cyrille_1971

voila chrifleur, le rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:18:54, on 01/10/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\schtasks.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\System32\mobsync.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\hp\kbd\kbd.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Users\cyrille\Desktop\protection\HiJackThis.exe C:\Windows\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.canalblog.com/sharedDocs/misc/u...geUploader5.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/...geUploader4.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cyrille11071971.spaces.live.com/Pho...nPUpldfr-fr.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://labo.nomatica.com/downloads/ImageUploader3.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9595 bytes cordialement Cyrille

Chrifleur, le scan est terminé, il n'a rien trouvé et depuis hier soir, plus de trace de fenetre d'alerte voici le rapport # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3485 (20081001) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=224d110d20724a44b81d6539ba59f9af # end=finished # remove_checked=false # unwanted_checked=false # utc_time=2008-10-01 11:30:06 # local_time=2008-10-01 01:30:06 (+0100, Paris, Madrid (heure d'été)) # country="France" # osver=6.0.6001 NT Service Pack 1 # scanned=396424 # found=0 # scan_time=5317 veux tu aussi un nouveau rapport hijackthis ? cordialement Cyrille

ok Chrifleur merci les modifs sont effectuées scan en cour je te tiens au courant cordialement Ctrille

Bonjour Chrifleur, le service n'a pas pu s'installer, voici le message dans la fenetre de Eset : Error : Cannot initialize online scaner. Administrator right required Que fais je s'il te plait ???? Cordialement Cyrille

Chrifleur voila le rapport de combofix les fichiers sont supprimés pour le moment, la fenetre n'a pas encore apparu, peut être est-ce bon ??? enfin, merci pour ton efficacité et ta rapidité Cyrille ComboFix 08-09-28.05 - cyrille 2008-09-30 16:42:13.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1143 [GMT 2:00] Lancé depuis: C:\Users\cyrille\Desktop\ComboFix.exe Commutateurs utilisés :: C:\Users\cyrille\Desktop\CFScript.txt * Un nouveau point de restauration a été créé FILE :: C:\ProgramData\ComSh\pcpwhypy.exe C:\ProgramData\ezsidmv.dat C:\Users\All Users\ezsidmv.dat C:\Windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx C:\Windows\Downloaded Program Files\CONFLICT.2\ImageUploader5.ocx . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\ComSh C:\ProgramData\ComSh\pcpwhypy.exe C:\ProgramData\ezsidmv.dat C:\ProgramData\nyjkhezy C:\Users\All Users\ComSh\pcpwhypy.exe C:\Users\All Users\ezsidmv.dat C:\Windows\Downloaded Program Files\CONFLICT.1 C:\Windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx C:\Windows\Downloaded Program Files\CONFLICT.2 C:\Windows\Downloaded Program Files\CONFLICT.2\ImageUploader5.inf C:\Windows\Downloaded Program Files\CONFLICT.2\ImageUploader5.ocx . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 )))))))))))))))))))))))))))))))))))) . 2008-09-30 11:28 . 2008-09-30 11:29 <REP> d-------- C:\rsit 2008-09-30 11:28 . 2008-09-30 11:29 <REP> d-------- C:\Program Files\trend micro 2008-09-30 10:56 . 2008-09-30 10:56 <REP> d-------- C:\Program Files\Enigma Software Group 2008-09-30 08:57 . 2008-09-30 08:57 <REP> d-------- C:\_OTMoveIt 2008-09-29 18:17 . 2008-09-30 08:48 <REP> d-------- C:\Program Files\Navilog1 2008-09-29 18:12 . 2008-09-30 15:28 <REP> d-------- C:\Upload_Me 2008-09-29 18:10 . 2008-09-29 18:10 <REP> d-------- C:\Program Files\MSNFix 2008-09-28 10:28 . 2008-09-28 10:28 <REP> d-------- C:\Users\cyrille\AppData\Roaming\Malwarebytes 2008-09-28 10:28 . 2008-09-28 10:28 <REP> d-------- C:\Users\All Users\Malwarebytes 2008-09-28 10:28 . 2008-09-28 10:28 <REP> d-------- C:\ProgramData\Malwarebytes 2008-09-28 10:28 . 2008-09-28 10:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-28 10:28 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-28 10:28 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-27 23:33 . 2008-09-30 10:35 <REP> d--h----- C:\$AVG8.VAULT$ 2008-09-27 09:35 . 2008-09-30 08:45 <REP> d-------- C:\Windows\System32\drivers\Avg 2008-09-27 09:35 . 2008-09-27 09:35 <REP> d-------- C:\Users\All Users\avg8 2008-09-27 09:35 . 2008-09-27 09:35 <REP> d-------- C:\ProgramData\avg8 2008-09-27 09:35 . 2008-09-27 09:35 <REP> d-------- C:\Program Files\AVG 2008-09-27 09:35 . 2008-09-27 09:35 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys 2008-09-27 09:35 . 2008-09-27 09:35 10,520 --a------ C:\Windows\System32\avgrsstx.dll 2008-09-24 19:54 . 2007-10-15 18:02 8,535 --a------ C:\Windows\System32\nvide.nvu 2008-09-24 19:53 . 2007-08-21 18:26 356,352 --a------ C:\Windows\System32\NVUNINST.EXE 2008-09-20 12:44 . 2008-09-20 12:44 99,648 --a------ C:\Windows\System32\drivers\AnyDVD.sys 2008-09-11 08:47 . 2008-09-11 08:47 <REP> d-------- C:\Users\All Users\WindowsSearch 2008-09-11 08:47 . 2008-09-11 08:47 <REP> d-------- C:\ProgramData\WindowsSearch 2008-09-10 09:05 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-10 09:05 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-10 09:05 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-10 09:05 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-10 09:05 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-10 09:05 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-10 09:05 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-10 09:05 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-10 09:05 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-03 19:32 . 2008-09-03 19:32 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-08-25 12:56 . 2008-08-25 12:56 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf 2008-08-24 16:32 . 