C;SaiH075C;C:\Windows\system32\DRIVERS\SaiH075C.sys [2007-05-01 132232] S3 SaiH0763;SaiH0763;C:\Windows\system32\DRIVERS\SaiH0763.sys [2007-05-01 132232] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-09-04 355584] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-01 23:08:32 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\Windows\Explorer.exe -> C:\Program Files\SiteAdvisor\6261\saHook.dll . Heure de fin: 2008-10-01 23:09:44 ComboFix-quarantined-files.txt 2008-10-01 21:09:39 Avant-CF: 327ÿ551ÿ975ÿ424 octets libres Après-CF: 330,506,797,056 octets libres 357 --- E O F --- 2008-10-01 16:01:00 Logfile of random's system information tool 1.02 (written by random/random) Run by fabrice at 2008-10-01 23:11:10 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 315 GB (66%) free of 477 GB Total RAM: 3069 MB (63% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:11:11, on 01/10/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\System32\mobsync.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Windows\system32\taskeng.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\fabrice\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\fabrice.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: McAfee Application Installer Cleanup (0149261222892104) (0149261222892104mcinstcleanup) - Unknown owner - C:\Windows\TEMP\014926~1.EXE (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 8272 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Maintenance en 1 clic.job C:\Windows\tasks\McDefragTask.job C:\Windows\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}] C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CTHelper"=C:\Windows\system32\CTHELPER.EXE [2006-11-02 19456] "CTxfiHlp"=C:\Windows\system32\CTXFIHLP.EXE [2008-07-11 19968] "CTXFIREG"=C:\Windows\system32\CTxfiReg.exe [2008-07-11 43520] "UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112] "Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2007-12-13 2051096] "Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2007-12-13 2095640] "FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-11-04 312200] "dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2006-11-04 291720] "MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-11-04 304008] "DLCXCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll [] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992] "SiteAdvisor"=C:\Program Files\SiteAdvisor\6261\SiteAdv.exe [2007-08-24 36640] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552] "ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2007-10-02 233472] "SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2007-10-02 131072] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-08-02 13576736] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-08-02 92704] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-19 2153472] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "nHancer"=C:\Program Files\nHancer\nHancer.exe [2008-05-07 1302528] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "filehippo.com"=C:\Program Files\filehippo.com\UpdateChecker.exe [2008-07-03 137216] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Windows\system32\winver.exe"="C:\Windows\system32\winver.exe:*:Enabled:winver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2008-10-01 23:11:10 ----D---- C:\rsit 2008-10-01 23:09:45 ----A---- C:\ComboFix.txt 2008-10-01 23:05:43 ----D---- C:\ComboFix 2008-10-01 23:05:43 ----A---- C:\Windows\swreg.exe 2008-10-01 23:05:30 ----D---- C:\32788R22FWJFW 2008-10-01 15:33:39 ----D---- C:\Windows\erdnt 2008-10-01 15:32:57 ----D---- C:\QooBox 2008-10-01 15:32:56 ----A---- C:\Windows\zip.exe 2008-10-01 15:32:56 ----A---- C:\Windows\VFind.exe 2008-10-01 15:32:56 ----A---- C:\Windows\SWSC.exe 2008-10-01 15:32:56 ----A---- C:\Windows\sed.exe 2008-10-01 15:32:56 ----A---- C:\Windows\Nircmd.exe 2008-10-01 15:32:56 ----A---- C:\Windows\grep.exe 2008-10-01 15:32:56 ----A---- C:\Windows\fdsv.exe 2008-10-01 15:32:17 ----A---- C:\Windows\swxcacls.exe 2008-09-30 15:53:53 ----D---- C:\ToolBar SD 2008-09-30 11:59:09 ----D---- C:\Program Files\trend micro 2008-09-28 17:02:33 ----A---- C:\Users\fabrice\AppData\Roaming\SetValue.bat 2008-09-28 17:02:33 ----A---- C:\Users\fabrice\AppData\Roaming\GetValue.vbs 2008-09-28 17:00:26 ----A---- C:\Windows\system32\tmp.txt 2008-09-28 08:18:40 ----D---- C:\Program Files\filehippo.com 2008-09-27 18:08:04 ----D---- C:\Windows\system32\Kaspersky Lab 2008-09-26 10:40:19 ----D---- C:\Program Files\iWizz 2008-09-26 10:35:02 ----A---- C:\Windows\system32\mdimon.dll 2008-09-26 10:34:25 ----D---- C:\Program Files\Microsoft Works 2008-09-26 10:34:05 ----D---- C:\Program Files\Microsoft Visual Studio 2008-09-26 10:34:05 ----D---- C:\Program Files\Common Files\DESIGNER 2008-09-26 10:33:36 ----D---- C:\Program Files\Microsoft.NET 2008-09-26 10:31:18 ----D---- C:\Program Files\Microsoft Office 2008-09-26 10:31:17 ----D---- C:\ProgramData\Microsoft Help 2008-09-26 10:30:59 ----RHD---- C:\MSOCache 2008-09-22 09:59:49 ----A---- C:\Windows\ntbtlog.txt 2008-09-22 01:55:24 ----D---- C:\Program Files\Microsoft Silverlight 2008-09-21 20:00:36 ----D---- C:\Users\fabrice\AppData\Roaming\PeerNetworking 2008-09-21 18:51:17 ----D---- C:\ProgramData\WindowsSearch 2008-09-21 18:14:21 ----D---- C:\FSGX 2008-09-21 11:53:19 ----SHD---- C:\Diskeeper 2008-09-21 11:30:54 ----D---- C:\ProgramData\Diskeeper Corporation 2008-09-21 11:27:57 ----HD---- C:\Windows\PIF 2008-09-20 23:40:10 ----D---- C:\Program Files\Sun 2008-09-20 23:39:14 ----A---- C:\Windows\system32\javaws.exe 2008-09-20 23:39:14 ----A---- C:\Windows\system32\javaw.exe 2008-09-20 23:39:14 ----A---- C:\Windows\system32\java.exe 2008-09-20 23:38:44 ----D---- C:\Program Files\Java 2008-09-20 23:38:25 ----D---- C:\Program Files\Common Files\Java 2008-09-20 23:32:37 ----D---- C:\Program Files\AICarriers 2008-09-20 23:32:03 ----D---- C:\Users\fabrice\AppData\Roaming\Notepad++ 2008-09-20 23:32:03 ----D---- C:\Program Files\Notepad++ 2008-09-20 23:02:10 ----D---- C:\Program Files\JABX 2008-09-20 12:12:07 ----D---- C:\Program Files\Common Files\Microsoft Games 2008-09-20 11:33:48 ----D---- C:\ProgramData\Adobe 2008-09-20 11:33:40 ----D---- C:\Program Files\Common Files\Adobe AIR 2008-09-20 02:21:55 ----D---- C:\Program Files\Diskeeper Corporation 2008-09-17 01:03:58 ----D---- C:\Program Files\Foxit Software 2008-09-17 00:17:17 ----D---- C:\inetpub 2008-09-15 00:13:10 ----A---- C:\Windows\PhotoSnapViewer.INI 2008-09-14 11:04:11 ----D---- C:\Program Files\FS Recorder for FSX 2008-09-12 12:00:07 ----SHD---- C:\Config.Msi 2008-09-12 00:37:30 ----A---- C:\Windows\NeroDigital.ini 2008-09-11 23:50:51 ----D---- C:\Program Files\SquawkBox 2008-09-11 15:39:14 ----D---- C:\Program Files\PicNic 2008-09-11 15:15:50 ----D---- C:\Program Files\TreeX 2008-09-09 23:59:49 ----A---- C:\Windows\system32\MRT.INI 2008-09-09 20:57:24 ----A---- C:\Windows\system32\Apphlpdm.dll 2008-09-09 20:57:21 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-09-09 20:57:14 ----A---- C:\Windows\system32\wmpeffects.dll 2008-09-09 20:57:11 ----A---- C:\Windows\system32\emdmgmt.dll 2008-09-09 20:57:10 ----A---- C:\Windows\system32\dataclen.dll 2008-09-09 20:57:10 ----A---- C:\Windows\system32\cdd.dll 2008-09-09 08:49:36 ----D---- C:\Users\fabrice\AppData\Roaming\Ahead 2008-09-09 08:48:04 ----D---- C:\ProgramData\Nero 2008-09-09 08:48:02 ----D---- C:\Program Files\Nero 2008-09-09 08:48:02 ----D---- C:\Program Files\Common Files\Ahead 2008-09-09 02:09:16 ----D---- C:\Program Files\Smart Projects 2008-09-09 01:57:35 ----D---- C:\Program Files\DAEMON Tools 2008-09-08 12:11:59 ----A---- C:\Windows\system32\rmoc3260.dll 2008-09-08 12:11:59 ----A---- C:\Windows\system32\pndx5032.dll 2008-09-08 12:11:59 ----A---- C:\Windows\system32\pndx5016.dll 2008-09-08 12:11:59 ----A---- C:\Windows\system32\pncrt.dll 2008-09-08 12:11:49 ----A---- C:\Windows\system32\msvcp71.dll 2008-09-08 12:11:47 ----D---- C:\Users\fabrice\AppData\Roaming\Real 2008-09-08 12:11:47 ----D---- C:\ProgramData\Real 2008-09-07 20:24:44 ----A---- C:\Windows\system32\unrar.dll 2008-09-07 20:24:44 ----A---- C:\Windows\avisplitter.ini 2008-09-07 20:24:39 ----A---- C:\Windows\system32\yv12vfw.dll 2008-09-07 20:24:38 ----A---- C:\Windows\system32\xvidvfw.dll 2008-09-07 20:24:38 ----A---- C:\Windows\system32\xvidcore.dll 2008-09-07 20:24:38 ----A---- C:\Windows\system32\qt-dx331.dll 2008-09-07 20:24:38 ----A---- C:\Windows\system32\dpl100.dll 2008-09-07 20:24:36 ----A---- C:\Windows\system32\ff_vfw.dll.manifest 2008-09-07 20:24:36 ----A---- C:\Windows\system32\ff_vfw.dll 2008-09-07 20:24:36 ----A---- C:\Windows\system32\divx.dll 2008-09-07 20:24:35 ----A---- C:\Windows\system32\msvcr71.dll 2008-09-07 20:24:34 ----D---- C:\Program Files\K-Lite Codec Pack 2008-09-04 20:21:53 ----A---- C:\Windows\system32\wups2.dll 2008-09-04 20:21:52 ----A---- C:\Windows\system32\wucltux.dll 2008-09-04 20:21:52 ----A---- C:\Windows\system32\wuaueng.dll 2008-09-04 20:21:52 ----A---- C:\Windows\system32\wuauclt.exe 2008-09-04 20:21:42 ----A---- C:\Windows\system32\wups.dll 2008-09-04 20:21:42 ----A---- C:\Windows\system32\wudriver.dll 2008-09-04 20:21:42 ----A---- C:\Windows\system32\wuapi.dll 2008-09-04 20:21:34 ----A---- C:\Windows\system32\wuwebv.dll 2008-09-04 20:21:34 ----A---- C:\Windows\system32\wuapp.exe 2008-09-04 01:04:06 ----A---- C:\Windows\system32\TuneUpDefragService.exe 2008-09-04 01:03:39 ----D---- C:\Program Files\TuneUp Utilities 2008 2008-09-03 17:42:29 ----D---- C:\Users\fabrice\AppData\Roaming\Malwarebytes 2008-09-03 17:42:26 ----D---- C:\ProgramData\Malwarebytes 2008-09-03 17:42:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-03 16:38:10 ----A---- C:\Windows\system32\CSVer.dll 2008-09-03 16:29:24 ----A---- C:\Windows\system32\difxapi.dll 2008-09-03 16:28:15 ----D---- C:\Intel 2008-09-03 16:28:01 ----D---- C:\Program Files\Intel 2008-09-03 00:59:45 ----D---- C:\Windows\system32\AGEIA 2008-09-03 00:59:45 ----D---- C:\Program Files\AGEIA Technologies 2008-09-03 00:42:55 ----D---- C:\Windows\Minidump 2008-09-03 00:36:19 ----A---- C:\Windows\INRESFRN.DLL 2008-09-03 00:36:19 ----A---- C:\Windows\CTXFIFRN.DLL 2008-09-03 00:36:11 ----A---- C:\Windows\system32\AppSetup.exe 2008-09-03 00:27:43 ----A---- C:\Windows\system32\authuitu.dll 2008-09-03 00:27:41 ----A---- C:\Windows\system32\uxtuneup.dll 2008-09-03 00:27:29 ----D---- C:\Users\fabrice\AppData\Roaming\TuneUp Software 2008-09-03 00:26:56 ----D---- C:\ProgramData\TuneUp Software 2008-09-02 17:20:17 ----A---- C:\Windows\installlog.txt 2008-09-02 17:11:34 ----D---- C:\ProgramData\ma-config.com 2008-09-02 17:11:34 ----D---- C:\Program Files\ma-config.com 2008-09-02 16:24:54 ----D---- C:\ProgramData\Saitek 2008-09-02 16:24:53 ----D---- C:\Program Files\Saitek 2008-09-02 16:20:37 ----A---- C:\Windows\system32\SAIKICK.dll 2008-09-02 16:20:37 ----A---- C:\Windows\system32\SAIGON.dll 2008-09-02 16:07:34 ----D---- C:\Program Files\NaturalPoint 2008-09-02 15:34:14 ----D---- C:\ProgramData\nHancer 2008-09-02 15:34:14 ----D---- C:\Program Files\nHancer ======List of files/folders modified in the last 1 months====== 2008-10-01 23:11:07 ----D---- C:\Windows\Temp 2008-10-01 23:09:47 ----D---- C:\Windows\System32 2008-10-01 23:09:45 ----D---- C:\Windows 2008-10-01 23:08:31 ----A---- C:\Windows\system.ini 2008-10-01 23:07:34 ----D---- C:\Windows\system32\drivers 2008-10-01 23:07:34 ----D---- C:\Windows\AppPatch 2008-10-01 23:07:34 ----D---- C:\Program Files\Common Files 2008-10-01 23:06:14 ----SHD---- C:\System Volume Information 2008-10-01 23:05:43 ----D---- C:\Windows\system32\en-US 2008-10-01 22:42:12 ----D---- C:\Users\fabrice\AppData\Roaming\BitTorrent 2008-10-01 22:14:55 ----D---- C:\Program Files\McAfee 2008-10-01 18:03:02 ----D---- C:\Program Files\Dl_cats 2008-10-01 18:01:00 ----SHD---- C:\Windows\Installer 2008-10-01 17:58:43 ----RSD---- C:\Windows\assembly 2008-10-01 17:58:43 ----D---- C:\Windows\winsxs 2008-10-01 17:57:58 ----D---- C:\Program Files\Common Files\microsoft shared 2008-10-01 17:31:13 ----D---- C:\Windows\system32\catroot2 2008-10-01 15:34:11 ----HD---- C:\ProgramData 2008-10-01 15:12:52 ----D---- C:\Windows\Prefetch 2008-09-30 23:56:34 ----D---- C:\Windows\system32\config 2008-09-30 11:59:09 ----RD---- C:\Program Files 2008-09-29 15:25:55 ----D---- C:\Windows\inf 2008-09-29 15:25:55 ----A---- C:\Windows\system32\PerfStringBackup.INI 2008-09-28 08:51:20 ----D---- C:\Windows\system32\Tasks 2008-09-28 00:29:15 ----D---- C:\Program Files\Mozilla Firefox 2008-09-27 18:08:05 ----SD---- C:\Windows\Downloaded Program Files 2008-09-27 15:39:29 ----D---- C:\Windows\Logs 2008-09-27 14:46:24 ----SHD---- C:\Boot 2008-09-26 10:51:07 ----SD---- C:\Users\fabrice\AppData\Roaming\Microsoft 2008-09-26 10:35:23 ----SD---- C:\ProgramData\Microsoft 2008-09-26 10:34:02 ----D---- C:\Windows\ShellNew 2008-09-26 10:33:43 ----RSD---- C:\Windows\Fonts 2008-09-21 19:26:44 ----D---- C:\Windows\system32\NDF 2008-09-21 18:13:55 ----D---- C:\Program Files\Microsoft Games 2008-09-21 11:30:55 ----D---- C:\Windows\Help 2008-09-20 12:12:12 ----HD---- C:\Program Files\InstallShield Installation Information 2008-09-20 11:33:48 ----D---- C:\Users\fabrice\AppData\Roaming\Adobe 2008-09-17 08:45:10 ----D---- C:\Windows\rescache 2008-09-17 00:18:20 ----D---- C:\Windows\Microsoft.NET 2008-09-17 00:17:23 ----D---- C:\Windows\system32\migration 2008-09-17 00:17:23 ----D---- C:\Windows\system32\fr-FR 2008-09-17 00:17:22 ----D---- C:\Windows\system32\inetsrv 2008-09-10 00:07:49 ----D---- C:\Users\fabrice\AppData\Roaming\SiteAdvisor 2008-09-09 23:39:55 ----D---- C:\Windows\system32\catroot 2008-09-09 08:49:13 ----D---- C:\Windows\ehome 2008-09-07 20:18:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-07 02:34:09 ----D---- C:\Windows\system32\WDI 2008-09-04 01:04:16 ----D---- C:\Windows\Tasks 2008-09-03 01:02:10 ----D---- C:\ProgramData\NVIDIA 2008-09-03 00:37:49 ----A---- C:\Windows\system32\ctzapxx.ini 2008-09-03 00:37:44 ----D---- C:\Windows\system32\Data 2008-09-02 16:07:09 ----D---- C:\Program Files\Common Files\InstallShield 2008-09-02 11:01:49 ----D---- C:\Users\fabrice\AppData\Roaming\Creative ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320] R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728] R3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] R3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2008-07-15 170520] R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2008-07-15 511000] R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2008-07-15 527384] R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2008-07-15 1323544] R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2008-07-15 72728] R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2008-07-15 14360] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2008-07-15 157208] R3 e1express;Pilote de la connexion réseau Intel® PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-19 220672] R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2008-07-15 92696] R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2008-07-15 1173016] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304] R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240] R3 npusbio;npusbio; C:\Windows\System32\Drivers\npusbio.sys [2008-01-11 36384] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-08-02 7314528] R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2008-07-15 127000] R3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2007-10-05 14080] R3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2007-10-05 35200] R3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 ab60xud9;ab60xud9; C:\Windows\system32\drivers\ab60xud9.sys [] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2008-07-15 347080] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-09-02 15352] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832] S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NPUSB;NPUSB; C:\Windows\system32\DRIVERS\npusb.sys [2006-12-06 15360] S3 SaiH075C;SaiH075C; C:\Windows\system32\DRIVERS\SaiH075C.sys [2007-05-01 132232] S3 SaiH0763;SaiH0763; C:\Windows\system32\DRIVERS\SaiH0763.sys [2007-05-01 132232] S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-19 15872] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664] R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [1999-12-13 44032] R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-10-16 1094936] R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-10-11 532480] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248] R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864] R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880] R2 nHancer;nHancer Support; C:\Program Files\nHancer\nHancerService.exe [2008-05-07 49152] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-08-02 196608] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 SiteAdvisor Service;Service SiteAdvisor; C:\Program Files\SiteAdvisor\6261\SAService.exe [2008-08-27 345376] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504] S2 0149261222892104mcinstcleanup;McAfee Application Installer Cleanup (0149261222892104); C:\Windows\TEMP\014926~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-09-04 355584] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624] -----------------EOF----------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:11:11, on 01/10/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\System32\mobsync.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Windows\system32\taskeng.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\fabrice\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\fabrice.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: McAfee Application Installer Cleanup (0149261222892104) (0149261222892104mcinstcleanup) - Unknown owner - C:\Windows\TEMP\014926~1.EXE (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 8272 bytes

