saturn2222

Ok c'est fait pour hijackthis. Pour le windows SP3 est-ce que je peux malgré le fait que le gars m'a vendu un windows pompé comme vous dites. Je ne veux pas être mal pris si je mets windows SP3

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:08:35, on 2009-06-16 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137878581502 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137878570476 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/MaConfig_3_5_0_0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{290E63B3-F140-4638-A476-95C249ECF706}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{55B00265-FE8B-4107-815E-6EA5D1431654}: NameServer = 85.255.114.46 85.255.112.210 O17 - HKLM\System\CCS\Services\Tcpip\..\{65CE5EBE-E646-4158-9827-39D5D83E9E58}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{6F032269-A0BA-43D6-8995-2B9FE63BEE09}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D3DDC1D2-1AAC-4145-B560-FE4B5122FF82}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D915B6-D730-4BCD-B8C7-9247AA3BE0E6}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8}: NameServer = 208.67.220.220 208.67.222.222 O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- End of file - 7319 bytes

Malwarebytes' Anti-Malware 1.37 Version de la base de données: 2282 Windows 5.1.2600 Service Pack 1 2009-06-15 07:47:59 mbam-log-2009-06-15 (07-47-51).txt Type de recherche: Examen rapide Eléments examinés: 98019 Temps écoulé: 10 minute(s), 14 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Pour mon systeme, je sais qu'il n'est pas à jour mais lorsque je l'ai acheter, le gars qui me l'a vendu m'a dit de ne pas le mettre à jour à cause du windows. Il m'a remis un cd gravé avec windows xp écrit à la main dessus.

ComboFix 09-06-13.09 - Real Cangley 2009-06-14 12:12.8 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.2.1036.18.495.188 [GMT -4:00] Lancé depuis: c:\documents and settings\Real Cangley\Bureau\pouet.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\ovfsthqevobbankwvsfuxrepbrrfkllcqodorr.sys c:\windows\system32\ovfsthbjgnbqftappqfqjpyaduesktneeismce.dat c:\windows\system32\ovfsthftkbqtiqjxdlqbuxonlnlirfvkvpppgq.dat c:\windows\system32\ovfsthhawutwyxmsktaeadxgxkpoaooigiqtkt.dll c:\windows\system32\ovfsthlbcxlkwecfygbdbfpoqitlftqxvshlqv.dll c:\windows\system32\ovfsthxowofjqswkibwtvtkvnlqbuthxnmxtcv.dll c:\documents and settings\Real Cangley\Local Settings\Temporary Internet Files\fbk.sts c:\windows\system32\drivers\ovfsthqevobbankwvsfuxrepbrrfkllcqodorr.sys c:\windows\system32\fikpk.dll c:\windows\system32\laefc.dll c:\windows\system32\lawdb.dll c:\windows\system32\ovfsthbjgnbqftappqfqjpyaduesktneeismce.dat c:\windows\system32\ovfsthftkbqtiqjxdlqbuxonlnlirfvkvpppgq.dat c:\windows\system32\ovfsthhawutwyxmsktaeadxgxkpoaooigiqtkt.dll c:\windows\system32\ovfsthlbcxlkwecfygbdbfpoqitlftqxvshlqv.dll c:\windows\system32\ovfsthxowofjqswkibwtvtkvnlqbuthxnmxtcv.dll c:\windows\system32\rkhoj.dll c:\windows\system32\rqkgt.dll c:\windows\system32\tmp.reg . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ovfsthpkjhxwuvldvonwoajbmdgtqlhmkgujnk ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-14 au 2009-06-14 )))))))))))))))))))))))))))))))))))) . 2009-06-14 16:08 . 2009-06-14 16:08 -------- d-sh--w- C:\FOUND.000 2009-06-14 05:48 . 2001-08-18 02:34 583680 ----a-w- c:\windows\system32\wininet.dll 2009-05-25 06:10 . 2009-06-07 06:38 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-05-20 02:59 . 2009-05-20 02:59 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-14 16:29 . 2007-03-06 01:42 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-06-14 16:29 . 2007-03-06 01:42 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-06-14 16:29 . 2007-03-06 01:42 32 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-14 16:29 . 2007-03-06 01:42 32 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-09 23:31 . 2001-08-28 16:00 69114 ----a-w- c:\windows\system32\perfc00C.dat 2009-06-09 23:31 . 2001-08-28 16:00 458052 ----a-w- c:\windows\system32\perfh00C.dat 2009-06-09 23:31 . 2009-06-09 23:31 2576 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2009-05-06 00:00 . 2009-05-06 00:01 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-05 23:58 . 2009-05-05 23:58 152576 ----a-w- c:\documents and settings\Real Cangley\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-06 19:32 . 2008-11-19 11:50 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 19:32 . 2008-11-19 11:50 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2005-02-06 23:59 . 