2008-08-24 16:32 <REP> d-------- C:\PerfLogs 2008-08-19 03:13 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-08-19 03:13 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-08-19 03:13 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-08-19 03:13 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-08-19 03:13 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-08-19 03:13 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-08-19 03:13 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-08-19 03:13 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-08-19 03:13 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-08-15 03:05 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-01 10:02 . 2008-08-01 10:02 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-08-01 10:02 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-28 17:50 --------- d-----w C:\Users\cyrille\AppData\Roaming\Skype 2008-09-28 17:49 --------- d-----w C:\Users\cyrille\AppData\Roaming\skypePM 2008-09-11 01:03 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-11 01:01 --------- d-----w C:\Program Files\Microsoft Works 2008-09-08 16:11 --------- d-----w C:\ProgramData\Roxio 2008-09-08 15:46 --------- d-----w C:\ProgramData\DVD Shrink 2008-09-05 07:22 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-24 14:46 174 --sha-w C:\Program Files\desktop.ini 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Mail 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Journal 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Defender 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Collaboration 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Calendar 2008-08-12 13:47 --------- d---a-w C:\ProgramData\TEMP 2008-08-12 07:31 --------- d-----w C:\Program Files\TubeMaster 2008-08-02 01:01 --------- d-----w C:\Program Files\Windows Live 2008-08-01 07:56 --------- d-----w C:\ProgramData\WLInstaller 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-30 20:37 --------- d-----w C:\ProgramData\Skype 2008-07-30 20:37 --------- d-----w C:\Program Files\Skype 2008-07-30 20:37 --------- d-----w C:\Program Files\Common Files\Skype 2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR 2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-10 13:34 54 ----a-w C:\Users\cyrille\AppData\Roaming\wklnhst.dat . ((((((((((((((((((((((((((((( snapshot@2008-09-30_12.17.50.82 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-28 17:47:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-09-30 14:46:18 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-09-28 17:47:42 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-09-30 14:46:18 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-09-28 17:49:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-30 14:46:45 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-30 14:46:45 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-09-30 10:17:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-30 14:47:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-09-30 09:24:42 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-30 13:03:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-09-30 09:24:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-30 13:03:58 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-09-30 09:24:42 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-30 13:03:58 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-09-30 10:14:44 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-09-30 14:41:32 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-09-30 14:41:32 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2008-09-28 17:49:43 8,476 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-814008185-1623704978-2661717547-1000_UserData.bin + 2008-09-30 14:48:20 9,050 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-814008185-1623704978-2661717547-1000_UserData.bin - 2008-09-28 17:49:43 50,778 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-09-30 14:48:20 51,090 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-09-28 17:49:35 45,446 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-09-30 14:48:13 45,926 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-20 2177984] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176] "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdc.exe" [2007-01-24 563080] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920] "NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1377576] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-04-06 73728] "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{66FB78F9-567E-4B7D-B148-A676BA68EC41}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{E4224C1F-2852-494C-9C7C-7D4FC407F962}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D4F57DC9-6B8D-4257-882D-DAAD7B904C2B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{03193DF7-1C54-4662-B32D-B43DB54BF1D8}"= UDP:990:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001 "TCP Query User{3C985349-44A4-4436-AE3F-2DAAB9C6B377}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{5DB16C50-C0C4-4EFE-A620-C71263DBCC39}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{F83BADB1-B24A-494D-95A6-3125742425C8}"= UDP:5721:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4002 "{76C410CA-86FE-40AF-8245-B2A517E33F60}"= UDP:1034:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4003 "{49ADF4AB-B4AA-4322-B16E-CAAB8ADF9F18}"= UDP:5678:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004 "{FD38FCDC-1AAF-4FE9-B58F-B8BFA39D2C6D}"= UDP:999:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005 "{5E98020F-2324-4FFB-B1EE-92333EE668ED}"= UDP:26675:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4006 "{24091200-7D69-44BD-9503-26C064617460}"= UDP:990:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001 "{9C43F343-44C8-4B0D-A1BA-6506BD3BDF3E}"= Disabled:UDP:E:\setup\HPZnui01.exe:hpznui01.exe "{8DB3B810-D218-4E2E-9A57-A4A659EF35B1}"= Disabled:TCP:E:\setup\HPZnui01.exe:hpznui01.exe "{AE765E85-EEF6-4850-97A0-FA284A6DACE8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{F788D02F-C005-45EC-9766-10F93B4FBC58}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{51C68EF9-F7F0-4352-9D1D-F33D81E9E67B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{CBC50F24-982D-4387-8376-9D6F66C6FA86}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{80DE8A9D-F88B-49EF-A379-A6490C65D150}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{E123C4CE-77E3-4C09-AB21-3C86B191D1DA}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{BD357DA2-BE0D-4DFB-9BDD-FEA85C63962E}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{8E8B4C39-B80C-4BB1-B1FB-01213B9C999C}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{E54BAD1C-6C50-4F8B-9315-2DDC9D7951E4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{7F00BEAF-ACD9-4D39-A21F-0BB62CA49AF6}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{DE34ABD9-F0C1-440E-A30A-507C8EF53360}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe "{90D214D7-EEC2-4212-8934-2010FEC95A9E}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe "{C8707B8F-0061-4038-A5C0-5C3758FD996B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{526578B1-0A34-4539-B1B8-4879CF22DCE0}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{6BCAFC74-E142-46CF-B0AC-23CF95668867}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{F6835B7C-27D0-490A-BF8E-B5E618AC24AB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{70897FE0-E69E-4250-8775-E352673D4ADF}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe "{44DD43D3-4223-4BC0-BA10-C8D34E69943F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe "{AA966026-99B3-4B70-AB59-96794B005C3F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe "{C8E72141-5293-4BC4-84C6-E5C63183D694}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe "{28A0916B-33E7-4E3A-AF8E-9150BC02FDDC}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{9E69B023-C6D1-4408-B0B0-162AE451115D}C:\\sierra\\empire earth\\empire earth.exe"= UDP:C:\sierra\empire earth\empire earth.exe:Empire Earth "UDP Query User{BB31195C-6C8E-44CF-8553-A21D18EE7788}C:\\sierra\\empire earth\\empire earth.exe"= TCP:C:\sierra\empire earth\empire earth.exe:Empire Earth "{B4E82E20-0AE0-49E6-9F52-5082791031C5}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "{D46B898E-FA8A-4E32-8DEA-6A34879C005D}"= UDP:5721:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4002 "{84F7C063-1A70-47D7-AEF5-CD13F8AC7548}"= UDP:1034:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4003 "{425D263D-71B1-4EE9-8F4D-4D4B66758942}"= UDP:5678:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004 "{280AEFBE-899B-494C-A655-06A555A173FF}"= UDP:999:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005 "{321DD03A-E24D-4625-A1C2-5A25A510CA65}"= UDP:26675:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4006 "{F8152021-48F1-41DE-99DC-B1F1259E4305}"= UDP:990:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001 "{DF1DED75-A0C7-4319-884D-52BC6F340AF3}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-27 97928] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704] R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 3076608] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13788dfe-cbef-11dc-a870-001bb9f65e74}] \shell\AutoRun\command - L:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152ebdcf-5fdf-11dd-a62b-001bb9f65e74}] \shell\AutoRun\command - F:\InstallTomTomHOME.exe . Contenu du dossier 'Tâches planifiées' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 16:47:13 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\Ati2evxx.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\System32\WUDFHost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Windows\System32\conime.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\schtasks.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe C:\hp\KBD\kbd.exe . ************************************************************************** . Heure de fin: 2008-09-30 16:54:13 - La machine a redémarré ComboFix-quarantined-files.txt 2008-09-30 14:53:58 ComboFix2.txt 2008-09-30 10:18:54 Avant-CF: 92ÿ248ÿ604ÿ672 octets libres Après-CF: 92,317,294,592 octets libres 285 --- E O F --- 2008-09-26 03:44:52

Chrifleur, désolé, le programme clean démarre mais après avoir validé l'option 1 il ne m'affiche que des lignes accès refusé puis à la fin une fenetre Lfiles s'ouvre avec le message : Run-time error '75': path/files access error dois je désactiver quelque chose ??? cordialement Cyrille

ok Chrifleur RAV executé mais il m'annonce Ordinateur Sain je ne trouve pas le rapport je suis entrain de vacciner ma clé usb

ok, je dois m'absenter un peu mais je reviens tout a l'heure encore merci pour ton aide

combofix executé avec les précautions recquises voici le log, faut-il que je redémmarre pour finaliser ??? ComboFix 08-09-28.03 - cyrille 2008-09-30 12:14:50.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1004 [GMT 2:00] Lancé depuis: C:\Users\cyrille\Desktop\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\AutoRun.inf C:\Windows\system32\jusched.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 )))))))))))))))))))))))))))))))))))) . 2008-09-30 11:28 . 2008-09-30 11:29 <REP> d-------- C:\rsit 2008-09-30 11:28 . 2008-09-30 11:29 <REP> d-------- C:\Program Files\trend micro 2008-09-30 10:56 . 2008-09-30 10:56 <REP> d-------- C:\Program Files\Enigma Software Group 2008-09-30 08:57 . 2008-09-30 08:57 <REP> d-------- C:\_OTMoveIt 2008-09-29 18:17 . 2008-09-30 08:48 <REP> d-------- C:\Program Files\Navilog1 2008-09-29 18:12 . 2008-09-29 18:12 <REP> d-------- C:\Upload_Me 2008-09-29 18:10 . 2008-09-29 18:10 <REP> d-------- C:\Program Files\MSNFix 2008-09-28 10:28 . 2008-09-28 10:28 <REP> d-------- C:\Users\cyrille\AppData\Roaming\Malwarebytes 2008-09-28 10:28 . 2008-09-28 10:28 <REP> d-------- C:\Users\All Users\Malwarebytes 2008-09-28 10:28 . 