voila je le rapport par contre j ai un doute c est bien la premier option qu il faut lancer car en faisant ca je n ai pas la fammeuse ligne 17 a fixer en lancant le scan Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:54, on 2008-10-01 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\System32\mobsync.exe C:\Windows\System32\CtHelper.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Windows\System32\rundll32.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Windows\ehome\ehmsas.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer = 85.255.116.26,85.255.112.89 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdyvj.exe -- End of file - 8282 bytes

bon voila ca as fonctionner apres cette manip mon antivirus c remis corectement en route (mise a jour corection etc ) faut voir le reste en tout cas c deja mieux voila le rapport est ce que je dois refaire la manip de HijackThis maintenant ? ComboFix 08-09-30.03 - fabrice 2008-10-01 17:32:03.1 - NTFSx86 MINIMAL Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2674 [GMT 2:00] Lancé depuis: C:\Users\fabrice\Desktop\ComboFix.exe Commutateurs utilisés :: C:\Users\fabrice\Desktop\CFScript.txt FILE :: C:\ProgramData\BMb168b79a.txt C:\ProgramData\pskt.ini C:\Windows\system32\b9784078-.txt C:\Windows\system32\kdyvj.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\kdyvj.exe . ---- Previous Run ------- . C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat C:\ProgramData\BMb168b79a.txt C:\ProgramData\pskt.ini C:\resycled C:\Windows\system32\b9784078-.txt . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Windows Tribute Service -------\Service_Windows Tribute Service ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-01 au 2008-10-01 )))))))))))))))))))))))))))))))))))) . 2008-09-30 23:51 . 2008-09-30 23:51 19,236 --a------ C:\Windows\System32\TuneUpDefragService_20080930-215115.dmp 2008-09-30 15:53 . 2008-09-30 15:57 <REP> d-------- C:\ToolBar SD 2008-09-30 11:59 . 2008-09-30 11:59 <REP> d-------- C:\rsit 2008-09-30 11:59 . 2008-10-01 15:50 <REP> d-------- C:\Program Files\trend micro 2008-09-28 17:02 . 2008-09-28 23:52 691 --a------ C:\Users\fabrice\AppData\Roaming\GetValue.vbs 2008-09-28 17:02 . 2008-09-28 23:52 35 --a------ C:\Users\fabrice\AppData\Roaming\SetValue.bat 2008-09-28 17:00 . 2008-09-30 15:51 4,154 --a------ C:\Windows\System32\tmp.reg 2008-09-28 08:18 . 2008-09-28 08:18 <REP> d-------- C:\Program Files\filehippo.com 2008-09-27 18:08 . 2008-09-27 18:08 <REP> d-------- C:\Windows\System32\Kaspersky Lab 2008-09-26 10:40 . 2008-09-26 10:40 <REP> d-------- C:\Program Files\iWizz 2008-09-26 10:35 . 2006-10-26 19:58 30,512 --a------ C:\Windows\System32\mdimon.dll 2008-09-26 10:34 . 2008-09-26 10:34 <REP> d-------- C:\Program Files\Microsoft Works 2008-09-26 10:33 . 2008-09-26 10:33 <REP> d-------- C:\Program Files\Microsoft.NET 2008-09-26 10:31 . 2008-09-26 10:35 <REP> d-------- C:\Users\All Users\Microsoft Help 2008-09-26 10:31 . 2008-09-26 10:35 <REP> d-------- C:\PROGRA~2\Microsoft Help 2008-09-26 10:30 . 2008-09-26 10:30 <REP> dr-h----- C:\MSOCache 2008-09-22 01:55 . 2008-09-22 01:55 <REP> d-------- C:\Program Files\Microsoft Silverlight 2008-09-21 20:00 . 2008-09-21 20:00 <REP> d-------- C:\Users\fabrice\AppData\Roaming\PeerNetworking 2008-09-21 18:51 . 2008-09-21 18:51 <REP> d-------- C:\Users\All Users\WindowsSearch 2008-09-21 18:51 . 2008-09-21 18:51 <REP> d-------- C:\PROGRA~2\WindowsSearch 2008-09-21 18:14 . 2008-09-21 18:41 <REP> d-------- C:\FSGX 2008-09-21 11:53 . 2008-09-21 11:53 <REP> d--hs---- C:\Diskeeper 2008-09-21 11:30 . 2008-09-21 11:30 <REP> d-------- C:\Users\All Users\Diskeeper Corporation 2008-09-21 11:30 . 2008-09-21 11:30 <REP> d-------- C:\PROGRA~2\Diskeeper Corporation 2008-09-21 11:27 . 2008-09-21 11:27 <REP> d--h----- C:\Windows\PIF 2008-09-20 23:40 . 2008-09-20 23:40 <REP> d-------- C:\Program Files\Sun 2008-09-20 23:38 . 2008-09-20 23:39 <REP> d-------- C:\Program Files\Java 2008-09-20 23:38 . 2008-09-20 23:38 <REP> d-------- C:\Program Files\Common Files\Java 2008-09-20 23:32 . 2008-09-20 23:33 <REP> d-------- C:\Users\fabrice\AppData\Roaming\Notepad++ 2008-09-20 23:32 . 2008-09-20 23:32 <REP> d-------- C:\Program Files\Notepad++ 2008-09-20 23:32 . 2008-09-20 23:32 <REP> d-------- C:\Program Files\AICarriers 2008-09-20 23:02 . 2008-09-22 14:51 <REP> d-------- C:\Program Files\JABX 2008-09-20 12:12 . 2008-09-20 12:12 <REP> d-------- C:\Program Files\Common Files\Microsoft Games 2008-09-20 11:33 . 2008-09-20 11:33 <REP> d-------- C:\Users\All Users\Adobe 2008-09-20 11:33 . 2008-09-20 11:33 <REP> d-------- C:\Program Files\Common Files\Adobe AIR 2008-09-20 02:21 . 2008-09-20 02:21 <REP> d-------- C:\Program Files\Diskeeper Corporation 2008-09-17 01:03 . 2008-09-17 01:03 <REP> d-------- C:\Program Files\Foxit Software 2008-09-17 00:17 . 2008-09-17 00:17 <REP> d-------- C:\inetpub 2008-09-15 00:13 . 2008-09-15 00:13 151 --a------ C:\Windows\PhotoSnapViewer.INI 2008-09-14 15:40 . 2008-09-14 15:36 737,280 --a------ C:\Windows\iun6002.exe 2008-09-14 15:36 . 2008-09-14 15:44 1,024 --a------ C:\Windows\utrafficx.lic 2008-09-14 11:04 . 2008-09-14 11:04 <REP> d-------- C:\Program Files\FS Recorder for FSX 2008-09-12 00:37 . 2008-09-28 00:12 69 --a------ C:\Windows\NeroDigital.ini 2008-09-11 23:50 . 2008-09-17 15:21 <REP> d-------- C:\Program Files\SquawkBox 2008-09-11 15:39 . 2008-09-11 15:39 <REP> d-------- C:\Program Files\PicNic 2008-09-11 15:15 . 2008-09-11 15:15 <REP> d-------- C:\Program Files\TreeX 2008-09-09 23:59 . 2008-09-09 23:59 118 --a------ C:\Windows\System32\MRT.INI 2008-09-09 20:57 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-09 20:57 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-09 20:57 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-09 20:57 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-09 20:57 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-09 20:57 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-09 20:57 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-09 20:57 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-09 20:57 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-09 08:49 . 2008-09-17 01:11 <REP> d-------- C:\Users\fabrice\AppData\Roaming\Ahead 2008-09-09 08:48 . 2008-09-09 08:48 <REP> d-------- C:\Users\All Users\Nero 2008-09-09 08:48 . 2008-09-09 08:48 <REP> d-------- C:\Program Files\Nero 2008-09-09 08:48 . 2008-09-09 08:50 <REP> d-------- C:\Program Files\Common Files\Ahead 2008-09-09 08:48 . 2008-09-09 08:48 <REP> d-------- C:\PROGRA~2\Nero 2008-09-09 02:09 . 2008-09-09 02:09 <REP> d-------- C:\Program Files\Smart Projects 2008-09-09 01:57 . 2008-09-09 01:57 <REP> d-------- C:\Program Files\DAEMON Tools 2008-09-09 00:36 . 2008-09-09 00:36 611,064 --a------ C:\Windows\System32\drivers\sptd.sys 2008-09-09 00:36 . 2008-09-09 00:36 142,904 --a------ C:\Windows\System32\drivers\sptddrv1.sys 2008-09-08 12:11 . 2008-09-08 12:11 <REP> d-------- C:\Users\All Users\Real 2008-09-08 12:11 . 2003-03-19 05:14 499,712 --a------ C:\Windows\System32\msvcp71.dll 2008-09-07 20:24 . 2008-09-08 12:12 <REP> d-------- C:\Program Files\K-Lite Codec Pack 2008-09-04 20:21 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-09-04 20:21 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-09-04 20:21 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-09-04 20:21 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-09-04 20:21 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-09-04 20:21 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-09-04 20:21 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-09-04 20:21 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-09-04 20:21 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-09-04 01:04 . 2008-09-04 01:04 355,584 --a------ C:\Windows\System32\TuneUpDefragService.exe 2008-09-04 01:03 . 2008-09-04 01:04 <REP> d-------- C:\Program Files\TuneUp Utilities 2008 2008-09-03 17:42 . 2008-09-03 17:42 <REP> d-------- C:\Users\fabrice\AppData\Roaming\Malwarebytes 2008-09-03 17:42 . 2008-09-03 17:42 <REP> d-------- C:\Users\All Users\Malwarebytes 2008-09-03 17:42 . 2008-09-09 23:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-03 17:42 . 2008-09-03 17:42 <REP> d-------- C:\PROGRA~2\Malwarebytes 2008-09-03 17:42 . 2008-09-08 00:11 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-03 17:42 . 2008-09-08 00:11 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-03 16:38 . 2008-05-01 16:35 53,248 --a------ C:\Windows\System32\CSVer.dll 2008-09-03 16:29 . 2006-11-10 09:25 319,456 --a------ C:\Windows\System32\difxapi.dll 2008-09-03 16:28 . 2008-09-03 16:38 <REP> d-------- C:\Program Files\Intel 2008-09-03 16:28 . 2008-09-03 16:28 <REP> d-------- C:\Intel 2008-09-03 16:28 . 2008-07-20 17:44 324,120 --a------ C:\Windows\System32\drivers\iaStor.sys 2008-09-03 00:59 . 2008-09-03 00:59 <REP> d-------- C:\Windows\System32\AGEIA 2008-09-03 00:59 . 2008-09-03 00:59 <REP> d-------- C:\Program Files\AGEIA Technologies 2008-09-03 00:42 . 2008-10-01 15:38 279,461,499 --a------ C:\Windows\MEMORY.DMP 2008-09-03 00:36 . 2008-07-15 01:08 24,089,151 --a------ C:\Windows\System32\AppSetup.exe 2008-09-03 00:36 . 2004-07-30 14:47 20,480 --a------ C:\Windows\INRESFRN.DLL 2008-09-03 00:36 . 2006-06-09 15:20 3,072 --a------ C:\Windows\CTXFIFRN.DLL 2008-09-03 00:27 . 2008-09-03 00:27 <REP> d-------- C:\Users\fabrice\AppData\Roaming\TuneUp Software 2008-09-03 00:27 . 2008-05-29 09:28 28,416 --a------ C:\Windows\System32\uxtuneup.dll 2008-09-03 00:27 . 2008-05-29 09:28 16,640 --a------ C:\Windows\System32\authuitu.dll 2008-09-03 00:26 . 2008-09-04 01:03 <REP> d-------- C:\Users\All Users\TuneUp Software 2008-09-03 00:26 . 2008-09-04 01:03 <REP> d-------- C:\PROGRA~2\TuneUp Software 2008-09-02 17:20 . 2008-01-11 20:21 36,384 --a------ C:\Windows\System32\drivers\npusbio.sys 2008-09-02 17:11 . 2008-09-03 16:23 <REP> d-------- C:\Users\All Users\ma-config.com 2008-09-02 17:11 . 2008-09-03 16:23 <REP> d-------- C:\Program Files\ma-config.com 2008-09-02 17:11 . 2008-09-03 16:23 <REP> d-------- C:\PROGRA~2\ma-config.com 2008-09-02 16:24 . 2008-09-02 16:24 <REP> d-------- C:\Users\All Users\Saitek 2008-09-02 16:24 . 2008-09-02 16:24 <REP> d-------- C:\Program Files\Saitek 2008-09-02 16:24 . 2008-09-02 16:24 <REP> d-------- C:\PROGRA~2\Saitek 2008-09-02 16:20 . 2005-11-03 11:27 155,648 --a------ C:\Windows\System32\nY.exe 2008-09-02 16:20 . 2005-11-03 11:09 57,344 --a------ C:\Windows\System32\SAIGON.dll 2008-09-02 16:20 . 2005-10-18 14:31 45,056 --a------ C:\Windows\System32\SAIKICK.dll 2008-09-02 16:17 . 2007-05-01 16:11 8,252 --a------ C:\Windows\System32\SaiD075C.pr0 2008-09-02 16:07 . 2008-09-02 16:07 <REP> d-------- C:\Program Files\NaturalPoint 2008-09-02 16:07 . 2006-12-06 17:20 15,360 --a------ C:\Windows\System32\drivers\npusb.sys 2008-09-02 15:34 . 2008-09-03 01:02 <REP> d-------- C:\Users\All Users\nHancer 2008-09-02 15:34 . 2008-09-02 15:34 <REP> d-------- C:\Program Files\nHancer 2008-09-02 15:34 . 2008-09-03 01:02 <REP> d-------- C:\PROGRA~2\nHancer 2008-09-02 01:08 . 2008-09-27 23:27 268 --ah----- C:\sqmdata19.sqm 2008-09-02 01:08 . 2008-09-27 23:27 244 --ah----- C:\sqmnoopt19.sqm 2008-09-01 18:04 . 2008-09-27 16:01 268 --ah----- C:\sqmdata18.sqm 2008-09-01 18:04 . 2008-09-27 16:01 244 --ah----- C:\sqmnoopt18.sqm 2008-09-01 16:03 . 2008-09-01 16:03 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf 2008-09-01 00:21 . 2008-09-27 02:35 268 --ah----- C:\sqmdata17.sqm 2008-09-01 00:21 . 2008-09-27 02:35 244 --ah----- C:\sqmnoopt17.