kharator

Voici le rapport option 1 : SmitFraudFix v2.368 Rapport fait à 19:21:20,10, 28/10/2008 Executé à partir de C:\Documents and Settings\John.XPSP2-7F636AD97\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\k.txt PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John.XPSP2-7F636AD97 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOHN~1.XPS\Favoris C:\DOCUME~1\JOHN~1.XPS\Favoris\SMS TRAP.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.40.240 DNS Server Search Order: 212.27.40.241 HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CFAB4D0-BAAD-47E0-B85A-FB3207CF74A6}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CFAB4D0-BAAD-47E0-B85A-FB3207CF74A6}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CFAB4D0-BAAD-47E0-B85A-FB3207CF74A6}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Et voici le rapport option 2 : SmitFraudFix v2.368 Rapport fait à 19:43:16,84, 28/10/2008 Executé à partir de C:\Documents and Settings\John.XPSP2-7F636AD97\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\k.txt supprimé C:\DOCUME~1\JOHN~1.XPS\Favoris\SMS TRAP.url supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CFAB4D0-BAAD-47E0-B85A-FB3207CF74A6}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CFAB4D0-BAAD-47E0-B85A-FB3207CF74A6}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CFAB4D0-BAAD-47E0-B85A-FB3207CF74A6}: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Merci .

Voici le log : Logfile of random's system information tool 1.04 (written by random/random) Run by John at 2008-10-28 18:33:50 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 40 GB (38%) free of 105 GB Total RAM: 2047 MB (73% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:33:56, on 28/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wuauclt.exe I:\Logiciels\RSIT.exe I:\Logiciels\John.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Kioals - {DED2B61B-1A26-4566-BF2F-DE539D4468DD} - C:\WINDOWS\system32\gopfa.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222120501031 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222120618343 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7975 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DED2B61B-1A26-4566-BF2F-DE539D4468DD}] Kioals - C:\WINDOWS\system32\gopfa.dll [2008-10-28 81920] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016] "Launch LCDMon"=C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe [2007-04-18 774168] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008] "HPWRTOOLBOX"=C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe [2006-02-28 344064] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "MemCheckBoxInRunDlg"=1 "NoSMBalloonTip"=1 "NoDesktopCleanupWizard"=1 "NoWelcomeScreen"=1 "NoStrCmpLogical"=0 "NoInstrumentation"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9" "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10" "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2008-10-28 17:33:53 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier 2008-10-28 17:33:35 ----A---- C:\WINDOWS\zllsputility_loc040c.dll 2008-10-28 17:33:35 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll 2008-10-28 17:33:35 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-10-28 17:33:35 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-10-28 17:33:31 ----A---- C:\WINDOWS\zllsputility.exe 2008-10-28 17:33:31 ----A---- C:\WINDOWS\system32\SpOrder.dll 2008-10-28 17:32:49 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll 2008-10-28 17:32:48 ----A---- C:\WINDOWS\system32\vsregexp.dll 2008-10-28 17:32:44 ----A---- C:\WINDOWS\system32\zlcommdb.dll 2008-10-28 17:32:44 ----A---- C:\WINDOWS\system32\zlcomm.dll 2008-10-28 17:32:33 ----A---- C:\WINDOWS\system32\vswmi.dll 2008-10-28 17:32:31 ----A---- C:\WINDOWS\system32\zpeng24.dll 2008-10-28 17:32:31 ----A---- C:\WINDOWS\system32\vsxml.dll 2008-10-28 17:32:30 ----D---- C:\WINDOWS\system32\ZoneLabs 2008-10-28 17:32:30 ----D---- C:\Program Files\Zone Labs 2008-10-28 17:32:29 ----A---- C:\WINDOWS\system32\vspubapi.dll 2008-10-28 17:32:29 ----A---- C:\WINDOWS\system32\vsmonapi.dll 2008-10-28 17:31:51 ----A---- C:\WINDOWS\system32\vsutil.dll 2008-10-28 17:31:51 ----A---- C:\WINDOWS\system32\vsinit.dll 2008-10-28 17:31:51 ----A---- C:\WINDOWS\system32\vsdata.dll 2008-10-28 17:25:17 ----SHD---- C:\RECYCLER 2008-10-28 17:00:36 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-10-28 