2008-09-28 10:28 <REP> d-------- C:\ProgramData\Malwarebytes 2008-09-28 10:28 . 2008-09-28 10:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-28 10:28 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-28 10:28 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-27 23:33 . 2008-09-30 10:35 <REP> d--h----- C:\$AVG8.VAULT$ 2008-09-27 09:35 . 2008-09-30 08:45 <REP> d-------- C:\Windows\System32\drivers\Avg 2008-09-27 09:35 . 2008-09-27 09:35 <REP> d-------- C:\Users\All Users\avg8 2008-09-27 09:35 . 2008-09-27 09:35 <REP> d-------- C:\ProgramData\avg8 2008-09-27 09:35 . 2008-09-27 09:35 <REP> d-------- C:\Program Files\AVG 2008-09-27 09:35 . 2008-09-27 09:35 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys 2008-09-27 09:35 . 2008-09-27 09:35 10,520 --a------ C:\Windows\System32\avgrsstx.dll 2008-09-27 00:27 . 2008-09-28 19:47 <REP> d-------- C:\Users\All Users\nyjkhezy 2008-09-27 00:27 . 2008-09-27 00:27 <REP> d-------- C:\Users\All Users\ComSh 2008-09-27 00:27 . 2008-09-28 19:47 <REP> d-------- C:\ProgramData\nyjkhezy 2008-09-27 00:27 . 2008-09-27 00:27 <REP> d-------- C:\ProgramData\ComSh 2008-09-24 19:54 . 2007-10-15 18:02 8,535 --a------ C:\Windows\System32\nvide.nvu 2008-09-24 19:53 . 2007-08-21 18:26 356,352 --a------ C:\Windows\System32\NVUNINST.EXE 2008-09-20 12:44 . 2008-09-20 12:44 99,648 --a------ C:\Windows\System32\drivers\AnyDVD.sys 2008-09-11 08:47 . 2008-09-11 08:47 <REP> d-------- C:\Users\All Users\WindowsSearch 2008-09-11 08:47 . 2008-09-11 08:47 <REP> d-------- C:\ProgramData\WindowsSearch 2008-09-10 09:05 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-10 09:05 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-10 09:05 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-10 09:05 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-10 09:05 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-10 09:05 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-10 09:05 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-10 09:05 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-10 09:05 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-03 19:32 . 2008-09-03 19:32 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-08-25 12:56 . 2008-08-25 12:56 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf 2008-08-24 16:32 . 2008-08-24 16:32 <REP> d-------- C:\PerfLogs 2008-08-19 03:13 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-08-19 03:13 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-08-19 03:13 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-08-19 03:13 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-08-19 03:13 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-08-19 03:13 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-08-19 03:13 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-08-19 03:13 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-08-19 03:13 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-08-15 03:05 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-01 10:02 . 2008-08-01 10:02 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition 2008-08-01 10:02 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-28 17:50 --------- d-----w C:\Users\cyrille\AppData\Roaming\Skype 2008-09-28 17:49 --------- d-----w C:\Users\cyrille\AppData\Roaming\skypePM 2008-09-11 01:03 --------- d-----w C:\ProgramData\Microsoft Help 2008-09-11 01:01 --------- d-----w C:\Program Files\Microsoft Works 2008-09-08 16:11 --------- d-----w C:\ProgramData\Roxio 2008-09-08 15:46 --------- d-----w C:\ProgramData\DVD Shrink 2008-09-05 07:22 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-24 14:46 174 --sha-w C:\Program Files\desktop.ini 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Sidebar 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Mail 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Journal 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Defender 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Collaboration 2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Calendar 2008-08-24 10:57 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-08-24 10:57 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-08-12 13:47 --------- d---a-w C:\ProgramData\TEMP 2008-08-12 07:31 --------- d-----w C:\Program Files\TubeMaster 2008-08-02 01:01 --------- d-----w C:\Program Files\Windows Live 2008-08-01 07:56 --------- d-----w C:\ProgramData\WLInstaller 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-30 20:40 56 ---ha-w C:\Users\All Users\ezsidmv.dat 2008-07-30 20:40 56 ---ha-w C:\ProgramData\ezsidmv.dat 2008-07-30 20:37 --------- d-----w C:\ProgramData\Skype 2008-07-30 20:37 --------- d-----w C:\Program Files\Skype 2008-07-30 20:37 --------- d-----w C:\Program Files\Common Files\Skype 2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR 2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-06-26 11:06 93,128 ----a-w C:\Windows\System32\ElbyCDIO.dll 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL 2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-11 12:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe 2008-03-10 13:34 54 ----a-w C:\Users\cyrille\AppData\Roaming\wklnhst.