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-01 15:36 --------- d-----w C:\Program Files\Dl_cats 2008-09-30 18:06 --------- d-----w C:\Users\fabrice\AppData\Roaming\BitTorrent 2008-09-21 16:13 --------- d-----w C:\Program Files\Microsoft Games 2008-09-20 10:12 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-11 18:07 --------- d-----w C:\Program Files\McAfee 2008-09-09 22:07 --------- d-----w C:\Users\fabrice\AppData\Roaming\SiteAdvisor 2008-09-07 18:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-09-02 23:02 --------- d-----w C:\PROGRA~2\NVIDIA 2008-09-02 14:07 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-02 09:01 --------- d-----w C:\Users\fabrice\AppData\Roaming\Creative 2008-08-29 14:07 --------- d-----w C:\Program Files\Lavasoft 2008-08-29 14:06 --------- d-----w C:\PROGRA~2\Lavasoft 2008-08-29 13:50 --------- d-----w C:\PROGRA~2\Applications 2008-08-29 13:26 --------- d-----w C:\PROGRA~2\arclmtyb 2008-08-29 06:16 --------- d-----w C:\Program Files\BitTorrent 2008-08-28 15:34 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-27 20:52 --------- d-----w C:\Program Files\SiteAdvisor 2008-08-27 14:35 174 --sha-w C:\Program Files\desktop.ini 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Mail 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Journal 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Defender 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Collaboration 2008-08-27 14:29 --------- d-----w C:\Program Files\Windows Calendar 2008-08-27 14:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-08-27 14:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-08-27 13:05 269,312 ----a-w C:\Windows\System32\es.dll 2008-08-27 06:39 --------- d-----w C:\Program Files\Windows Live 2008-08-27 06:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-08-27 06:30 --------- d-----w C:\PROGRA~2\WLInstaller 2008-08-27 06:19 --------- d-----w C:\Users\fabrice\AppData\Roaming\Turbine 2008-08-27 05:59 --------- d-----w C:\Program Files\Codemasters 2008-08-26 17:17 --------- d-----w C:\Program Files\IncrediMail 2008-08-26 17:17 --------- d-----w C:\PROGRA~2\IM 2008-08-26 17:15 --------- d-----w C:\PROGRA~2\IncrediMail 2008-08-26 16:44 --------- d-----w C:\Program Files\MozBackup 1.4 2008-08-26 16:29 --------- d-----w C:\Users\fabrice\AppData\Roaming\DellFaxCtr 2008-08-26 16:17 61,440 ----a-w C:\Windows\System32\winipsec.dll 2008-08-26 16:17 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL 2008-08-26 16:17 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll 2008-08-26 16:17 272,896 ----a-w C:\Windows\System32\polstore.dll 2008-08-26 16:10 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-08-26 16:02 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-08-26 16:00 988,216 ----a-w C:\Windows\System32\winload.exe 2008-08-26 16:00 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-08-26 16:00 615,992 ----a-w C:\Windows\System32\ci.dll 2008-08-26 16:00 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-08-26 16:00 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-08-26 16:00 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-08-26 16:00 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-08-26 16:00 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-08-26 16:00 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-08-26 16:00 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-08-26 15:59 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-08-26 15:59 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-08-26 15:58 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-08-26 15:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-08-26 15:57 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-08-26 15:57 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-08-26 15:56 1,695,744 ----a-w C:\Windows\System32\gameux.dll 2008-08-26 15:56 --------- d-----w C:\PROGRA~2\SiteAdvisor 2008-08-26 15:56 --------- d-----w C:\PROGRA~2\McAfee 2008-08-26 15:55 84,480 ----a-w C:\Windows\System32\INETRES.dll 2008-08-26 15:55 738,304 ----a-w C:\Windows\System32\inetcomm.dll 2008-08-26 15:55 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-08-26 15:55 293,376 ----a-w C:\Windows\System32\psisdecd.dll 2008-08-26 15:55 1,314,816 ----a-w C:\Windows\System32\quartz.dll 2008-08-26 15:53 --------- d-----w C:\Program Files\McAfee.com 2008-08-26 15:53 --------- d-----w C:\Program Files\Common Files\McAfee 2008-08-26 15:32 --------- d-----w C:\Program Files\Dell Photo AIO Printer 926 2008-08-26 15:31 --------- d-----w C:\Program Files\Dell PC Fax 2008-08-26 15:31 --------- d-----w C:\Program Files\Dell 2008-08-26 15:31 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-08-26 15:30 --------- d-----w C:\PROGRA~2\DellFaxCtr 2008-08-26 15:21 --------- d-----w C:\Program Files\Logitech 2008-08-26 15:21 --------- d-----w C:\PROGRA~2\Logitech 2008-08-26 15:19 --------- d-----w C:\PROGRA~2\Creative 2008-08-26 15:07 --------- d--h--w C:\Program Files\Creative Installation Information 2008-08-26 15:06 --------- d-----w C:\Program Files\Creative 2008-08-26 15:06 --------- d-----w C:\Program Files\Common Files\Creative 2008-08-26 15:05 409,600 ----a-w C:\Windows\System32\wrap_oal.dll 2008-08-26 15:05 114,688 ----a-w C:\Windows\System32\OpenAL32.dll 2008-08-26 15:05 --------- d-----w C:\Program Files\OpenAL 2008-08-26 14:45 --------- d-sh--w C:\Program Files\Fichiers communs 2008-08-26 14:45 --------- d-sh--w C:\PROGRA~2\Modèles 2008-08-26 14:45 --------- d-sh--w C:\PROGRA~2\Menu Démarrer 2008-08-26 14:45 --------- d-sh--w C:\PROGRA~2\Favoris 2008-08-26 14:45 --------- d-sh--w C:\PROGRA~2\Bureau 2008-08-01 09:05 70,936 ----a-w C:\Windows\System32\PhysXLoader.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-29 16:05 453,152 ----a-w C:\Windows\System32\NVUNINST.EXE 2008-07-25 08:34 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w C:\Windows\System32\divx.dll 2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-07-15 15:23 72,728 ----a-w C:\Windows\System32\CTHWIUT.DLL 2008-07-15 15:23 170,520 ----a-w C:\Windows\System32\CT20XUT.DLL 2008-07-15 15:22 1,323,544 ----a-w C:\Windows\System32\CTEXFIFX.DLL . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "nHancer"="C:\Program Files\nHancer\nHancer.exe" [2008-05-07 1302528] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "filehippo.com"="C:\Program Files\filehippo.com\UpdateChecker.exe" [2008-07-03 137216] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 90112] "Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096] "Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640] "FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-04 312200] "dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-04 291720] "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-04 304008] "DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 233472] "SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 131072] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-08-02 13576736] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-08-02 92704] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "CTHelper"="CTHELPER.EXE" [2006-11-02 C:\Windows\System32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2008-07-11 C:\Windows\System32\Ctxfihlp.exe] "CTXFIREG"="CTxfiReg.exe" [2008-07-11 C:\Windows\System32\Ctxfireg.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSSMSGS"=rundll32.exe winfbn32.rom,MjxRun [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-432628767-3582115498-3613389281-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A9BDFD6C-70E7-45A0-B1AB-472219FC2C15}"= UDP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System "{9C814E7C-775C-4EB6-9D67-8B20AE6A01D7}"= TCP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System "{7AF7D115-E22F-41FC-B2AE-DA3800A2819E}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor "{41AD6838-D737-4974-9163-337BB02DE1B6}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor "{8498C9F3-A587-414D-9493-96ED7C54648C}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center "{71FF2ABB-EC7A-4862-96E4-71A325E733BD}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center "{268953B2-55CA-4376-AF30-EB76BB036102}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent "{A2EF53DF-9025-444A-AFE9-8377D62B6523}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{D83ACB5E-7FFC-45D8-8F0C-88F8ABFE109B}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{0240763C-196F-45E3-B919-0698CCCC79A4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{54D78358-29D9-4D2C-9916-2776660D84D1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C25EC348-CAA0-4AF3-AE10-C3651EA0E6F6}"= UDP:990:LocalSubnet:LocalSubnet|IF={40758039-CE9E-409A-8989-8F6D5A0EC1AB}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001 "{C6D7D9FF-F34A-4941-ACEB-391EBD904A78}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp "{61D31386-002B-4C35-A998-D41F5FE2155D}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp "{68DCCAE8-E237-4A31-8F37-43C749161AFB}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice "{0017FA62-7656-44C1-AF68-1027CFB13575}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice "{55A3DE2A-D196-43B3-9CE9-4003EA5CCD04}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail "{4FE3B8FA-7E3A-4B28-8932-78872FEBA877}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail "{3D197F33-7ED9-4A33-B646-59E35B7783C8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{792002A2-D5AA-4762-9714-CE241412DE71}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{A2881207-7D8D-4D29-A37A-434AE7272341}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail "{7992CC27-EFB9-4B59-8CF5-7DD12031293A}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "C:\\Windows\\system32\\winver.exe"= C:\Windows\system32\winver.exe:*:Enabled:winver R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe [2006-10-11 532480] R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504] R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-07-15 1173016] R3 npusbio;npusbio;C:\Windows\system32\Drivers\npusbio.sys [2008-01-11 36384] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656] S3 NPUSB;NPUSB;C:\Windows\system32\DRIVERS\npusb.sys [2006-12-06 15360] S3 SaiH075C;SaiH075C;C:\Windows\system32\DRIVERS\SaiH075C.sys [2007-05-01 132232] S3 SaiH0763;SaiH0763;C:\Windows\system32\DRIVERS\SaiH0763.sys [2007-05-01 132232] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-09-04 355584] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-01 17:36:37 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: C:\Windows\Explorer.exe -> C:\Program Files\SiteAdvisor\6261\saHook.dll . ------------------------ Autres processus actifs ------------------------ . C:\Windows\System32\nvvsvc.exe C:\Windows\System32\audiodg.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\CTSVCCDA.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\Program Files\McAfee\VirusScan\Mcshield.exe C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\Program Files\nHancer\nHancerService.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\rundll32.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Windows\System32\conime.exe C:\Windows\System32\rundll32.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\IncrediMail\bin\ImApp.exe C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe C:\Windows\System32\dllhost.exe C:\Windows\System32\WerFault.exe . ************************************************************************** . Heure de fin: 2008-10-01 17:39:49 - La machine a redémarré [fabrice] ComboFix-quarantined-files.txt 2008-10-01 15:39:35 Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application. Après-CF: 332,904,603,648 octets libres 405 --- E O F --- 2008-09-09 22:00:17

y a rien aucun rapport a cette endroit je dois recommencer la manip ?