17:00:17 ----D---- C:\Program Files\Spyware Doctor 2008-10-28 17:00:17 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\PC Tools 2008-10-28 15:53:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2008-10-28 15:19:50 ----D---- C:\rsit 2008-10-28 15:19:50 ----D---- C:\Program Files\trend micro 2008-10-28 15:15:09 ----A---- C:\WINDOWS\k.txt 2008-10-28 15:11:33 ----A---- C:\ComboFix.txt 2008-10-28 15:03:46 ----A---- C:\WINDOWS\zip.exe 2008-10-28 15:03:46 ----A---- C:\WINDOWS\VFIND.exe 2008-10-28 15:03:46 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-10-28 15:03:46 ----A---- C:\WINDOWS\SWSC.exe 2008-10-28 15:03:46 ----A---- C:\WINDOWS\SWREG.exe 2008-10-28 15:03:46 ----A---- C:\WINDOWS\sed.exe 2008-10-28 15:03:46 ----A---- C:\WINDOWS\NIRCMD.exe 2008-10-28 15:03:46 ----A---- C:\WINDOWS\grep.exe 2008-10-28 15:03:46 ----A---- C:\WINDOWS\fdsv.exe 2008-10-28 15:03:43 ----D---- C:\WINDOWS\ERDNT 2008-10-28 15:03:43 ----D---- C:\Qoobox 2008-10-28 15:03:41 ----D---- C:\ComboFix 2008-10-28 12:34:04 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\Malwarebytes 2008-10-28 12:33:58 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-10-28 12:33:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-28 12:21:02 ----A---- C:\WINDOWS\system32\gopfa.dll 2008-10-28 10:37:20 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\Reallusion 2008-10-28 10:35:07 ----D---- C:\Program Files\Fichiers communs\Reallusion 2008-10-26 22:36:11 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\SystemRequirementsLab 2008-10-26 19:42:34 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\Free Download Manager 2008-10-26 19:42:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\FreeDownloadManager.ORG 2008-10-26 19:42:31 ----D---- C:\Program Files\Free Download Manager 2008-10-25 00:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-21 20:28:51 ----D---- C:\WINDOWS\system32\XPSViewer 2008-10-21 20:28:50 ----D---- C:\WINDOWS\system32\en-us 2008-10-21 20:28:29 ----D---- C:\Program Files\Reference Assemblies 2008-10-21 20:28:04 ----N---- C:\WINDOWS\system32\spmsg2.dll 2008-10-21 20:24:50 ----N---- C:\WINDOWS\system32\spmsg.dll 2008-10-21 20:15:14 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\Sony Setup 2008-10-21 20:07:54 ----D---- C:\Program Files\Personal Voice Changer Driver 2008-10-16 18:59:37 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\Acreon 2008-10-16 17:35:15 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard 2008-10-15 12:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-15 12:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-15 12:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-15 12:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-15 12:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-10-15 12:00:13 ----A---- C:\WINDOWS\imsins.BAK 2008-10-15 12:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$ 2008-10-14 21:58:47 ----A---- C:\WINDOWS\system32\javaws.exe 2008-10-14 21:58:47 ----A---- C:\WINDOWS\system32\javaw.exe 2008-10-14 21:58:47 ----A---- C:\WINDOWS\system32\java.exe 2008-10-12 18:32:53 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\BSplayer Pro 2008-10-12 18:32:53 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\BSplayer 2008-10-12 14:41:35 ----D---- C:\cygwin 2008-10-09 20:09:40 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\Ubisoft 2008-10-09 19:59:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft 2008-10-09 19:59:27 ----A---- C:\WINDOWS\system32\xactengine2_10.dll 2008-10-09 19:59:26 ----A---- C:\WINDOWS\system32\d3dx9_36.dll 2008-10-09 19:59:26 ----A---- C:\WINDOWS\system32\d3dx10_36.dll 2008-10-09 19:59:26 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll 2008-10-09 19:59:25 ----A---- C:\WINDOWS\system32\xactengine2_9.dll 2008-10-09 19:59:24 ----A---- C:\WINDOWS\system32\d3dx9_35.dll 2008-10-09 19:59:24 ----A---- C:\WINDOWS\system32\d3dx10_35.dll 2008-10-09 19:59:24 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll 2008-10-09 19:59:23 ----A---- C:\WINDOWS\system32\xactengine2_8.dll 2008-10-09 19:59:23 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll 2008-10-09 19:59:22 ----A---- C:\WINDOWS\system32\d3dx9_34.dll 2008-10-09 19:59:22 ----A---- C:\WINDOWS\system32\d3dx10_34.dll 2008-10-09 19:59:22 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll 2008-10-09 19:59:21 ----A---- C:\WINDOWS\system32\xinput1_3.dll 