2005-02-06 23:59 0 --sha-w- c:\windows\wigjg.dat 2005-02-01 13:35 . 2005-02-01 13:35 0 --sha-w- c:\windows\skchw.dat 2005-02-03 12:18 . 2005-02-03 12:18 0 --sha-w- c:\windows\koqdw.dat 2005-01-15 21:02 . 2005-01-15 21:02 0 --sha-w- c:\windows\imtnv.dll 2005-02-03 18:32 . 2005-02-03 18:32 0 --sha-w- c:\windows\tkrmh.dat 2005-01-21 10:07 . 2005-01-21 10:07 0 --sha-w- c:\windows\nlydm.dll 2005-01-09 12:06 . 2005-01-09 12:06 0 --sha-w- c:\windows\system32\hnxps.dat . ------- Sigcheck ------- [-] 2001-08-18 02:34 583680 6D9444B32CE64207103BB9F7291A4D23 c:\windows\system32\wininet.dll [7] 2004-12-07 23:17 594944 5C46716E94F2698FD34B14F50DA1D6C9 c:\windows\system32\dllcache\WININET.DLL [7] 2002-08-29 15:45 603136 CBC50D46257C4A75644230507B488050 c:\windows\ServicePackFiles\i386\wininet.dll [7] 2004-07-07 22:59 592896 FEC25C2445A33D7DE2D55B1D98895E02 c:\windows\$NtUninstallKB867282-IE6SP1-20050127.163319$\wininet.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-24 57344] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-07-11 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-06 148888] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-12-06 1392640] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-3 110592] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2001-04-12 77824] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0SsiEfr.e [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"="0x00000000" "AntiVirusDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) R2 Ip6FwHlp;Pare-feu de connexion Internet IPv6;c:\windows\System32\svchost.exe [2001-08-28 12800] R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752] S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-10-31 270888] S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600] S2 NwSapAgent;Agent SAP;c:\windows\System32\svchost.exe [2001-08-28 12800] S2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [2004-02-11 200771] S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528] S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288] S3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\DRIVERS\IntelH51.sys [2001-08-06 454815] S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576] . . ------- Examen supplémentaire ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 LSP: c:\windows\System32\imon.dll TCP: {0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8} = 208.67.220.220 208.67.222.222 TCP: {290E63B3-F140-4638-A476-95C249ECF706} = 208.67.220.220,208.67.222.222 TCP: {65CE5EBE-E646-4158-9827-39D5D83E9E58} = 208.67.220.220,208.67.222.222 TCP: {6F032269-A0BA-43D6-8995-2B9FE63BEE09} = 208.67.220.220,208.67.222.222 TCP: {D3DDC1D2-1AAC-4145-B560-FE4B5122FF82} = 208.67.220.220,208.67.222.222 TCP: {E5D915B6-D730-4BCD-B8C7-9247AA3BE0E6} = 208.67.220.220,208.67.222.222 DPF: Microsoft XML Parser for Java . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-14 12:32 Windows 5.1.2600 Service Pack 1 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-436374069-1957994488-854245398-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.22.01] @DACL=(02 0000) . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1060) c:\windows\System32\ODBC32.dll c:\windows\System32\klogon.dll - - - - - - - > 'lsass.exe'(1116) c:\windows\System32\imon.dll c:\windows\system32\MSVCRT40.dll c:\windows\system32\MSVCIRT.dll c:\windows\System32\dssenh.dll - - - - - - - > 'explorer.exe'(3752) c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\AVP.EXE c:\program files\JAVA\JRE6\BIN\JQS.EXE c:\program files\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE c:\windows\SYSTEM32\WDFMGR.EXE c:\program files\SUNBELT SOFTWARE\PERSONAL FIREWALL\SBPFCL.EXE c:\program files\FICHIERS COMMUNS\AHEAD\LIB\NMINDEXSTORESVR.EXE . ************************************************************************** . Heure de fin: 2009-06-14 12:47 - La machine a redémarré ComboFix-quarantined-files.txt 2009-06-14 16:47 Avant-CF: 6 109 265 920 octets libres Après-CF: 6 296 616 960 octets libres 169