bonjour voila les deux rapport bon j ai eu un peu de mal a trouver un lien pour télécharger combofix car chez moi ca se termine en page blanche mais j y suis parvenu quand meme voila les deux rapport ComboFix 08-09-30.03 - fabrice 2008-10-01 15:33:53.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2071 [GMT 2:00] Lancé depuis: C:\Users\fabrice\Desktop\ComboFix.exe Commutateurs utilisés :: C:\Users\fabrice\Desktop\CFScript.txt * Un nouveau point de restauration a été créé FILE :: C:\ProgramData\BMb168b79a.txt C:\ProgramData\pskt.ini C:\Windows\system32\b9784078-.txt C:\Windows\system32\kdyvj.exe . Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:54, on 2008-10-01 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\System32\mobsync.exe C:\Windows\System32\CtHelper.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Windows\System32\rundll32.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Windows\ehome\ehmsas.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer = 85.255.116.26,85.255.112.89 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdyvj.exe -- End of file - 8282 bytes

voila les trois rapport dans l ordre [ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Documents and Settings\fabrice\Desktop\SmitFraudFix.exe: trouvé ! C:\Documents and Settings\fabrice\Desktop\ToolBarSD.exe: trouvé ! C:\Program Files\trend micro\HijackThis.exe: trouvé ! C:\Program Files\trend micro\hijackthis.log: trouvé ! C:\Users\fabrice\Desktop\SmitFraudFix.exe: trouvé ! C:\Users\fabrice\Desktop\ToolBarSD.exe: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\fabrice\Desktop\SmitFraudFix.exe: supprimé ! C:\Documents and Settings\fabrice\Desktop\ToolBarSD.exe: supprimé ! C:\Program Files\trend micro\HijackThis.exe: supprimé ! C:\Program Files\trend micro\hijackthis.log: supprimé ! SmitFraudFix v2.354 Scan done at 15:51:27,43, 30/09/2008 Run from C:\Users\fabrice\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6001] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Windows\system32\dlcxcoms.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\nHancer\nHancerService.exe C:\Windows\system32\svchost.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\WUDFHost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Windows\system32\rundll32.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\CtHelper.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Windows\System32\CTXFISPI.EXE C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Windows\System32\rundll32.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\system32\svchost.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\nHancer\nHancer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\IncrediMail\bin\ImApp.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\fabrice »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\fabrice\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\fabrice\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, following keys are not inevitably infected!!! »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=dword:00000000 "AppInit_DLLs"="hdxsfz.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Connexion LAN Intel® 82566DC Gigabit Platform DNS Server Search Order: 85.255.116.26 DNS Server Search Order: 85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer=85.255.116.26,85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer=85.255.116.26,85.255.112.89 HKLM\SYSTEM\CS3\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End -----------\\ ToolBar S&D 1.2.1 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core2 CPU 6600 @ 2.40GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 2.3.1 USER : fabrice ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total : 465 Go Free : 310 Go D:\ (CD or DVD) E:\ (USB) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) K:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 ) Option : [1] ( 30/09/2008|15:54 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Windows\iun6002.exe -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\windows\\system32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Local Page"="C:\\windows\\system32\\blank.htm" --------------------\\ Recherche d'autres infections [HKLM\SYSTEM\CurrentControlSet\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}] NameServer REG_SZ 85.255.116.26,85.255.112.89 [HKLM\SYSTEM\ControlSet001\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}] NameServer REG_SZ 85.255.116.26,85.255.112.89 ==> WAREOUT <== 1 - "C:\ToolBar SD\TB_1.txt" - 30/09/2008|15:57 - Option : [1] -----------\\ Fin du rapport a 15:57:24,90