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-20 2177984] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "ComSh"="C:\ProgramData\ComSh\pcpwhypy.exe" [2008-09-27 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176] "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdc.exe" [2007-01-24 563080] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920] "NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1377576] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-04-06 73728] "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{66FB78F9-567E-4B7D-B148-A676BA68EC41}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{E4224C1F-2852-494C-9C7C-7D4FC407F962}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D4F57DC9-6B8D-4257-882D-DAAD7B904C2B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{03193DF7-1C54-4662-B32D-B43DB54BF1D8}"= UDP:990:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001 "TCP Query User{3C985349-44A4-4436-AE3F-2DAAB9C6B377}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{5DB16C50-C0C4-4EFE-A620-C71263DBCC39}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{F83BADB1-B24A-494D-95A6-3125742425C8}"= UDP:5721:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4002 "{76C410CA-86FE-40AF-8245-B2A517E33F60}"= UDP:1034:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4003 "{49ADF4AB-B4AA-4322-B16E-CAAB8ADF9F18}"= UDP:5678:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004 "{FD38FCDC-1AAF-4FE9-B58F-B8BFA39D2C6D}"= UDP:999:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005 "{5E98020F-2324-4FFB-B1EE-92333EE668ED}"= UDP:26675:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4006 "{24091200-7D69-44BD-9503-26C064617460}"= UDP:990:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001 "{9C43F343-44C8-4B0D-A1BA-6506BD3BDF3E}"= Disabled:UDP:E:\setup\HPZnui01.exe:hpznui01.exe "{8DB3B810-D218-4E2E-9A57-A4A659EF35B1}"= Disabled:TCP:E:\setup\HPZnui01.exe:hpznui01.exe "{AE765E85-EEF6-4850-97A0-FA284A6DACE8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{F788D02F-C005-45EC-9766-10F93B4FBC58}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{51C68EF9-F7F0-4352-9D1D-F33D81E9E67B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{CBC50F24-982D-4387-8376-9D6F66C6FA86}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{80DE8A9D-F88B-49EF-A379-A6490C65D150}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{E123C4CE-77E3-4C09-AB21-3C86B191D1DA}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{BD357DA2-BE0D-4DFB-9BDD-FEA85C63962E}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{8E8B4C39-B80C-4BB1-B1FB-01213B9C999C}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{E54BAD1C-6C50-4F8B-9315-2DDC9D7951E4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{7F00BEAF-ACD9-4D39-A21F-0BB62CA49AF6}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{DE34ABD9-F0C1-440E-A30A-507C8EF53360}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe "{90D214D7-EEC2-4212-8934-2010FEC95A9E}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe "{C8707B8F-0061-4038-A5C0-5C3758FD996B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{526578B1-0A34-4539-B1B8-4879CF22DCE0}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{6BCAFC74-E142-46CF-B0AC-23CF95668867}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{F6835B7C-27D0-490A-BF8E-B5E618AC24AB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{70897FE0-E69E-4250-8775-E352673D4ADF}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe "{44DD43D3-4223-4BC0-BA10-C8D34E69943F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe "{AA966026-99B3-4B70-AB59-96794B005C3F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe "{C8E72141-5293-4BC4-84C6-E5C63183D694}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe "{28A0916B-33E7-4E3A-AF8E-9150BC02FDDC}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{9E69B023-C6D1-4408-B0B0-162AE451115D}C:\\sierra\\empire earth\\empire earth.exe"= UDP:C:\sierra\empire earth\empire earth.exe:Empire Earth "UDP Query User{BB31195C-6C8E-44CF-8553-A21D18EE7788}C:\\sierra\\empire earth\\empire earth.exe"= TCP:C:\sierra\empire earth\empire earth.exe:Empire Earth "{B4E82E20-0AE0-49E6-9F52-5082791031C5}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "{D46B898E-FA8A-4E32-8DEA-6A34879C005D}"= UDP:5721:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4002 "{84F7C063-1A70-47D7-AEF5-CD13F8AC7548}"= UDP:1034:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4003 "{425D263D-71B1-4EE9-8F4D-4D4B66758942}"= UDP:5678:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004 "{280AEFBE-899B-494C-A655-06A555A173FF}"= UDP:999:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005 "{321DD03A-E24D-4625-A1C2-5A25A510CA65}"= UDP:26675:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4006 "{F8152021-48F1-41DE-99DC-B1F1259E4305}"= UDP:990:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001 "{DF1DED75-A0C7-4319-884D-52BC6F340AF3}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-27 97928] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704] R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 3076608] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13788dfe-cbef-11dc-a870-001bb9f65e74}] \shell\AutoRun\command - L:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152ebdcf-5fdf-11dd-a62b-001bb9f65e74}] \shell\AutoRun\command - F:\InstallTomTomHOME.exe *Newly Created Service* - CATCHME *Newly Created Service* - MCHINJDRV *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' . . ------- Examen supplémentaire ------- . R0 -: HKCU-Main,Start Page = O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.canalblog.com/sharedDocs/misc/uploader/ImageUploader5.cab C:\Windows\Downloaded Program Files\CONFLICT.2\ImageUploader5.inf C:\Windows\System32\unicows.dll C:\Windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx C:\Windows\Downloaded Program Files\CONFLICT.2\ImageUploader5.ocx O16 -: {E1342154-4889-42B5-BEF6-19237577048F} - hxxp://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/zuma/oberongamesloader.cab C:\Windows\Downloaded Program Files\Oberongamesloader.inf C:\Windows\Downloaded Program Files\Oberongamesloader.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 12:17:22 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-09-30 12:18:53 ComboFix-quarantined-files.txt 2008-09-30 10:18:37 Avant-CF: 86ÿ204ÿ555ÿ264 octets libres Après-CF: 87,639,363,584 octets libres 250 --- E O F --- 2008-09-26 03:44:52

oups je te l'ai pas mis ou il fallait j'ai répondu à ton autre topic dis moi si t'y vois quelque chose