Logfile of random's system information tool 1.06 (written by random/random) Run by Real Cangley at 2009-06-14 11:52:26 WIN_XP Service Pack 1 System drive C: has 7 GB (33%) free of 20 GB Total RAM: 495 MB (44% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:52:53, on 2009-06-14 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Qualcomm\Eudora\Eudora.exe C:\Documents and Settings\Real Cangley\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Real Cangley.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-436374069-1957994488-854245398-1005\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" (User '?') O4 - HKUS\S-1-5-21-436374069-1957994488-854245398-1005\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" (User '?') O4 - HKUS\S-1-5-21-436374069-1957994488-854245398-1005\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S (User '?') O4 - HKUS\.DEFAULT\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137878581502 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137878570476 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/MaConfig_3_5_0_0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{290E63B3-F140-4638-A476-95C249ECF706}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{65CE5EBE-E646-4158-9827-39D5D83E9E58}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{6F032269-A0BA-43D6-8995-2B9FE63BEE09}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D3DDC1D2-1AAC-4145-B560-FE4B5122FF82}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D915B6-D730-4BCD-B8C7-9247AA3BE0E6}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8}: NameServer = 208.67.220.220 208.67.222.222 O20 - AppInit_DLLs: C:\WINDOWS\System32\kinaweti.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- End of file - 7432 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-05 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-05 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 846364] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [2005-06-23 57344] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-07-11 413696] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-05 148888] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe [2007-01-29 200768] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\System32\kinaweti.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\System32\klogon.dll [2007-01-29 200768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] WRLogonNTF.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=C:\PROGRA~1\Qualcomm\Eudora\EuShlExt.dll [2001-04-12 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\WINDOWS\System32\kinaweti.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-06-14 02:09:30 ----A---- C:\rapport.txt 2009-06-14 01:48:26 ----A---- C:\WINDOWS\System32\wininet.dll 2009-06-09 19:31:31 ----A---- C:\WINDOWS\System32\PerfStringBackup.TMP 2009-05-28 21:13:46 ----D---- C:\WINDOWS\LastGood.Tmp ======List of files/folders modified in the last 1 months====== 2009-06-14 11:32:40 ----A---- C:\WINDOWS\System32\tmp.txt 2009-06-14 11:23:28 ----A---- C:\WINDOWS\ntbtlog.txt 2009-06-14 00:46:16 ----A---- C:\WINDOWS\NeroDigital.ini 2009-06-13 11:36:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-06-09 18:39:22 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 klif;Klif; \??\C:\WINDOWS\System32\drivers\klif.sys [] R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888] R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [2003-06-30 203008] R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys [] R2 Defrag32;Defrag32; C:\WINDOWS\System32\drivers\Defrag32.sys [2004-02-11 54432] R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887] R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807] R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys [] R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2001-08-28 84864] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-28 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-28 55936] R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711] R2 tmcomm;tmcomm; \??\C:\WINDOWS\System32\drivers\tmcomm.sys [] R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751] R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 ham50;Intel V92 HaM Data Fax Voice; C:\WINDOWS\System32\DRIVERS\IntelH51.sys [2001-08-06 454815] R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [2008-06-21 65576] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\System32\DRIVERS\tunmp.sys [2003-06-30 11776] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-07-03 19328] R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-11-17 118144] R3 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 40320] S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 40320] S3 akshasp;Aladdin HASP Key; C:\WINDOWS\System32\DRIVERS\akshasp.sys [2005-06-10 327808] S3 aksusb;Aladdin USB Key; C:\WINDOWS\System32\DRIVERS\aksusb.sys [2005-06-10 100096] S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-02-17 