voila le premier Logfile of random's system information tool 1.02 (written by random/random) Run by fabrice at 2008-09-30 11:59:09 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 318 GB (67%) free of 477 GB Total RAM: 3069 MB (54% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:59:38, on 30/09/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Windows\system32\dlcxcoms.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\nHancer\nHancerService.exe C:\Windows\system32\svchost.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\WUDFHost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Windows\system32\rundll32.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\CtHelper.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Windows\System32\CTXFISPI.EXE C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Windows\System32\rundll32.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\system32\svchost.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\nHancer\nHancer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\IncrediMail\bin\ImApp.exe C:\Windows\system32\taskeng.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\fabrice\Desktop\RSIT.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\fabrice.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer = 85.255.116.26,85.255.112.89 O20 - AppInit_DLLs: hdxsfz.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdyvj.exe -- End of file - 10259 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Maintenance en 1 clic.job C:\Windows\tasks\McDefragTask.job C:\Windows\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}] C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0BF43445-2F28-4351-9252-17FE6E806AA0} - McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll [2008-05-16 927008] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "CTHelper"=C:\Windows\system32\CTHELPER.EXE [2006-11-02 19456] "CTxfiHlp"=C:\Windows\system32\CTXFIHLP.EXE [2008-07-11 19968] "CTXFIREG"=C:\Windows\system32\CTxfiReg.exe [2008-07-11 43520] "UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112] "Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2007-12-13 2051096] "Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2007-12-13 2095640] "FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-11-04 312200] "dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2006-11-04 291720] "MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-11-04 304008] "DLCXCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll [] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992] "SiteAdvisor"=C:\Program Files\SiteAdvisor\6261\SiteAdv.exe [2007-08-24 36640] "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552] "ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2007-10-02 233472] "SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2007-10-02 131072] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-08-02 13576736] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-08-02 92704] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] "WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-19 2153472] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "nHancer"=C:\Program Files\nHancer\nHancer.exe [2008-05-07 1302528] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "filehippo.com"=C:\Program Files\filehippo.com\UpdateChecker.exe [2008-07-03 137216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Antivirus] C:\Program Files\MSA\MSA.exe [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="hdxsfz.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{DA2E0515-F0D5-4773-8191-400CCD50783B}"=C:\Windows\system32\ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NofolderOptions"=0 "NoFind"=0 "NoRun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoFolderOptions"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "C:\Windows\system32\winver.exe"="C:\Windows\system32\winver.exe:*:Enabled:winver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .reg - open - regedit.exe "%1" %* ======List of files/folders created in the last 1 months====== 2008-09-30 11:59:09 ----D---- C:\rsit 2008-09-30 11:59:09 ----D---- C:\Program Files\trend micro 2008-09-30 01:14:14 ----A---- C:\Windows\system32\o4Patch.exe 2008-09-30 01:14:14 ----A---- C:\Windows\system32\IEDFix.C.exe 2008-09-30 01:14:13 ----A---- C:\Windows\system32\VACFix.exe 2008-09-30 01:14:13 ----A---- C:\Windows\system32\AntiXPVSTFix.exe 2008-09-30 01:14:13 ----A---- C:\Windows\system32\404Fix.exe 2008-09-30 01:14:12 ----A---- C:\Windows\system32\WS2Fix.exe 2008-09-30 01:14:12 ----A---- C:\Windows\system32\VCCLSID.exe 2008-09-30 01:14:12 ----A---- C:\Windows\system32\swxcacls.exe 2008-09-30 01:14:12 ----A---- C:\Windows\system32\swsc.exe 2008-09-30 01:14:12 ----A---- C:\Windows\system32\swreg.exe 2008-09-30 01:14:12 ----A---- C:\Windows\system32\SrchSTS.exe 2008-09-30 01:14:12 ----A---- C:\Windows\system32\Process.exe 2008-09-30 01:14:12 ----A---- C:\Windows\system32\IEDFix.exe 2008-09-30 01:14:12 ----A---- C:\Windows\system32\dumphive.exe 2008-09-28 17:02:33 ----A---- C:\Users\fabrice\AppData\Roaming\SetValue.bat 2008-09-28 17:02:33 ----A---- C:\Users\fabrice\AppData\Roaming\GetValue.vbs 2008-09-28 17:00:26 ----A---- C:\Windows\system32\tmp.txt 2008-09-28 08:18:40 ----D---- C:\Program Files\filehippo.com 2008-09-27 18:08:04 ----D---- C:\Windows\system32\Kaspersky Lab 2008-09-26 10:40:19 ----D---- C:\Program Files\iWizz 2008-09-26 10:35:02 ----A---- C:\Windows\system32\mdimon.dll 2008-09-26 10:34:25 ----D---- C:\Program Files\Microsoft Works 2008-09-26 10:34:05 ----D---- C:\Program Files\Microsoft Visual Studio 2008-09-26 10:34:05 ----D---- C:\Program Files\Common Files\DESIGNER 2008-09-26 10:33:36 ----D---- C:\Program Files\Microsoft.NET 2008-09-26 10:31:18 ----D---- C:\Program Files\Microsoft Office 2008-09-26 10:31:17 ----D---- C:\ProgramData\Microsoft Help 2008-09-26 10:30:59 ----RHD---- C:\MSOCache 2008-09-22 09:59:49 ----A---- C:\Windows\ntbtlog.txt 2008-09-22 01:55:24 ----D---- C:\Program Files\Microsoft Silverlight 2008-09-21 20:00:36 ----D---- C:\Users\fabrice\AppData\Roaming\PeerNetworking 2008-09-21 18:51:17 ----D---- C:\ProgramData\WindowsSearch 2008-09-21 18:14:21 ----D---- C:\FSGX 2008-09-21 11:53:19 ----SHD---- C:\Diskeeper 2008-09-21 11:30:54 ----D---- C:\ProgramData\Diskeeper Corporation 2008-09-21 11:27:57 ----HD---- C:\Windows\PIF 2008-09-20 23:40:10 ----D---- C:\Program Files\Sun 2008-09-20 23:39:14 ----A---- C:\Windows\system32\javaws.exe 2008-09-20 23:39:14 ----A---- C:\Windows\system32\javaw.exe 2008-09-20 23:39:14 ----A---- C:\Windows\system32\java.exe 2008-09-20 23:38:44 ----D---- C:\Program Files\Java 2008-09-20 23:38:25 ----D---- C:\Program Files\Common Files\Java 2008-09-20 23:32:37 ----D---- C:\Program Files\AICarriers 2008-09-20 23:32:03 ----D---- C:\Users\fabrice\AppData\Roaming\Notepad++ 2008-09-20 23:32:03 ----D---- C:\Program Files\Notepad++ 2008-09-20 23:02:10 ----D---- C:\Program Files\JABX 2008-09-20 13:11:15 ----A---- C:\ProgramData\pskt.ini 2008-09-20 13:11:15 ----A---- C:\ProgramData\BMb168b79a.txt 2008-09-20 12:12:07 ----D---- C:\Program Files\Common Files\Microsoft Games 2008-09-20 11:33:48 ----D---- C:\ProgramData\Adobe 2008-09-20 11:33:40 ----D---- C:\Program Files\Common Files\Adobe AIR 2008-09-20 10:09:31 ----A---- C:\Windows\system32\b9784078-.txt 2008-09-20 10:04:15 ----RSHD---- C:\resycled 2008-09-20 02:21:55 ----D---- C:\Program Files\Diskeeper Corporation 2008-09-17 01:03:58 ----D---- C:\Program Files\Foxit Software 2008-09-17 00:17:17 ----D---- C:\inetpub 2008-09-15 00:13:10 ----A---- C:\Windows\PhotoSnapViewer.INI 2008-09-14 15:40:32 ----A---- C:\Windows\iun6002.exe 2008-09-14 11:04:11 ----D---- C:\Program Files\FS Recorder for FSX 2008-09-12 12:00:07 ----SHD---- C:\Config.Msi 2008-09-12 00:37:30 ----A---- C:\Windows\NeroDigital.ini 2008-09-11 23:50:51 ----D---- C:\Program Files\SquawkBox 2008-09-11 15:39:14 ----D---- C:\Program Files\PicNic 2008-09-11 15:15:50 ----D---- C:\Program Files\TreeX 2008-09-09 23:59:49 ----A---- C:\Windows\system32\MRT.INI 2008-09-09 20:57:24 ----A---- C:\Windows\system32\Apphlpdm.dll 2008-09-09 20:57:21 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-09-09 20:57:14 ----A---- C:\Windows\system32\wmpeffects.dll 2008-09-09 20:57:11 ----A---- C:\Windows\system32\emdmgmt.dll 2008-09-09 20:57:10 ----A---- C:\Windows\system32\dataclen.dll 2008-09-09 20:57:10 ----A---- C:\Windows\system32\cdd.dll 2008-09-09 08:49:36 ----D---- C:\Users\fabrice\AppData\Roaming\Ahead 2008-09-09 08:48:04 ----D---- C:\ProgramData\Nero 2008-09-09 08:48:02 ----D---- C:\Program Files\Nero 2008-09-09 08:48:02 ----D---- C:\Program Files\Common Files\Ahead 2008-09-09 02:09:16 ----D---- C:\Program Files\Smart Projects 2008-09-09 01:57:35 ----D---- C:\Program Files\DAEMON Tools 2008-09-08 12:11:59 ----A---- C:\Windows\system32\rmoc3260.dll 2008-09-08 12:11:59 ----A---- C:\Windows\system32\pndx5032.dll 2008-09-08 12:11:59 ----A---- C:\Windows\system32\pndx5016.dll 2008-09-08 12:11:59 ----A---- C:\Windows\system32\pncrt.dll 2008-09-08 12:11:49 ----A---- C:\Windows\system32\msvcp71.dll 2008-09-08 12:11:47 ----D---- C:\Users\fabrice\AppData\Roaming\Real 2008-09-08 12:11:47 ----D---- C:\ProgramData\Real 2008-09-07 20:24:44 ----A---- C:\Windows\system32\unrar.dll 2008-09-07 20:24:44 ----A---- C:\Windows\avisplitter.ini 2008-09-07 20:24:39 ----A---- C:\Windows\system32\yv12vfw.dll 2008-09-07 20:24:38 ----A---- C:\Windows\system32\xvidvfw.dll 2008-09-07 20:24:38 ----A---- C:\Windows\system32\xvidcore.dll 2008-09-07 20:24:38 ----A---- C:\Windows\system32\qt-dx331.dll 2008-09-07 20:24:38 ----A---- C:\Windows\system32\dpl100.dll 2008-09-07 20:24:36 ----A---- C:\Windows\system32\ff_vfw.dll.manifest 2008-09-07 20:24:36 ----A---- C:\Windows\system32\ff_vfw.dll 2008-09-07 20:24:36 ----A---- C:\Windows\system32\divx.dll 2008-09-07 20:24:35 ----A---- C:\Windows\system32\msvcr71.dll 2008-09-07 20:24:34 ----D---- C:\Program Files\K-Lite Codec Pack 2008-09-04 20:21:53 ----A---- C:\Windows\system32\wups2.dll 2008-09-04 20:21:52 ----A---- C:\Windows\system32\wucltux.dll 2008-09-04 20:21:52 ----A---- C:\Windows\system32\wuaueng.dll 2008-09-04 20:21:52 ----A---- C:\Windows\system32\wuauclt.exe 2008-09-04 20:21:42 ----A---- C:\Windows\system32\wups.dll 2008-09-04 20:21:42 ----A---- C:\Windows\system32\wudriver.dll 2008-09-04 20:21:42 ----A---- C:\Windows\system32\wuapi.dll 2008-09-04 20:21:34 ----A---- C:\Windows\system32\wuwebv.dll 2008-09-04 20:21:34 ----A---- C:\Windows\system32\wuapp.exe 2008-09-04 01:04:06 ----A---- C:\Windows\system32\TuneUpDefragService.exe 2008-09-04 01:03:39 ----D---- C:\Program Files\TuneUp Utilities 2008 2008-09-03 17:42:29 ----D---- C:\Users\fabrice\AppData\Roaming\Malwarebytes 2008-09-03 17:42:26 ----D---- C:\ProgramData\Malwarebytes 2008-09-03 17:42:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-03 16:38:10 ----A---- C:\Windows\system32\CSVer.dll 2008-09-03 16:29:24 ----A---- C:\Windows\system32\difxapi.dll 2008-09-03 16:28:15 ----D---- C:\Intel 2008-09-03 16:28:01 ----D---- C:\Program Files\Intel 2008-09-03 00:59:45 ----D---- C:\Windows\system32\AGEIA 2008-09-03 00:59:45 ----D---- C:\Program Files\AGEIA Technologies 2008-09-03 00:42:55 ----D---- C:\Windows\Minidump 2008-09-03 00:36:19 ----A---- C:\Windows\INRESFRN.DLL 2008-09-03 00:36:19 ----A---- C:\Windows\CTXFIFRN.DLL 2008-09-03 00:36:11 ----A---- C:\Windows\system32\AppSetup.exe 2008-09-03 00:27:43 ----A---- C:\Windows\system32\authuitu.dll 2008-09-03 00:27:41 ----A---- C:\Windows\system32\uxtuneup.dll 2008-09-03 00:27:29 ----D---- C:\Users\fabrice\AppData\Roaming\TuneUp Software 2008-09-03 00:26:56 ----D---- C:\ProgramData\TuneUp Software 2008-09-02 17:20:17 ----A---- C:\Windows\installlog.txt 2008-09-02 17:11:34 ----D---- C:\ProgramData\ma-config.com 2008-09-02 17:11:34 ----D---- C:\Program Files\ma-config.com 2008-09-02 16:24:54 ----D---- C:\ProgramData\Saitek 2008-09-02 16:24:53 ----D---- C:\Program Files\Saitek 2008-09-02 16:20:38 ----A---- C:\Windows\system32\nY.exe 2008-09-02 16:20:37 ----A---- C:\Windows\system32\SAIKICK.dll 2008-09-02 16:20:37 ----A---- C:\Windows\system32\SAIGON.dll 2008-09-02 16:07:34 ----D---- C:\Program Files\NaturalPoint 2008-09-02 15:34:14 ----D---- C:\ProgramData\nHancer 2008-09-02 15:34:14 ----D---- C:\Program Files\nHancer ======List of files/folders modified in the last 1 months====== 2008-09-30 11:59:25 ----D---- C:\Windows\Prefetch 2008-09-30 11:59:18 ----D---- C:\Windows\Temp 2008-09-30 11:59:09 ----RD---- C:\Program Files 2008-09-30 09:13:46 ----SHD---- C:\System Volume Information 2008-09-30 08:20:56 ----D---- C:\Program Files\Dl_cats 2008-09-30 01:14:41 ----D---- C:\Windows\System32 2008-09-29 18:08:47 ----D---- C:\Windows\system32\drivers 2008-09-29 15:25:55 ----D---- C:\Windows\inf 2008-09-29 15:25:55 ----A---- C:\Windows\system32\PerfStringBackup.INI 2008-09-29 15:01:41 ----HD---- C:\ProgramData 2008-09-28 08:51:20 ----D---- C:\Windows\system32\Tasks 2008-09-28 00:29:15 ----D---- C:\Program Files\Mozilla Firefox 2008-09-27 18:08:05 ----SD---- C:\Windows\Downloaded Program Files 2008-09-27 15:39:29 ----D---- C:\Windows\Logs 2008-09-27 14:46:24 ----SHD---- C:\Boot 2008-09-27 14:46:06 ----D---- C:\Windows\system32\config 2008-09-27 08:18:03 ----D---- C:\Windows 2008-09-26 21:45:20 ----D---- C:\Users\fabrice\AppData\Roaming\BitTorrent 2008-09-26 10:51:07 ----SD---- C:\Users\fabrice\AppData\Roaming\Microsoft 2008-09-26 10:35:23 ----SHD---- C:\Windows\Installer 2008-09-26 10:35:23 ----SD---- C:\ProgramData\Microsoft 2008-09-26 10:34:58 ----RSD---- C:\Windows\assembly 2008-09-26 10:34:19 ----D---- C:\Program Files\Common Files\microsoft shared 2008-09-26 10:34:05 ----D---- C:\Program Files\Common Files 2008-09-26 10:34:02 ----D---- C:\Windows\ShellNew 2008-09-26 10:33:43 ----RSD---- C:\Windows\Fonts 2008-09-26 10:30:59 ----D---- C:\Windows\system32\catroot2 2008-09-21 19:26:44 ----D---- C:\Windows\system32\NDF 2008-09-21 18:13:55 ----D---- C:\Program Files\Microsoft Games 2008-09-21 11:30:55 ----D---- C:\Windows\Help 2008-09-20 20:38:31 ----D---- C:\Windows\winsxs 2008-09-20 12:12:12 ----HD---- C:\Program Files\InstallShield Installation Information 2008-09-20 11:33:48 ----D---- C:\Users\fabrice\AppData\Roaming\Adobe 2008-09-17 08:45:10 ----D---- C:\Windows\rescache 2008-09-17 00:18:20 ----D---- C:\Windows\Microsoft.NET 2008-09-17 00:17:23 ----D---- C:\Windows\system32\migration 2008-09-17 00:17:23 ----D---- C:\Windows\system32\fr-FR 2008-09-17 00:17:22 ----D---- C:\Windows\system32\inetsrv 2008-09-11 20:07:01 ----D---- C:\Program Files\McAfee 2008-09-10 00:08:37 ----D---- C:\Windows\AppPatch 2008-09-10 00:07:49 ----D---- C:\Users\fabrice\AppData\Roaming\SiteAdvisor 2008-09-09 23:39:55 ----D---- C:\Windows\system32\catroot 2008-09-09 08:49:13 ----D---- C:\Windows\ehome 2008-09-07 20:18:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-07 02:34:09 ----D---- C:\Windows\system32\WDI 2008-09-04 01:04:16 ----D---- C:\Windows\Tasks 2008-09-03 01:02:10 ----D---- C:\ProgramData\NVIDIA 2008-09-03 00:37:49 ----A---- C:\Windows\system32\ctzapxx.ini 2008-09-03 00:37:44 ----D---- C:\Windows\system32\Data 2008-09-02 16:07:09 ----D---- C:\Program Files\Common Files\InstallShield 2008-09-02 11:01:49 ----D---- C:\Users\fabrice\AppData\Roaming\Creative 2008-09-01 16:02:18 ----D---- C:\Windows\WindowsMobile 2008-09-01 00:22:03 ----D---- C:\Windows\system32\LogFiles ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320] R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728] R3 CT20XUT.DLL;CT20XUT.DLL; C:\Windows\system32\CT20XUT.DLL [2008-07-15 170520] R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2008-07-15 511000] R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2008-07-15 527384] R3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\Windows\system32\CTEXFIFX.DLL [2008-07-15 1323544] R3 CTHWIUT.DLL;CTHWIUT.DLL; C:\Windows\system32\CTHWIUT.DLL [2008-07-15 72728] R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2008-07-15 14360] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2008-07-15 157208] R3 e1express;Pilote de la connexion réseau Intel® PRO/1000 PCI Express; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-19 220672] R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2008-07-15 92696] R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2008-07-15 1173016] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304] R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240] R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488] R3 npusbio;npusbio; C:\Windows\System32\Drivers\npusbio.sys [2008-01-11 36384] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-08-02 7314528] R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2008-07-15 127000] R3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2007-10-05 14080] R3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2007-10-05 35200] R3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 ams2e4ym;ams2e4ym; C:\Windows\system32\drivers\ams2e4ym.sys [] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\Windows\system32\drivers\ctdvda2k.sys [2008-07-15 347080] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-09-02 15352] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NPUSB;NPUSB; C:\Windows\system32\DRIVERS\npusb.sys [2006-12-06 15360] S3 SaiH075C;SaiH075C; C:\Windows\system32\DRIVERS\SaiH075C.sys [2007-05-01 132232] S3 SaiH0763;SaiH0763; C:\Windows\system32\DRIVERS\SaiH0763.sys [2007-05-01 132232] S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-19 15872] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664] R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [1999-12-13 44032] R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-10-16 1094936] R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-10-11 532480] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248] R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864] R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880] R2 nHancer;nHancer Support; C:\Program Files\nHancer\nHancerService.exe [2008-05-07 49152] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-08-02 196608] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 SiteAdvisor Service;Service SiteAdvisor; C:\Program Files\SiteAdvisor\6261\SAService.exe [2008-08-27 345376] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624] R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504] S2 Windows Tribute Service;Windows Tribute Service; C:\Windows\system32\kdyvj.exe -srv [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2008-09-04 355584] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- et le deuxieme info.txt logfile of random's system information tool 1.02 2008-09-30 11:59:40 ======Uninstall list====== -->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x040c -->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x040c -->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x040c -->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x040c -->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x040c -->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W /L:FRN -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL -->MsiExec /X{699BAC7F-DC10-4709-97D8-45379301BBE7} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x40c /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x40c /remove ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe AI Carriers-->"C:\Program Files\AICarriers\uninstall.exe" Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe BitTorrent 5.0.9-->"C:\Program Files\BitTorrent\uninstall.exe" Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x40c /remove Dell Fax PC-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe Diskeeper 2008 Pro Premier-->MsiExec.exe /X{4ECCF281-ED79-4EA7-AE89-5E39D3291C2A} filehippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe" Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe FS Global 2008 for FSX-->C:\PROGRA~1\MICROS~1\MICROS~1\pilots_software\fsgx\uninstal.exe C:\PROGRA~1\MICROS~1\MICROS~1\pilots_software\fsgx FS Recorder 1.3 for FSX-->MsiExec.exe /X{C0B6E1E2-F9FA-4C9C-8548-4ACE0B780B51} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall IncrediMail Xe-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall IsoBuster 2.4-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" iWizz-->C:\Program Files\iWizz\uninstall.exe Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Kaspersky Online Scanner-->C:\Windows\system32\KASPER~1\KASPER~1\kavuninstall.exe Kaspersky On-line Scanner-->C:\Windows\system32\KASPER~1\KASPER~1\kavuninstall.exe K-Lite Mega Codec Pack 4.1.7-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Le Seigneur des anneaux Online : Les Ombres d'Angmar v01.05.00.-->"C:\Program Files\Codemasters\Le Seigneur des anneaux Online\unins000.exe" Logitech GamePanel Software 2.02-->MsiExec.exe /X{0523EAF4-402C-4435-A0DA-13C40193D811} Ma-Config.com-->MsiExec.exe /X{1C02A760-1682-49AE-BB54-FA7D63BD3504} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Flight Simulator X: Acceleration SDK-->MsiExec.exe /X{CF56984D-35C6-4ADB-9075-394978A427FB} Microsoft Flight Simulator X: Acceleration-->C:\Windows\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimUninstall.log" /uninstall {3A1EE107-F79B-49FA-83CF-94169E63F25A} Microsoft Flight Simulator X: Acceleration-->MsiExec.exe /I{3A1EE107-F79B-49FA-83CF-94169E63F25A} Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F535B2CF-C9BB-4162-B03A-02D6971F32CC} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} MozBackup 1.4 Fr-->"C:\Program Files\MozBackup 1.4\unins000.exe" Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} Nero 7 Ultra Edition-->MsiExec.exe /I{4908C75E-E5E2-43F7-B1DF-023CBA831036} nHancer-->MsiExec.exe /X{C0E1794E-2BF0-4A17-A70D-CB8B2ADD1F39} Notepad++-->C:\Program Files\Notepad++\uninstall.exe NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI NVIDIA PhysX v8.08.01-->MsiExec.exe /X{699BAC7F-DC10-4709-97D8-45379301BBE7} OpenAL-->"C:\Program Files\OpenAL\OALInst.exe" /U /S OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} PicNic-->C:\Program Files\PicNic\Uninstal.exe Saitek SD6 Programming Software 6.0.10.7-->MsiExec.exe /X{28B8BEE3-1F62-4FCC-A5A7-7641AAFC3BB5} SceneryTech Europe Landclass v1.0-->MsiExec.exe /I{5FD39FF9-A3DA-4779-89BD-E44AB14F6689} SceneryTech North America Landclass v1.1-->MsiExec.exe /I{234842FE-7FDC-4C93-A0A7-137E9F5BE764} Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x40c /remove TrackIR4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE6E6BF7-6A81-4EC2-AD29-4580025149F1}\setup.exe" TreeX V2-->"C:\Program Files\TreeX\unins000.exe" TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA} Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} ======Security center information====== AS: Windows Defender (disabled) ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\DISKEE~1\DISKEE~1\;C:\Program Files\Smart Projects\IsoBuster "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 -----------------EOF-----------------