voila les rapport dabbord info puis log j'ai du mal à bien comprendre ces fichier encore merci pour ton aide Cyrille info.txt logfile of random's system information tool 1.02 2008-09-30 11:29:04 ======Uninstall list====== -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} 7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe" Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} AlerteGPS G300-->C:\Program Files\AlerteGPS\G300\Uninstal.exe AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD" Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Caesar IV-->C:\Program Files\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\setup.exe -runfromtemp -l0x040c -removeonly ccc-Branding-->MsiExec.exe /I{4F027497-15AE-4DE5-B3BC-8E721C6127DE} CD Jaquette 5.0-->"C:\JSAL Software\CD Jaquette\uninstall.exe" CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD" doPDF 6.0 printer-->"C:\Program Files\Softland\doPDF 6\unins000.exe" DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" Empire Earth Patch 1.0.4.0-->C:\Sierra\EMPIRE~1\UNWISE.EXE C:\Sierra\EMPIRE~1\INSTALL.LOG Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe" -l0x40c Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62} Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068} GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {69ca8988-1c6c-4285-b8af-db780a6e42af} Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->MsiExec.exe /X{69CA8988-1C6C-4285-B8AF-DB780A6E42AF} Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8} Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E} Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367} HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6} HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}\setup.exe -runfromtemp -l0x0409 HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC} HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{D64BC2CF-0F12-47d7-B412-B4F3FD684253}\setup\hpzscr01.exe -datfile hposcr21.dat HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B} HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7} HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Total Care Advisor-->MsiExec.exe /X{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B} HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4} HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3} Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} KaraFun 1.18-->"C:\Program Files\KaraFun\unins000.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4040C-6000-11D3-8CFE-0150048383C9} Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791} Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829} Microsoft SQL Server VSS Writer-->MsiExec.exe /I{75FF1600-6330-43FA-9022-E0835BF20778} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C} Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144} MSNFix 1.746-->"C:\Program Files\MSNFix\unins000.exe" MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}\setup.exe -runfromtemp -l0x040c -removeonly MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723} Navilog1 3.6.5-->"C:\Program Files\Navilog1\unins000.exe" Nero BackItUp 2 Essentials-->MsiExec.exe /X{7D041B4C-076F-4F16-A2F9-B0F8D7B81036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI Outils de diagnostic du matériel-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe PDFTK Builder 3.2-->"C:\Program Files\PDFTK Builder\unins000.exe" PSP Video 9 2.25-->C:\Program Files\Red Kawa\Video Converter\uninstaller.exe Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82} Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87} Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B} Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF} Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240} Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Solution de clavier multimédia amélioré-->C:\HP\KBD\Install.exe /u System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe TCPMP-->C:\Windows\WindowsMobile\TCPMP\Uninstall.exe TCPMP TubeMaster-->"C:\Program Files\TubeMaster\uninstall.exe" Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456} VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe VirtualDub 1.6.9 Fr-->C:\Program Files\VirtualDub\UnInstall_VirtualDub.exe Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954} XnView 1.93.6-->"C:\Program Files\XnView\unins000.exe" ZikiTranslator 1.3.5a-->C:\Program Files\ZikiTranslator\uninst.exe ======Security center information====== AV: AVG Anti-Virus Free AS: AVG Anti-Virus Free (disabled) AS: Windows Defender ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=6b02 "NUMBER_OF_PROCESSORS"=2 "RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\ "PLATFORM"=HPD "PCBRAND"=Pavilion "OnlineServices"=Services en ligne -----------------EOF----------------- Logfile of random's system information tool 1.02 (written by random/random) Run by cyrille at 2008-09-30 11:28:46 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 83 GB (28%) free of 298 GB Total RAM: 2046 MB (43% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:29:00, on 30/09/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\schtasks.exe C:\Windows\system32\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Windows\ehome\ehmsas.exe C:\ProgramData\ComSh\pcpwhypy.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\hp\kbd\kbd.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\cyrille\Desktop\RSIT.exe C:\Program Files\trend micro\cyrille.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ComSh] C:\ProgramData\ComSh\pcpwhypy.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.canalblog.com/sharedDocs/misc/u...geUploader5.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/...geUploader4.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cyrille11071971.spaces.live.com/Pho...nPUpldfr-fr.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://labo.nomatica.com/downloads/ImageUploader3.