2008-10-09 19:59:20 ----A---- C:\WINDOWS\system32\xactengine2_7.dll 2008-10-09 19:59:17 ----A---- C:\WINDOWS\system32\d3dx10_33.dll 2008-10-09 19:59:17 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll 2008-10-09 19:59:15 ----A---- C:\WINDOWS\system32\d3dx9_33.dll 2008-10-09 19:59:14 ----A---- C:\WINDOWS\system32\xactengine2_6.dll 2008-10-09 19:59:13 ----A---- C:\WINDOWS\system32\xactengine2_5.dll 2008-10-09 19:59:13 ----A---- C:\WINDOWS\system32\xactengine2_4.dll 2008-10-09 19:59:13 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll 2008-10-09 19:59:13 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2008-10-09 19:59:13 ----A---- C:\WINDOWS\system32\d3dx9_31.dll 2008-10-09 19:59:12 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2008-10-09 19:59:12 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2008-10-09 19:59:12 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2008-10-09 19:52:29 ----D---- C:\Program Files\Ubisoft 2008-10-09 19:48:12 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\DAEMON Tools 2008-10-05 20:04:26 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\Sun 2008-10-05 18:34:39 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\Apple Computer 2008-09-29 19:51:22 ----HD---- C:\LG3G 2008-09-29 19:47:51 ----D---- C:\lgupload ======List of files/folders modified in the last 1 months====== 2008-10-28 18:33:33 ----D---- C:\WINDOWS\Temp 2008-10-28 18:31:57 ----D---- C:\WINDOWS\Internet Logs 2008-10-28 18:31:49 ----D---- C:\Program Files\Mozilla Firefox 2008-10-28 18:31:41 ----D---- C:\WINDOWS 2008-10-28 18:30:58 ----D---- C:\WINDOWS\system32\drivers 2008-10-28 18:29:55 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-28 18:29:54 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-28 17:33:48 ----D---- C:\WINDOWS\system32 2008-10-28 17:33:24 ----HD---- C:\WINDOWS\inf 2008-10-28 17:32:30 ----RD---- C:\Program Files 2008-10-28 17:01:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-28 15:55:08 ----SHD---- C:\WINDOWS\Installer 2008-10-28 15:53:48 ----D---- C:\Program Files\Lavasoft 2008-10-28 15:48:55 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-10-28 15:09:14 ----A---- C:\WINDOWS\system.ini 2008-10-28 15:07:06 ----D---- C:\WINDOWS\AppPatch 2008-10-28 15:07:06 ----D---- C:\Program Files\Fichiers communs 2008-10-28 15:03:39 ----D---- C:\WINDOWS\Prefetch 2008-10-28 14:51:20 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-28 13:22:14 ----D---- C:\WINDOWS\system32\appmgmt 2008-10-28 13:21:21 ----D---- C:\Program Files\Sony 2008-10-28 13:21:12 ----D---- C:\Program Files\Vstplugins 2008-10-28 13:19:42 ----RSD---- C:\WINDOWS\assembly 2008-10-28 13:03:17 ----SHD---- C:\System Volume Information 2008-10-28 13:03:17 ----D---- C:\WINDOWS\system32\Restore 2008-10-28 12:05:19 ----SD---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\Microsoft 2008-10-28 10:36:10 ----D---- C:\WINDOWS\WinSxS 2008-10-27 20:57:35 ----A---- C:\WINDOWS\NeroDigital.ini 2008-10-26 22:36:49 ----D---- C:\Program Files\SystemRequirementsLab 2008-10-25 00:23:03 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-10-25 00:22:58 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-22 11:11:23 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$ 2008-10-22 11:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ 2008-10-22 11:11:07 ----D---- C:\WINDOWS\system32\CatRoot 2008-10-22 11:11:04 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$ 2008-10-21 20:34:06 ----D---- C:\WINDOWS\Microsoft.NET 2008-10-21 20:28:48 ----RSD---- C:\WINDOWS\Fonts 2008-10-21 20:28:17 ----D---- C:\WINDOWS\system32\spool 2008-10-21 20:24:40 ----A---- C:\WINDOWS\win.ini 2008-10-21 20:24:35 ----D---- C:\Program Files\Windows Media Player 2008-10-21 20:24:32 ----D---- C:\WINDOWS\Help 2008-10-21 20:24:31 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ 2008-10-21 20:23:52 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2008-10-21 20:15:00 ----D---- C:\Program Files\Sony Setup 2008-10-21 20:09:37 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft 2008-10-16 17:54:54 ----D---- C:\Program Files\Fichiers communs\Blizzard Entertainment 2008-10-16 15:26:32 ----D---- C:\Program Files\iTunes 2008-10-16 15:26:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer 2008-10-16 15:26:14 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-10-15 17:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-15 