si tu demande comment s comporte mon pc avant le scan ben gros il reste encore assez stable mon antivirus (mcafee) certaine fonction désactive et impossible a corriger le par feu reste active apparemment quand même , windos update ne peut plus se mettre a jour , au démarrage de mon pc j ai un message comme quoi un ou deux programme sont arrête, et parfois certaine pages sont lente a s affiche voila en gros pas de fenêtre qui s ouvre avec un lien commercial douteux et autre de ce genre voila le rapport [ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\FixWareOut: trouvé ! C:\Documents and Settings\fabrice\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé ! C:\Documents and Settings\fabrice\Application Data\Microsoft\Windows\Recent\HijackThis.lnk: trouvé ! C:\Documents and Settings\fabrice\Desktop\FixWareout.exe: trouvé ! C:\Documents and Settings\fabrice\Desktop\HijackThis.exe: trouvé ! C:\Documents and Settings\fabrice\Desktop\SmitFraudFix.exe: trouvé ! C:\Documents and Settings\fabrice\Desktop\SmitFraudfix: trouvé ! C:\Documents and Settings\fabrice\Recent\HijackThis.lnk: trouvé ! C:\Users\fabrice\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé ! C:\Users\fabrice\Application Data\Microsoft\Windows\Recent\HijackThis.lnk: trouvé ! C:\Users\fabrice\Desktop\FixWareout.exe: trouvé ! C:\Users\fabrice\Desktop\HijackThis.exe: trouvé ! C:\Users\fabrice\Desktop\SmitFraudFix.exe: trouvé ! C:\Users\fabrice\Desktop\SmitFraudfix: trouvé ! C:\Users\fabrice\Recent\HijackThis.lnk: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\fabrice\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé ! C:\Documents and Settings\fabrice\Desktop\FixWareout.exe: supprimé ! C:\Documents and Settings\fabrice\Desktop\HijackThis.exe: supprimé ! C:\Documents and Settings\fabrice\Desktop\SmitFraudFix.exe: supprimé ! C:\FixWareOut: supprimé ! C:\Documents and Settings\fabrice\Desktop\SmitFraudfix: supprimé ! Corbeille vidée! Fichiers temporaires nettoyés !

voila après avoir fait la manip cite plus haut sans succès j ai fait un scan en mode sans echec avec Malwarebytes et voila le rapport Malwarebytes' Anti-Malware 1.27 Version de la base de données: 1133 Windows 6.0.6001 Service Pack 1 30/09/2008 08:19:02 mbam-log-2008-09-30 (08-19-02).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 215462 Temps écoulé: 42 minute(s), 13 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 5 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87293b2d-9068-42b7-82d3-2fa28f2e0d75}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.26,85.255.112.89 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87293b2d-9068-42b7-82d3-2fa28f2e0d75}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.26,85.255.112.89 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{87293b2d-9068-42b7-82d3-2fa28f2e0d75}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.116.26,85.255.112.89 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{87293b2d-9068-42b7-82d3-2fa28f2e0d75}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.26,85.255.112.89 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{87293b2d-9068-42b7-82d3-2fa28f2e0d75}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.26,85.255.112.89 -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

bon voila j ai suprimer les dossier et lancer encore OTMoveIT en fesant CleanUp! mais la aucun telechargement j ai une peiti fenetre qui souvre avec le message " Unable to contact the internet. Cleanup list download failed! "

bon voila j ai mis le rapport kapersky un juste au dessus ca m as l ère terrible tout ca

bon voila j ai fait le scan avec rav premier fois il n as rien détecte ressayer une deuxième fois en faisant clic droit exécuter en tant q administrateur la il as commencer a trouver quelque chose mais pas de rapport donc j ai retenter une troisième fois plus rien après ca j ai lancer la procédure cite au dessus avec OTMoveIt tout c est bien passer je post le rapport maintenant je relance un scan avec kapersky je posterais le rapport une fois terminer rapport OTMoveIt File/Folder C:\Users\fabrice\Desktop\SPB.Mobile.Shell.v2.0.XScale.WM5.WM6.Incl.Keymaker.rar/CORE10k.EXE/cp3.exe not found. File/Folder C:\Users\fabrice\Desktop\SPB.Mobile.Shell.v2.0.XScale.WM5.WM6.Incl.Keymaker.rar/CORE10k.EXE/cp4.exe not found. File/Folder C:\Users\fabrice\Desktop\SPB.Mobile.Shell.v2.0.XScale.WM5.WM6.Incl.Keymaker.rar/CORE10k.EXE not found. DllUnregisterServer procedure not found in C:\Windows\System32\byXRjgGa.dll C:\Windows\System32\byXRjgGa.dll NOT unregistered. C:\Windows\System32\byXRjgGa.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\System32\iifdedCu.dll C:\Windows\System32\iifdedCu.dll NOT unregistered. C:\Windows\System32\iifdedCu.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\System32\jkkKddeD.dll C:\Windows\System32\jkkKddeD.dll NOT unregistered. C:\Windows\System32\jkkKddeD.dll moved successfully. C:\Windows\System32\ohqxonql.exe moved successfully. DllUnregisterServer procedure not found in C:\Windows\System32\opnolMDu.dll C:\Windows\System32\opnolMDu.dll NOT unregistered. C:\Windows\System32\opnolMDu.dll moved successfully. DllUnregisterServer procedure not found in C:\Windows\System32\rqRIyVmL.dll C:\Windows\System32\rqRIyVmL.dll NOT unregistered. C:\Windows\System32\rqRIyVmL.dll moved successfully. C:\Windows\System32\winfbn32.rom moved successfully. C:\Windows\System32\winips32.rom moved successfully. C:\Windows\System32\winmit32.rom moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Frtrus.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Gege040_click-onlineRX.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Heathermac1_click-onlineRX.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Icolomer_click-EXPLODING-ORGASMS.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Iza_22_click-PERMANENTENLARGER.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Jade_coote_click-BIGGERLOADS.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Jade_coote_click-PERMANENTENLARGER.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Little_m_click-PERMANENTENLARGER.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Marie_jacobs_click-PERMANENTENLARGER.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Moo_cuddles_Buy_Last-Longer.HTML moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Odyza_click-PERMANENTENLARGER.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\OpenThisHTML_3DayDeliveryRXmed.HTM moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Ovekj_click-PERMANENTENLARGER.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Ovekj_click_LASTLONGER.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Reese153_click-BIGGERLOADS.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Remglo1_click-BIGGERLOADS.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Samuels96-Lose-10poundsIn10days.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Sharon99_click-ONLINE_PHARM.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Sharon99_click-PERMANENTENLARGER.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Sharon99_click_LAST-LONGER.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Swanson_Buy_PermanentEnlarger.HTML moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Turner_Buy_PermanentEnlarger.HTML moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Wamba41-Lose-10poundsIn10days.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Wamba41_click-PERMANENTENLARGER.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Wati48_10POUNDSIN10DAYSDIET.HTML moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Zhloop_click_PERMANENTGrowth.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{049084CB-A728-4E89-B328-128A45CAC896}\BUY_PERMANENTENLARG.HTM moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{0D247AAB-FA26-417D-8D78-41CCF1E40E7A}\Reese153_click-BIGGERLOADS.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{127A8392-D7DF-41F6-AE1C-DF86E36BF165}\BUY_PERMANENTENLARG.HTM moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{24C6ACA4-9E87-477D-BAFF-1806A36BF4FE}\BUY_PERMANENTENLARG.HTM moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{2D87F68E-B7E3-4DD0-A016-E5CF186470EB}\Ovekj_click-PERMANENTENLARGER.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{57AED87E-E85D-4BCA-B047-006AB48BB524}\Buy_Rx_Here.html moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{5F12D4A3-70DA-41F1-854B-1BBB3779B348}\BUY_PERMANENTENLARG.HTM moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{A0573F19-BE99-459D-A5A8-BD0B836A5C68}\Moo_cuddles_click-BIGGERLOADS.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{B0EED6E0-2CED-4A80-9B2A-1682673ADE21}\BUY_PERMANENTENLARG.HTM moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{B958A06D-C714-4C81-8B4E-87D9947FFE27}\Dougui72_click-PERMANENTENLARGER.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{B9C00D43-B160-419A-BAE9-5533E04FAC28}\Moo_cuddles_click-BIGGERLOADS.htm moved successfully. C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{C93F143F-D493-499F-9921-80D6AACADAFD}\Ajs0418_click-BIGGERLOADS.htm moved successfully. Created on 09/29/2008 15:31:33 et voila le rapport kapersky Monday, September 29, 2008 5:56:49 PM Système d'exploitation : Home Edition, Service Pack 1 (Build 6001) Kaspersky On-line Scanner version : 5.0.84.2 Dernière mise à jour de la base antivirus Kaspersky : 29/09/2008 Enregistrements dans la base antivirus Kaspersky : 1137322 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ F:\ G:\ H:\ I:\ K:\ Statistiques de l'analyse Total d'objets analysés 180665 Nombre de virus trouvés 9 Nombre d'objets infectés 87 / 0 Nombre d'objets suspects 3 Durée de l'analyse 01:47:38 Nom de l'objet infecté Nom du virus Dernière action C:\Boot\BCD L'objet est verrouillé ignoré C:\Boot\BCD.LOG L'objet est verrouillé ignoré C:\ProgramData\McAfee\MNA\NAData L'objet est verrouillé ignoré C:\ProgramData\McAfee\MSC\Logs\Events.dat L'objet est verrouillé ignoré C:\ProgramData\McAfee\MSC\Logs\{F1F85C0D-5018-4888-BD2B-4C704AC03180}.log L'objet est verrouillé ignoré C:\ProgramData\McAfee\MSC\McUsers.dat L'objet est verrouillé ignoré C:\ProgramData\McAfee\MSK\MSKWMDB.dat L'objet est verrouillé ignoré C:\ProgramData\McAfee\MSK\settingsdb.dat L'objet est verrouillé ignoré C:\ProgramData\McAfee\VirusScan\Data\TFR4A19.tmp L'objet est verrouillé ignoré C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log L'objet est verrouillé ignoré C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6de9cb26d2b98c01ec4e9e8b34824aa2_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76944fb33636aeddb9590521c2e8815a_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a38be05560bef113ec474bab7364436e_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d6d986f09a1ee04e24c949879fdb506c_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\resycled\boot.com Infecté : Trojan-Downloader.Win32.Agent.ahfm ignoré C:\Users\All Users\McAfee\MNA\NAData L'objet est verrouillé ignoré C:\Users\All Users\McAfee\MSC\Logs\Events.dat L'objet est verrouillé ignoré C:\Users\All Users\McAfee\MSC\Logs\{F1F85C0D-5018-4888-BD2B-4C704AC03180}.log L'objet est verrouillé ignoré C:\Users\All Users\McAfee\MSC\McUsers.dat L'objet est verrouillé ignoré C:\Users\All Users\McAfee\MSK\MSKWMDB.dat L'objet est verrouillé ignoré C:\Users\All Users\McAfee\MSK\settingsdb.dat L'objet est verrouillé ignoré C:\Users\All Users\McAfee\VirusScan\Data\TFR4A19.tmp L'objet est verrouillé ignoré C:\Users\All Users\McAfee\VirusScan\Logs\OAS.Log L'objet est verrouillé ignoré C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6de9cb26d2b98c01ec4e9e8b34824aa2_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\76944fb33636aeddb9590521c2e8815a_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a38be05560bef113ec474bab7364436e_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d6d986f09a1ee04e24c949879fdb506c_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\ApplicationHistory\TurbineLauncher.exe.1044cd6b.ini.inuse L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Cooliris\7bf29136-3982-2f4d-a9b9-67833093cea5\prefs.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\A9021joe_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Ajs0418_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Albachiara23_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Apoet21_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\ATT1D9.eml/Ajs0418_click_BiggerLoads.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\ATT1D9.eml Mail: infecté - 1 ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\ATTB71F.eml Infecté : Trojan-Downloader.HTML.Agent.km ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Bigpimp91_click-onlineRX.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Bigpimp92_click-onlineRX.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Blanton_Buy_PermanentEnlarger.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_LASTLONGER.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_MEDS_HERE.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_online_RX.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_PERMANENTGROW.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Buy_Rx_Here3.html Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Buy_Rx_Here852.html Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_SPERMCOUNT.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Carla_pp_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Carla_pp_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\ClickHere_Buy_DiscountedRx.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Csesi_Buy_PermanentEnlarger.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dfabila_BUY_PHARMACY.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dfabiolagg_BUY_PHARMACY.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dfabrice3_10POUNDSIN10DAYSDIET.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dfabrice3_click-onlineRX.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dfabrice3_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dfabrice3_click_LASTLONGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dougui72_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dustyshoes3_Buy_PermanentEnlarger.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dustyshoes3_click_LASTLONGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Ellenrn_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Field_Buy_PermanentEnlarger.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Frankmadero_click-HOMEREFINANCEHERE.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Deleted Items.imm/[From noreply@mmorpg.com][Date Thu, 22 May 2008 12:30:17 -0400 (EDT)]/text/[From noreply@mmorpg.com][Date Fri, 23 May 2008 01:47:59 -0400 (EDT)]/html Suspect : Trojan-Spy.HTML.Fraud.gen ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Deleted Items.imm/[From noreply@mmorpg.com][Date Thu, 22 May 2008 12:30:17 -0400 (EDT)]/text Suspect : Trojan-Spy.HTML.Fraud.gen ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Deleted Items.imm Mail: suspect - 2 ignoré C:\Users\fabrice\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008092920080930\index.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\UsrClass.dat{c42dae03-868f-11dd-9a6a-0019d16695ca}.TM.blf L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\UsrClass.dat{c42dae03-868f-11dd-9a6a-0019d16695ca}.TMContainer00000000000000000001.regtrans-ms L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\UsrClass.dat{c42dae03-868f-11dd-9a6a-0019d16695ca}.TMContainer00000000000000000002.regtrans-ms L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows Sidebar\Settings.ini L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\urlclassifier3.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Temp\etilqs_Lis1lZi0UhClZDMaJVGK L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Temp\~DFB789.tmp L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Temp\~DFC8C1.tmp L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Turbine\The Lord of the Rings Online\Launcher\Launcher_128671768754276135.log L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Microsoft\Windows\Cookies\index.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\cert8.db L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\content-prefs.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\cookies.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\downloads.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\fireuploader\dbFireUploader.db L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\flashgot.log L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\formhistory.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\key3.db L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\parent.lock L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\permissions.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\places.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\places.sqlite-journal L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\search.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Turbine\PatchClient.log L'objet est verrouillé ignoré C:\Users\fabrice\Desktop\SPB.Mobile.Shell.v2.0.XScale.WM5.WM6.Incl.Keymaker.rar/CORE10k.EXE/cp3.exe Infecté : Trojan.Win32.FraudPack.gen ignoré C:\Users\fabrice\Desktop\SPB.Mobile.Shell.v2.0.XScale.WM5.WM6.Incl.Keymaker.rar/CORE10k.EXE/cp4.exe Infecté : Trojan-Downloader.Win32.Agent.pwa ignoré C:\Users\fabrice\Desktop\SPB.Mobile.Shell.v2.0.XScale.WM5.WM6.Incl.Keymaker.rar/CORE10k.EXE Infecté : Trojan-Downloader.Win32.Agent.pwa ignoré C:\Users\fabrice\Desktop\SPB.Mobile.Shell.v2.0.XScale.WM5.WM6.Incl.Keymaker.rar RAR: infecté - 3 ignoré C:\Users\fabrice\Documents\The Lord of the Rings Online\lotroclient.log L'objet est verrouillé ignoré C:\Users\fabrice\NTUSER.DAT L'objet est verrouillé ignoré C:\Users\fabrice\ntuser.dat.LOG1 L'objet est verrouillé ignoré C:\Users\fabrice\ntuser.dat.LOG2 L'objet est verrouillé ignoré C:\Users\fabrice\NTUSER.DAT{c42dae01-868f-11dd-9a6a-0019d16695ca}.TM.blf L'objet est verrouillé ignoré C:\Users\fabrice\NTUSER.DAT{c42dae01-868f-11dd-9a6a-0019d16695ca}.TMContainer00000000000000000001.regtrans-ms L'objet est verrouillé ignoré C:\Users\fabrice\NTUSER.DAT{c42dae01-868f-11dd-9a6a-0019d16695ca}.TMContainer00000000000000000002.regtrans-ms L'objet est verrouillé ignoré C:\Windows\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\Windows\Debug\WIA\wiatrace.log L'objet est verrouillé ignoré C:\Windows\Logs\CBS\CBS.log L'objet est verrouillé ignoré C:\Windows\Logs\CBS\CBS.persist.log L'objet est verrouillé ignoré C:\Windows\Logs\DPX\setupact.log L'objet est verrouillé ignoré C:\Windows\Logs\DPX\setuperr.log L'objet est verrouillé ignoré C:\Windows\MEMORY.DMP L'objet est verrouillé ignoré C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config L'objet est verrouillé ignoré C:\Windows\Panther\UnattendGC\diagerr.xml L'objet est verrouillé ignoré C:\Windows\Panther\UnattendGC\diagwrn.xml L'objet est verrouillé ignoré C:\Windows\Panther\UnattendGC\setupact.log L'objet est verrouillé ignoré C:\Windows\Panther\UnattendGC\setuperr.log L'objet est verrouillé ignoré C:\Windows\security\database\secedit.sdb L'objet est verrouillé ignoré C:\Windows\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 L'objet est verrouillé ignoré C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 L'objet est verrouillé ignoré C:\Windows\System32\catroot2\edb.log L'objet est verrouillé ignoré C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb L'objet est verrouillé ignoré C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb L'objet est verrouillé ignoré C:\Windows\System32\drivers\sptd.sys L'objet est verrouillé ignoré C:\Windows\System32\drivers\sptddrv1.sys L'objet est verrouillé ignoré C:\Windows\System32\LogFiles\Scm\SCM.EVM L'objet est verrouillé ignoré C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré C:\Windows\System32\restore\MachineGuid.txt L'objet est verrouillé ignoré C:\Windows\System32\spool\SpoolerETW.etl L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\1641F982282E8CA70B0D93F1F2BB145B.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\2131A60D40501A974386B9E42E4FC201.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\39C2F82384C755EF218F0F19FE619F80.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\4BE9D6CB921FE137B78AE9960CDD98B0.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\51787D18E1AD277AC4C4F7BB9EAFD820.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\5679DFE988DE44D70C43B0E87A5D96E6.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\5F037A89915D44B8819F9FCFDE0B489E.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\6364E8D3F688917ECAE1050954B63674.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\66B28EEE188E29399051A60BAF92D333.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\6DADEFFF2FCEDD93F8CEF59036FEF4B9.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\7FAC187A43CA71A854CA4653D8E075B5.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\818B866A009B1338C5AC103B2D8E2372.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\BD818313E410FD46A9F63786A32AEE23.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\C11342792481BC76FD1999C9DFAC936E.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\D566F9B651B60AE7D0B5DEBF57A90E35.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\Logs\WMITracing.log L'objet est verrouillé ignoré C:\Windows\System32\wbem\Repository\INDEX.BTR L'objet est verrouillé ignoré C:\Windows\System32\wbem\Repository\MAPPING1.MAP L'objet est verrouillé ignoré C:\Windows\System32\wbem\Repository\MAPPING2.MAP L'objet est verrouillé ignoré C:\Windows\System32\wbem\Repository\OBJECTS.DATA L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Application.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\DFS Replication.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\HardwareEvents.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Internet Explorer.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Key Management Service.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Media Center.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\ODiag.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\OSession.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Security.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Setup.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\System.evtx L'objet est verrouillé ignoré C:\Windows\Tasks\Maintenance en 1 clic.job L'objet est verrouillé ignoré C:\Windows\Tasks\McDefragTask.job L'objet est verrouillé ignoré C:\Windows\Tasks\McQcTask.job L'objet est verrouillé ignoré C:\Windows\Tasks\SCHEDLGU.TXT L'objet est verrouillé ignoré C:\Windows\WindowsUpdate.log L'objet est verrouillé ignoré C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd L'objet est verrouillé ignoré C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd L'objet est verrouillé ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Frtrus.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Gege040_click-onlineRX.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Heathermac1_click-onlineRX.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Icolomer_click-EXPLODING-ORGASMS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Iza_22_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Jade_coote_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Jade_coote_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Little_m_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Marie_jacobs_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Moo_cuddles_Buy_Last-Longer.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Odyza_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\OpenThisHTML_3DayDeliveryRXmed.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Ovekj_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Ovekj_click_LASTLONGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Reese153_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Remglo1_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Samuels96-Lose-10poundsIn10days.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Sharon99_click-ONLINE_PHARM.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Sharon99_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Sharon99_click_LAST-LONGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Swanson_Buy_PermanentEnlarger.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Turner_Buy_PermanentEnlarger.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Wamba41-Lose-10poundsIn10days.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Wamba41_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Wati48_10POUNDSIN10DAYSDIET.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Zhloop_click_PERMANENTGrowth.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{049084CB-A728-4E89-B328-128A45CAC896}\BUY_PERMANENTENLARG.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{0D247AAB-FA26-417D-8D78-41CCF1E40E7A}\Reese153_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{127A8392-D7DF-41F6-AE1C-DF86E36BF165}\BUY_PERMANENTENLARG.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{24C6ACA4-9E87-477D-BAFF-1806A36BF4FE}\BUY_PERMANENTENLARG.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{2D87F68E-B7E3-4DD0-A016-E5CF186470EB}\Ovekj_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{57AED87E-E85D-4BCA-B047-006AB48BB524}\Buy_Rx_Here.html Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{5F12D4A3-70DA-41F1-854B-1BBB3779B348}\BUY_PERMANENTENLARG.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{A0573F19-BE99-459D-A5A8-BD0B836A5C68}\Moo_cuddles_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{B0EED6E0-2CED-4A80-9B2A-1682673ADE21}\BUY_PERMANENTENLARG.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{B958A06D-C714-4C81-8B4E-87D9947FFE27}\Dougui72_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{B9C00D43-B160-419A-BAE9-5533E04FAC28}\Moo_cuddles_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{C93F143F-D493-499F-9921-80D6AACADAFD}\Ajs0418_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\_OTMoveIt\MovedFiles\Windows\System32\byXRjgGa.dll Infecté : Trojan.Win32.Monder.pmb ignoré C:\_OTMoveIt\MovedFiles\Windows\System32\iifdedCu.dll Infecté : Trojan.Win32.Monder.pmb ignoré C:\_OTMoveIt\MovedFiles\Windows\System32\jkkKddeD.dll Infecté : Trojan.Win32.Monder.pmb ignoré C:\_OTMoveIt\MovedFiles\Windows\System32\ohqxonql.exe Infecté : Trojan-Downloader.Win32.FraudLoad.vblv ignoré C:\_OTMoveIt\MovedFiles\Windows\System32\opnolMDu.dll Infecté : Trojan.Win32.Monder.pmb ignoré C:\_OTMoveIt\MovedFiles\Windows\System32\rqRIyVmL.dll Infecté : Trojan.Win32.Monder.pmb ignoré C:\_OTMoveIt\MovedFiles\Windows\System32\winfbn32.rom Infecté : Trojan-Downloader.Win32.Injecter.aoy ignoré C:\_OTMoveIt\MovedFiles\Windows\System32\winips32.rom Infecté : Trojan-Downloader.Win32.Injecter.aoy ignoré C:\_OTMoveIt\MovedFiles\Windows\System32\winmit32.rom Infecté : Trojan-Downloader.Win32.Injecter.aoy ignoré