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 10524 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{719EC912-FD84-4CB4-97A2-5A0FFCA6E766}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-27 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-01-17 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-01-17 2436160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536] "KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536] "OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784] "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240] "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24 71176] "SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152] ""=C:\Windows\system32\ "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdc.exe [2007-01-24 563080] "CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 81920] "NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2007-09-17 1377576] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-09-10 1253040] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "PCDrProfiler"=C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-04-06 73728] "Launcher"=C:\Windows\SMINST\launcher.exe [2007-04-03 44168] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] "AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2008-09-20 2177984] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872] "ComSh"=C:\ProgramData\ComSh\pcpwhypy.exe [2008-09-27 94208] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13788dfe-cbef-11dc-a870-001bb9f65e74}] shell\AutoRun\command - L:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152ebdcf-5fdf-11dd-a62b-001bb9f65e74}] shell\AutoRun\command - F:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae52f89-c842-11dc-adc8-001bb9f65e74}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs ======List of files/folders created in the last 1 months====== 2008-09-30 11:28:48 ----D---- C:\Program Files\trend micro 2008-09-30 11:28:46 ----D---- C:\rsit 2008-09-30 10:56:27 ----D---- C:\Program Files\Enigma Software Group 2008-09-30 08:57:47 ----D---- C:\_OTMoveIt 2008-09-29 18:20:11 ----A---- C:\fixnavi.txt 2008-09-29 18:17:06 ----D---- C:\Program Files\Navilog1 2008-09-29 18:12:07 ----D---- C:\Upload_Me 2008-09-29 18:10:05 ----D---- C:\Program Files\MSNFix 2008-09-28 19:47:29 ----D---- C:\Avenger 2008-09-28 19:47:29 ----A---- C:\avenger.txt 2008-09-28 10:28:52 ----D---- C:\Users\cyrille\AppData\Roaming\Malwarebytes 2008-09-28 10:28:49 ----D---- C:\ProgramData\Malwarebytes 2008-09-28 10:28:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-27 23:33:00 ----HD---- C:\$AVG8.VAULT$ 2008-09-27 09:35:48 ----A---- C:\Windows\system32\avgrsstx.dll 2008-09-27 09:35:45 ----D---- C:\ProgramData\avg8 2008-09-27 09:35:45 ----D---- C:\Program Files\AVG 2008-09-27 00:27:22 ----D---- C:\ProgramData\nyjkhezy 2008-09-27 00:27:20 ----D---- C:\ProgramData\ComSh 2008-09-25 03:00:31 ----A---- C:\Windows\system32\msshooks.dll 2008-09-25 03:00:31 ----A---- C:\Windows\system32\msscb.dll 2008-09-25 03:00:28 ----A---- C:\Windows\system32\SearchFilterHost.exe 2008-09-25 03:00:28 ----A---- C:\Windows\system32\propdefs.dll 2008-09-25 03:00:28 ----A---- C:\Windows\system32\msstrc.dll 2008-09-25 03:00:28 ----A---- C:\Windows\system32\mssitlb.dll 2008-09-25 03:00:28 ----A---- C:\Windows\system32\msshsq.dll 2008-09-25 03:00:27 ----A---- C:\Windows\system32\thawbrkr.dll 2008-09-25 03:00:27 ----A---- C:\Windows\system32\srchadmin.dll 2008-09-25 03:00:27 ----A---- C:\Windows\system32\propsys.dll 2008-09-25 03:00:27 ----A---- C:\Windows\system32\mssprxy.dll 2008-09-25 03:00:27 ----A---- C:\Windows\system32\korwbrkr.dll 2008-09-25 03:00:26 ----A---- C:\Windows\system32\xmlfilter.dll 2008-09-25 03:00:26 ----A---- C:\Windows\system32\wsepno.dll 2008-09-25 03:00:26 ----A---- C:\Windows\system32\rtffilt.dll 2008-09-25 03:00:26 ----A---- C:\Windows\system32\offfilt.dll 2008-09-25 03:00:26 ----A---- C:\Windows\system32\nlhtml.dll 2008-09-25 03:00:26 ----A---- C:\Windows\system32\msscntrs.dll 2008-09-25 03:00:26 ----A---- C:\Windows\system32\mimefilt.dll 2008-09-25 03:00:26 ----A---- C:\Windows\system32\chsbrkr.dll 2008-09-25 03:00:25 ----A---- C:\Windows\system32\tquery.dll 2008-09-25 03:00:25 ----A---- C:\Windows\system32\SearchProtocolHost.exe 2008-09-25 03:00:25 ----A---- C:\Windows\system32\SearchIndexer.exe 2008-09-25 03:00:25 ----A---- C:\Windows\system32\mssvp.dll 2008-09-25 03:00:25 ----A---- C:\Windows\system32\mssrch.dll 2008-09-25 03:00:25 ----A---- C:\Windows\system32\mssphtb.dll 2008-09-25 03:00:25 ----A---- C:\Windows\system32\mssph.dll 2008-09-25 03:00:25 ----A---- C:\Windows\system32\chtbrkr.dll 2008-09-24 19:53:54 ----A---- C:\Windows\system32\NVUNINST.EXE 2008-09-11 08:47:01 ----D---- C:\ProgramData\WindowsSearch 2008-09-10 09:05:22 ----A---- C:\Windows\system32\Apphlpdm.dll 2008-09-10 09:05:21 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-09-10 09:05:05 ----A---- C:\Windows\system32\wmpeffects.dll 2008-09-10 09:05:01 ----A---- C:\Windows\system32\emdmgmt.dll 2008-09-10 09:05:01 ----A---- C:\Windows\system32\dataclen.dll 2008-09-10 09:05:01 ----A---- C:\Windows\system32\cdd.dll ======List of files/folders modified in the last 1 months====== 2008-09-30 11:29:00 ----D---- C:\Windows\Temp 2008-09-30 11:29:00 ----D---- C:\Windows\Prefetch 2008-09-30 11:28:48 ----RD---- C:\Program Files 2008-09-30 11:09:37 ----D---- C:\Windows\System32 2008-09-30 10:57:06 ----D---- C:\Windows\system32\drivers 2008-09-30 10:56:34 ----D---- C:\Windows\system32\Tasks 2008-09-30 09:57:42 ----SHD---- C:\System Volume Information 2008-09-28 19:50:34 ----D---- C:\Users\cyrille\AppData\Roaming\Skype 2008-09-28 19:49:42 ----D---- C:\Users\cyrille\AppData\Roaming\skypePM 2008-09-28 19:48:05 ----D---- C:\Windows\SMINST 2008-09-28 10:28:49 ----HD---- C:\ProgramData 2008-09-27 09:35:02 ----SHD---- C:\Windows\Installer 2008-09-27 09:34:42 ----D---- C:\Windows 2008-09-27 00:28:26 ----D---- C:\Windows\system32\catroot2 2008-09-26 