12:00:17 ----D---- C:\WINDOWS\Debug 2008-10-15 10:45:46 ----D---- C:\Documents and Settings\John.XPSP2-7F636AD97\Application Data\LimeWire 2008-10-14 21:58:47 ----D---- C:\Program Files\Java 2008-10-12 18:32:52 ----D---- C:\Program Files\Webteh 2008-10-11 18:14:18 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-09 19:59:00 ----D---- C:\WINDOWS\system32\DirectX 2008-10-09 13:30:00 ----D---- C:\Program Files\BeClean 2008-10-07 20:19:40 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-02 19:27:28 ----D---- C:\WINDOWS\Media 2008-10-02 10:35:48 ----D---- C:\Program Files\MessengerDiscovery ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 36864] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-09 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408] R3 tenCapture;tenCapture; C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 a3dc10kc;a3dc10kc; C:\WINDOWS\system32\drivers\a3dc10kc.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-06-02 42376] S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-06-02 66952] S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-06-10 81288] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-28 611664] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344] R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 BrlAPI;BrlAPI; C:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040] S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-07 1073544] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF----------------- Et voici le info : info.txt logfile of random's system information tool 1.04 2008-10-28 15:20:30 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly Atheros Communications Inc.® L1 Gigabit Ethernet Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\setup.exe" -l0x9 -removeonly avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup BeClean-->"C:\Program Files\BeClean\unins000.exe" BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Deskjet 460 Series-->C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Installer\setup.exe /x HP Deskjet 460-->msiexec /x{9875BF9C-8565-4085-B6A4-5D8D838FB5C3} iTunes-->MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x040c -removeonly LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe" Logitech G15 Keyboard Software 1.04-->MsiExec.exe /X{3E354FBA-C7CE-402A-BB0D-225230BB1918} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" MessengerDiscovery Live 1.5.0725-->"C:\Program Files\MessengerDiscovery\unins000.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} Nero 7 Ultra Edition-->MsiExec.exe /X{22FB6750-ADDF-4726-B67F-6901E1991036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" VideoLAN VLC media player 0.8.5-freehd-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe ======Security center information====== AV: avast! antivirus 4.8.1229 [VPS 081027-1] ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=16 "PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 3, AuthenticAMD "PROCESSOR_REVISION"=0203 "NUMBER_OF_PROCESSORS"=4 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip -----------------EOF----------------- Merci.

Bonjour, Aujourd'hui en voulant installer la démo d'un logiciel que je venais de télécharger, une fenêtre s'est ouverte en m'annonçant que j'étais infecter. Elle me demandait si oui ou non je voulais télécharger un logiciel me permettant de nettoyer tout ça. En cliquant "non", une page internet s'est ouverte avec une fausse analyse virus ... Si ce n'était que ça ce serait sympa mais lorsque je veux parcourir mes dossiers, la même fenêtre s'ouvre et lorsque je clique à nouveau "non", une nouvelle page internet s'ouvre (cette page dit toujours que je suis infecté ...). J'ai lu sur de nombreux forum que certains avaient le même problème que moi mais la plupart du temps personne ne daigne les aider. Donc si vous pouviez m'apporter votre aide, je vous en remercie d'avance. Cordialement. Edit: Excusez moi j'ai oublié le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24:39, on 28/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe I:\Logiciels\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Kioals - {DED2B61B-1A26-4566-BF2F-DE539D4468DD} - C:\WINDOWS\system32\gopfa.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1222120501031 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222120618343 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8279 bytes