voila le rapport kapersky ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Sunday, September 28, 2008 10:53:33 PM Système d'exploitation : Home Edition, Service Pack 1 (Build 6001) Kaspersky On-line Scanner version : 5.0.84.2 Dernière mise à jour de la base antivirus Kaspersky : 28/09/2008 Enregistrements dans la base antivirus Kaspersky : 1133526 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: C:\ D:\ E:\ F:\ G:\ H:\ I:\ K:\ Statistiques de l'analyse: Total d'objets analysés: 180575 Nombre de virus trouvés: 10 Nombre d'objets infectés: 88 / 0 Nombre d'objets suspects: 3 Durée de l'analyse: 01:44:45 Nom de l'objet infecté / Nom du virus / Dernière action C:\autorun.inf Infecté : Worm.Win32.AutoRun.nuu ignoré C:\Boot\BCD L'objet est verrouillé ignoré C:\Boot\BCD.LOG L'objet est verrouillé ignoré C:\ProgramData\McAfee\MNA\NAData L'objet est verrouillé ignoré C:\ProgramData\McAfee\MSC\Logs\Events.dat L'objet est verrouillé ignoré C:\ProgramData\McAfee\MSC\Logs\{F1F85C0D-5018-4888-BD2B-4C704AC03180}.log L'objet est verrouillé ignoré C:\ProgramData\McAfee\MSC\McUsers.dat L'objet est verrouillé ignoré C:\ProgramData\McAfee\MSK\MSKWMDB.dat L'objet est verrouillé ignoré C:\ProgramData\McAfee\MSK\settingsdb.dat L'objet est verrouillé ignoré C:\ProgramData\McAfee\VirusScan\Data\TFR4E00.tmp L'objet est verrouillé ignoré C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log L'objet est verrouillé ignoré C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6de9cb26d2b98c01ec4e9e8b34824aa2_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76944fb33636aeddb9590521c2e8815a_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a38be05560bef113ec474bab7364436e_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d6d986f09a1ee04e24c949879fdb506c_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\resycled\boot.com Infecté : Trojan-Downloader.Win32.Agent.ahfm ignoré C:\Users\All Users\McAfee\MNA\NAData L'objet est verrouillé ignoré C:\Users\All Users\McAfee\MSC\Logs\Events.dat L'objet est verrouillé ignoré C:\Users\All Users\McAfee\MSC\Logs\{F1F85C0D-5018-4888-BD2B-4C704AC03180}.log L'objet est verrouillé ignoré C:\Users\All Users\McAfee\MSC\McUsers.dat L'objet est verrouillé ignoré C:\Users\All Users\McAfee\MSK\MSKWMDB.dat L'objet est verrouillé ignoré C:\Users\All Users\McAfee\MSK\settingsdb.dat L'objet est verrouillé ignoré C:\Users\All Users\McAfee\VirusScan\Data\TFR4E00.tmp L'objet est verrouillé ignoré C:\Users\All Users\McAfee\VirusScan\Logs\OAS.Log L'objet est verrouillé ignoré C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6de9cb26d2b98c01ec4e9e8b34824aa2_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\76944fb33636aeddb9590521c2e8815a_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a38be05560bef113ec474bab7364436e_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d6d986f09a1ee04e24c949879fdb506c_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_03cb3f37-df2f-44c5-b03c-19721c5d6839 L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\ApplicationHistory\TurbineLauncher.exe.1044cd6b.ini.inuse L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Cooliris\7bf29136-3982-2f4d-a9b9-67833093cea5\prefs.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\A9021joe_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Ajs0418_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Albachiara23_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Apoet21_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\ATT1D9.eml/Ajs0418_click_BiggerLoads.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\ATT1D9.eml Mail: infecté - 1 ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\ATTB71F.eml Infecté : Trojan-Downloader.HTML.Agent.km ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Bigpimp91_click-onlineRX.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Bigpimp92_click-onlineRX.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Blanton_Buy_PermanentEnlarger.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_LASTLONGER.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_MEDS_HERE.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_online_RX.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_PERMANENTGROW.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Buy_Rx_Here3.html Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Buy_Rx_Here852.html Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_SPERMCOUNT.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\BUY_YOURSPERMCOUNT.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Carla_pp_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Carla_pp_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\ClickHere_Buy_DiscountedRx.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Csesi_Buy_PermanentEnlarger.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dfabila_BUY_PHARMACY.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dfabiolagg_BUY_PHARMACY.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dfabrice3_10POUNDSIN10DAYSDIET.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dfabrice3_click-onlineRX.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dfabrice3_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dfabrice3_click_LASTLONGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dougui72_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dustyshoes3_Buy_PermanentEnlarger.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Dustyshoes3_click_LASTLONGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Ellenrn_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Field_Buy_PermanentEnlarger.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Frankmadero_click-HOMEREFINANCEHERE.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Frtrus.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Gege040_click-onlineRX.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Heathermac1_click-onlineRX.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Icolomer_click-EXPLODING-ORGASMS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Iza_22_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Jade_coote_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Jade_coote_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Little_m_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Marie_jacobs_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Moo_cuddles_Buy_Last-Longer.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Odyza_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\OpenThisHTML_3DayDeliveryRXmed.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Ovekj_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Ovekj_click_LASTLONGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Reese153_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Remglo1_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Samuels96-Lose-10poundsIn10days.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Sharon99_click-ONLINE_PHARM.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Sharon99_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Sharon99_click_LAST-LONGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Swanson_Buy_PermanentEnlarger.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Turner_Buy_PermanentEnlarger.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Wamba41-Lose-10poundsIn10days.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Wamba41_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Wati48_10POUNDSIN10DAYSDIET.HTML Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\Zhloop_click_PERMANENTGrowth.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{049084CB-A728-4E89-B328-128A45CAC896}\BUY_PERMANENTENLARG.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{0D247AAB-FA26-417D-8D78-41CCF1E40E7A}\Reese153_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{127A8392-D7DF-41F6-AE1C-DF86E36BF165}\BUY_PERMANENTENLARG.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{24C6ACA4-9E87-477D-BAFF-1806A36BF4FE}\BUY_PERMANENTENLARG.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{2D87F68E-B7E3-4DD0-A016-E5CF186470EB}\Ovekj_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{57AED87E-E85D-4BCA-B047-006AB48BB524}\Buy_Rx_Here.html Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{5F12D4A3-70DA-41F1-854B-1BBB3779B348}\BUY_PERMANENTENLARG.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{A0573F19-BE99-459D-A5A8-BD0B836A5C68}\Moo_cuddles_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{B0EED6E0-2CED-4A80-9B2A-1682673ADE21}\BUY_PERMANENTENLARG.HTM Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{B958A06D-C714-4C81-8B4E-87D9947FFE27}\Dougui72_click-PERMANENTENLARGER.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{B9C00D43-B160-419A-BAE9-5533E04FAC28}\Moo_cuddles_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Attachments\{C93F143F-D493-499F-9921-80D6AACADAFD}\Ajs0418_click-BIGGERLOADS.htm Infecté : Trojan.JS.Redirector.b ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Deleted Items.imm/[From noreply@mmorpg.com][Date Thu, 22 May 2008 12:30:17 -0400 (EDT)]/text/[From noreply@mmorpg.com][Date Fri, 23 May 2008 01:47:59 -0400 (EDT)]/html Suspect : Trojan-Spy.HTML.Fraud.gen ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Deleted Items.imm/[From noreply@mmorpg.com][Date Thu, 22 May 2008 12:30:17 -0400 (EDT)]/text Suspect : Trojan-Spy.HTML.Fraud.gen ignoré C:\Users\fabrice\AppData\Local\IM\Identities\{1A47D7D7-1169-4E6A-AEF9-2B71CC75B2AF}\Message Store\Deleted Items.imm Mail: suspect - 2 ignoré C:\Users\fabrice\AppData\Local\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008092820080929\index.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\UsrClass.dat{c42dae03-868f-11dd-9a6a-0019d16695ca}.TM.blf L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\UsrClass.dat{c42dae03-868f-11dd-9a6a-0019d16695ca}.TMContainer00000000000000000001.regtrans-ms L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows\UsrClass.dat{c42dae03-868f-11dd-9a6a-0019d16695ca}.TMContainer00000000000000000002.regtrans-ms L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Microsoft\Windows Sidebar\Settings.ini L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\urlclassifier3.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Temp\etilqs_YdQfPhTp6lnTPSHyvflr L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Temp\~DF5179.tmp L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Temp\~DF77D1.tmp L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Local\Turbine\The Lord of the Rings Online\Launcher\Launcher_128671015667338207.log L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Microsoft\Windows\Cookies\index.dat L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\cert8.db L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\content-prefs.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\cookies.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\downloads.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\fireuploader\dbFireUploader.db L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\flashgot.log L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\formhistory.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\key3.db L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\parent.lock L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\permissions.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\places.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\places.sqlite-journal L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Mozilla\Firefox\Profiles\r5n7f6qj.fabrice\search.sqlite L'objet est verrouillé ignoré C:\Users\fabrice\AppData\Roaming\Turbine\PatchClient.log L'objet est verrouillé ignoré C:\Users\fabrice\Desktop\SPB.Mobile.Shell.v2.0.XScale.WM5.WM6.Incl.Keymaker.rar/CORE10k.EXE/cp3.exe Infecté : Trojan.Win32.FraudPack.gen ignoré C:\Users\fabrice\Desktop\SPB.Mobile.Shell.v2.0.XScale.WM5.WM6.Incl.Keymaker.rar/CORE10k.EXE/cp4.exe Infecté : Trojan-Downloader.Win32.Agent.pwa ignoré C:\Users\fabrice\Desktop\SPB.Mobile.Shell.v2.0.XScale.WM5.WM6.Incl.Keymaker.rar/CORE10k.EXE Infecté : Trojan-Downloader.Win32.Agent.pwa ignoré C:\Users\fabrice\Desktop\SPB.Mobile.Shell.v2.0.XScale.WM5.WM6.Incl.Keymaker.rar RAR: infecté - 3 ignoré C:\Users\fabrice\Documents\The Lord of the Rings Online\lotroclient.log L'objet est verrouillé ignoré C:\Users\fabrice\NTUSER.DAT L'objet est verrouillé ignoré C:\Users\fabrice\ntuser.dat.LOG1 L'objet est verrouillé ignoré C:\Users\fabrice\ntuser.dat.LOG2 L'objet est verrouillé ignoré C:\Users\fabrice\NTUSER.DAT{c42dae01-868f-11dd-9a6a-0019d16695ca}.TM.blf L'objet est verrouillé ignoré C:\Users\fabrice\NTUSER.DAT{c42dae01-868f-11dd-9a6a-0019d16695ca}.TMContainer00000000000000000001.regtrans-ms L'objet est verrouillé ignoré C:\Users\fabrice\NTUSER.DAT{c42dae01-868f-11dd-9a6a-0019d16695ca}.TMContainer00000000000000000002.regtrans-ms L'objet est verrouillé ignoré C:\Windows\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\Windows\Debug\WIA\wiatrace.log L'objet est verrouillé ignoré C:\Windows\Logs\CBS\CBS.log L'objet est verrouillé ignoré C:\Windows\Logs\CBS\CBS.persist.log L'objet est verrouillé ignoré C:\Windows\Logs\DPX\setupact.log L'objet est verrouillé ignoré C:\Windows\Logs\DPX\setuperr.log L'objet est verrouillé ignoré C:\Windows\MEMORY.DMP L'objet est verrouillé ignoré C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config L'objet est verrouillé ignoré C:\Windows\Panther\UnattendGC\diagerr.xml L'objet est verrouillé ignoré C:\Windows\Panther\UnattendGC\diagwrn.xml L'objet est verrouillé ignoré C:\Windows\Panther\UnattendGC\setupact.log L'objet est verrouillé ignoré C:\Windows\Panther\UnattendGC\setuperr.log L'objet est verrouillé ignoré C:\Windows\security\database\secedit.sdb L'objet est verrouillé ignoré C:\Windows\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 L'objet est verrouillé ignoré C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 L'objet est verrouillé ignoré C:\Windows\System32\byXRjgGa.dll Infecté : Trojan.Win32.Monder.pmb ignoré C:\Windows\System32\catroot2\edb.log L'objet est verrouillé ignoré C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb L'objet est verrouillé ignoré C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb L'objet est verrouillé ignoré C:\Windows\System32\drivers\sptd.sys L'objet est verrouillé ignoré C:\Windows\System32\drivers\sptddrv1.sys L'objet est verrouillé ignoré C:\Windows\System32\iifdedCu.dll Infecté : Trojan.Win32.Monder.pmb ignoré C:\Windows\System32\jkkKddeD.dll Infecté : Trojan.Win32.Monder.pmb ignoré C:\Windows\System32\LogFiles\Scm\SCM.EVM L'objet est verrouillé ignoré C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré C:\Windows\System32\ohqxonql.exe Infecté : Trojan-Downloader.Win32.FraudLoad.vblv ignoré C:\Windows\System32\opnolMDu.dll Infecté : Trojan.Win32.Monder.pmb ignoré C:\Windows\System32\restore\MachineGuid.txt L'objet est verrouillé ignoré C:\Windows\System32\rqRIyVmL.dll Infecté : Trojan.Win32.Monder.pmb ignoré C:\Windows\System32\spool\SpoolerETW.etl L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\1641F982282E8CA70B0D93F1F2BB145B.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\2131A60D40501A974386B9E42E4FC201.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\39C2F82384C755EF218F0F19FE619F80.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\4BE9D6CB921FE137B78AE9960CDD98B0.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\51787D18E1AD277AC4C4F7BB9EAFD820.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\5679DFE988DE44D70C43B0E87A5D96E6.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\5F037A89915D44B8819F9FCFDE0B489E.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\6364E8D3F688917ECAE1050954B63674.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\66B28EEE188E29399051A60BAF92D333.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\6DADEFFF2FCEDD93F8CEF59036FEF4B9.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\7FAC187A43CA71A854CA4653D8E075B5.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\818B866A009B1338C5AC103B2D8E2372.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\BD818313E410FD46A9F63786A32AEE23.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\C11342792481BC76FD1999C9DFAC936E.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\D566F9B651B60AE7D0B5DEBF57A90E35.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof L'objet est verrouillé ignoré C:\Windows\System32\wbem\Logs\WMITracing.log L'objet est verrouillé ignoré C:\Windows\System32\wbem\Repository\INDEX.BTR L'objet est verrouillé ignoré C:\Windows\System32\wbem\Repository\MAPPING1.MAP L'objet est verrouillé ignoré C:\Windows\System32\wbem\Repository\MAPPING2.MAP L'objet est verrouillé ignoré C:\Windows\System32\wbem\Repository\OBJECTS.DATA L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Application.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\DFS Replication.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\HardwareEvents.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Internet Explorer.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Key Management Service.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Media Center.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\ODiag.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\OSession.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Security.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\Setup.evtx L'objet est verrouillé ignoré C:\Windows\System32\winevt\Logs\System.evtx L'objet est verrouillé ignoré C:\Windows\System32\winfbn32.rom Infecté : Trojan-Downloader.Win32.Injecter.aoy ignoré C:\Windows\System32\winips32.rom Infecté : Trojan-Downloader.Win32.Injecter.aoy ignoré C:\Windows\System32\winmit32.rom Infecté : Trojan-Downloader.Win32.Injecter.aoy ignoré C:\Windows\Tasks\Maintenance en 1 clic.job L'objet est verrouillé ignoré C:\Windows\Tasks\McDefragTask.job L'objet est verrouillé ignoré C:\Windows\Tasks\McQcTask.job L'objet est verrouillé ignoré C:\Windows\Tasks\SCHEDLGU.TXT L'objet est verrouillé ignoré C:\Windows\WindowsUpdate.log L'objet est verrouillé ignoré C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd L'objet est verrouillé ignoré C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd L'objet est verrouillé ignoré Analyse terminée.