12:42:09 ----D---- C:\Windows\inf 2008-09-26 12:42:09 ----A---- C:\Windows\system32\PerfStringBackup.INI 2008-09-25 03:27:15 ----D---- C:\Windows\rescache 2008-09-25 03:07:38 ----D---- C:\Windows\system32\fr-FR 2008-09-25 03:07:38 ----D---- C:\Windows\PolicyDefinitions 2008-09-25 03:01:32 ----D---- C:\Windows\winsxs 2008-09-25 03:01:13 ----D---- C:\Windows\system32\catroot 2008-09-11 03:10:16 ----D---- C:\Windows\AppPatch 2008-09-11 03:03:01 ----D---- C:\ProgramData\Microsoft Help 2008-09-11 03:01:34 ----D---- C:\Program Files\Microsoft Works 2008-09-08 18:11:24 ----D---- C:\ProgramData\Roxio 2008-09-08 17:46:52 ----D---- C:\ProgramData\DVD Shrink 2008-09-05 09:22:50 ----D---- C:\Program Files\Messenger Plus! Live ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-09-27 97928] R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-09-27 26824] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392] R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-09-20 99648] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 3076608] R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384] R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072] R3 QCDonner;Logitech QuickCam Express(PID_0840); C:\Windows\system32\DRIVERS\LVCD.sys [2004-04-27 474304] R3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 catchme;catchme; \??\C:\Users\cyrille\AppData\Local\Temp\catchme.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 Ser2pl;Prolific2 Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2005-11-04 48640] S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-19 15872] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-08-13 610304] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704] R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-24 61440] R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544] R2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968] R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-17 138168] S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544] S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272] -----------------EOF-----------------

bonjour chrifleur, je n'arrive pas à récupérer le rapport MSNfix, il me dit qu'il n'a rien trouvé et je ne peux pas récupérer le rapport, il se ferme avant. ensuite, j'ai fait des recherche sur le nety car windows defender m'affichait un fichier au démarrage inconnu. c:\programdata\comsh\pcpwhypy. je l'ai analysé sur : http://www.kaspersky.com/scanforvirus ety voici la reponse : Scanned file: pcpwhypy.exe - Infected pcpwhypy.exe - infected by Trojan.Win32.Obfuscated.gx dis moi ce que je dois faire, en attendant, je telecharge RSIT Merci Cyrille

Bonjour Chrifleur et merci pour ton aide, toujours rien après les analyses voici les rapports Search Navipromo version 3.6.5 commencé le 29/09/2008 à 18:20:11,84 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "cyrille" Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO Microsoft Windows Vista 6.0.6001 Internet Explorer : 7.0.6001.18000 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\Windows" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1 \programs" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Recherche dossiers dans "C:\ProgramData" *** *** Recherche dossiers dans "c:\users\cyrille\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "C:\Users\cyrille\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\cyrille\AppData\Roaming" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\Windows\system32" * * Recherche dans "C:\Users\cyrille\AppData\Local\Microsoft" * * Recherche dans "C:\Users\cyrille\AppData\Local\virtualstore\windows\system32" * * Recherche dans "C:\Users\cyrille\AppData\Local" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\Windows\system32" : * Dans "C:\Users\cyrille\AppData\Local\Microsoft" : * Dans "C:\Users\cyrille\AppData\Local\virtualstore\windows\system32" : * Dans "C:\Users\cyrille\AppData\Local" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 29/09/2008 à 18:32:55,78 *** et voici le rapport Malwarebytes Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1217 Windows 6.0.6001 Service Pack 1 28/09/2008 19:44:23 mbam-log-2008-09-28 (19-44-23).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 197571 Temps écoulé: 1 hour(s), 58 minute(s), 47 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 28 Valeur(s) du Registre infectée(s): 5 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ktwnqkhfjm (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3pcj0egem (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\ProgramData\nyjkhezy\badejehc.exe (Trojan.FakeAlert.H) -> Delete on reboot.

bonjour, je rencontre le problème suivant, j'ai eu l'affichage d'une fenetre d'alerte sécurité windows sur "Trojan-Spy.Win32.Greenscreen" et betement j'ai cliqué dessus mais je pense que c'était un malware voici mon rapport Hijackthis après avoir lancé Malwarebytes Anti-Malware Merci pour le coup de main Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:07:55, on 29/09/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\schtasks.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Windows\ehome\ehmsas.exe C:\ProgramData\ComSh\pcpwhypy.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\hp\kbd\kbd.exe C:\Windows\system32\conime.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Users\cyrille\Desktop\protection\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ComSh] C:\ProgramData\ComSh\pcpwhypy.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.canalblog.com/sharedDocs/misc/u...geUploader5.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/...geUploader4.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cyrille11071971.spaces.live.com/Pho...nPUpldfr-fr.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://labo.nomatica.com/downloads/ImageUploader3.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9975 bytes