bon voila la situation j ai exécuter les commande cite dessus ok télécharger OTMoveIT (pour info le programme j ai reussi a l avoir en fesant une recherche sur google car avec le lien impossible pour moi la encore ) ensuite en lançant le programme et en supprimant la liste il me dit qu il n as pas réussi a créé un fichier de rapport dans C... ensuite j ai essayer la manip de Smitfraudfix ,la jai réussi a avoir un rapport que je post plus bas et pour finir j ai réussi a télécharger FixWareout an passant par google mais quand je le lance il demande apparemment de reboot le pc et appuyer sur une touche mais la message la version de windos n est pas supporte (windos vista 32 ) raport Smitfraudfix SmitFraudFix v2.354 Rapport fait à 18:06:41,12, 28/09/2008 Executé à partir de C:\Users\fabrice\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6001] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: Connexion LAN Intel® 82566DC Gigabit Platform DNS Server Search Order: 85.255.116.26 DNS Server Search Order: 85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer=85.255.116.26,85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer=85.255.116.26,85.255.112.89 HKLM\SYSTEM\CS3\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer=85.255.116.26,85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix Description: Connexion LAN Intel® 82566DC Gigabit Platform DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: DhcpNameServer=192.168.1.1

voila le rapport je sais pas si c est important mais j ai du faire l oprion 1 en mode sans echec SmitFraudFix v2.354 Scan done at 17:00:24,19, 28/09/2008 Run from C:\Users\fabrice\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6001] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\services.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\system32\svchost.exe C:\Windows\Explorer.EXE C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\fabrice »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\fabrice\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\fabrice\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, following keys are not inevitably infected!!! »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=dword:00000000 "AppInit_DLLs"="hdxsfz.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer=85.255.116.26,85.255.112.89 HKLM\SYSTEM\CS1\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer=85.255.116.26,85.255.112.89 HKLM\SYSTEM\CS3\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer=85.255.116.26,85.255.112.89 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

le soucis c est que je n arive pas as telecharger sur ce lien (page blanche ) existe t il un autre lien

bonjour je penses être infecte (impossible de coriger mon antivirus, service de l antivirus désactive,impossible de metre a jour par windos update etc ) voila mon rapport HijackThis merci d avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:21:24, on 28/09/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Windows\system32\dlcxcoms.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\nHancer\nHancerService.exe C:\Windows\system32\svchost.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\CtHelper.exe C:\Windows\System32\Ctxfihlp.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Windows\System32\CTXFISPI.EXE C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Windows\system32\svchost.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Windows\System32\rundll32.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\nHancer\nHancer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\IncrediMail\bin\ImApp.exe C:\Windows\system32\taskeng.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\fabrice\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [nHancer] "C:\Program Files\nHancer\nHancer.exe" /tray O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{87293B2D-9068-42B7-82D3-2FA28F2E0D75}: NameServer = 85.255.116.26,85.255.112.89 O20 - AppInit_DLLs: hdxsfz.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdyvj.exe -- End of file - 10875 bytes