170880] S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167] S3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712] S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904] S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912] S3 ENETHUSB;Speedstream Ethernet USB Adapter; C:\WINDOWS\System32\DRIVERS\enethusb.sys [2002-10-28 26381] S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2002-08-29 38272] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864] S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471] S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480] S3 SiS300i;SiS300i; C:\WINDOWS\System32\DRIVERS\sis300ip.sys [2001-08-17 101760] S3 SiS7018;Service pour le pilote d'échantillonnage AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97sis.sys [2001-08-17 297728] S3 SISNIC;Pilote de carte Fast Ethernet PCI SiS; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2001-08-17 31232] S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS [] S3 upperdev;upperdev; C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064] S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2003-07-03 16000] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2001-08-17 24192] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064] S3 Wdf01000;Wdf01000; C:\WINDOWS\System32\DRIVERS\Wdf01000.sys [2006-11-02 492000] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\System32\svchost.exe [2001-08-28 12800] R2 AVP;Kaspersky Anti-Virus 6.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe [2007-01-29 200768] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-05 152984] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-12-14 61440] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 NwSapAgent;Agent SAP; C:\WINDOWS\System32\svchost.exe [2001-08-28 12800] R2 PDSched;PDScheduler; C:\Program Files\Raxco\PerfectDisk\PDSched.exe [2004-02-11 200771] R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528] R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912] S2 Ip6FwHlp;Pare-feu de connexion Internet IPv6; C:\WINDOWS\System32\svchost.exe [2001-08-28 12800] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144] S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2004-02-11 434245] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864] S4 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [] S4 Symantec Core LC;Symantec Core LC; C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe [] -----------------EOF----------------- info.txt logfile of random's system information tool 1.04 2008-11-24 07:35:55 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3D Home Architect 4-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Broderbund\3D Home Architect 4\Uninst.isu" Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 7.0.1-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} Apowersoft Youtube Downloader (Ultimate)-->C:\Program Files\Apowersoft\Apowersoft Youtube Downloader (Ultimate)\Uninstall.exe ASUS Probe V2.22.01-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll" Correctif Lecteur Windows Media 9 [Voir KB885492 pour plus d'informations]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe Correctif Windows XP - KB820291-->C:\WINDOWS\$NtUninstallKB820291$\spuninst\spuninst.exe Correctif Windows XP - KB821253-->C:\WINDOWS\$NtUninstallKB821253$\spuninst\spuninst.exe Correctif Windows XP - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe Correctif Windows XP - KB823182-->C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe Correctif Windows XP - KB824105-->C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe Correctif Windows XP - KB824141-->C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe Correctif Windows XP - KB825119-->C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe Correctif Windows XP - KB826939-->C:\WINDOWS\$NtUninstallKB826939$\spuninst\spuninst.exe Correctif Windows XP - KB826942-->C:\WINDOWS\$NtUninstallKB826942$\spuninst\spuninst.exe Correctif Windows XP - KB828035-->C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe Correctif Windows XP - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe Correctif Windows XP - KB833987-->C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe Correctif Windows XP - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe Correctif Windows XP - KB837001-->C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe Correctif Windows XP - KB839645-->C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe Correctif Windows XP - KB840315-->C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe Correctif Windows XP - KB840374-->C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe Correctif Windows XP - KB840987-->C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe Correctif Windows XP - KB841356-->C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe Correctif Windows XP - KB841533-->C:\WINDOWS\$NtUninstallKB841533$\spuninst\spuninst.exe Correctif Windows XP - KB841873-->C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe Correctif Windows XP - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe Correctif Windows XP - KB867282-->C:\WINDOWS\$NtUninstallKB867282-IE6SP1-20050127.163319$\spuninst\spuninst.exe Correctif Windows XP - KB871250-->C:\WINDOWS\$NtUninstallKB871250$\spuninst\spuninst.exe Correctif Windows XP - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Correctif Windows XP - KB873376-->C:\WINDOWS\$NtUninstallKB873376$\spuninst\spuninst.exe Correctif Windows XP - KB883357-->C:\WINDOWS\$NtUninstallKB883357$\spuninst\spuninst.exe Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Correctif Windows XP - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Correctif Windows XP - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Correctif Windows XP - KB891711-->C:\WINDOWS\$NtUninstallKB891711$\spuninst\spuninst.exe Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Correctif Windows XP (SP2) Q322011-->C:\WINDOWS\$NtUninstallQ322011$\spuninst\spuninst.exe Correctif Windows XP (SP2) Q327979-->C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe Correctif Windows XP (SP2) Q814995-->C:\WINDOWS\$NtUninstallQ814995$\spuninst\spuninst.exe Correctif Windows XP (SP2) Q819696-->C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe Efficient Networks SpeedStream DSL-->C:\Program Files\Efficient Networks\SpeedStream DSL\setup.exe -uninstall Eudora-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Qualcomm\Eudora\Uninst.isu" -c"C:\Program Files\Qualcomm\Eudora\EudUnInst.dll" Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} EZ Eudora Backup-->C:\WINDOWS\rapidui.exe -ui ezeudorabackup.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Kaspersky Anti-Virus 6.0-->MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920} Kaspersky Anti-Virus 6.0-->MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920} Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} mIRC-->"C:\Documents and Settings\Real Cangley\Mes documents\mIRC\mirc.exe" -uninstall Module de loterie 1.4.0-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\SPK230.inf, DefaultUninstall MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} Nero 7 Essentials-->MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641033} Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48} Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943} Nokia PC Suite-->MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2} Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fre_ca_web.exe /LANG="3084" Nokia Software Updater-->MsiExec.exe /X{48110A46-A3A4-481E-8230-7873B7F4C696} OLYMPUS CAMEDIA Master 4.3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.3 Pack réseau avancé pour Windows XP-->C:\WINDOWS\$NtUninstallKB817778$\spuninst\spuninst.exe PC Connectivity Solution-->MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E} PerfectDisk-->MsiExec.exe /I{0FFCBC14-E43C-4DD8-9F48-7F6997149A3E} PowerArchiver 2006 v9.51-->"C:\Program Files\PowerArchiver\unins000.exe" S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display' S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2' S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2' S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay' Security Task Manager 1.7-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Security Task Manager" Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe TruColorII Software-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ProLite\TruColorII 2\DeIsL1.isu" -c"C:\Program Files\ProLite\TruColorII 2\_ISREG32.DLL" Uniblue Registry Booster-->"C:\Program Files\Uniblue\Registry Booster\unins000.exe" VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971} Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------

Gros probleme, mon IE se ferme tous seuls souvent, mon courriel eudora a toujours des exceptions et l'exception dit wininet.dll. Quand je demarre mon ordi des fois y plante en partant. Le malwarebytes ne se met pas à jour et lorsque je fait une recherche, il trouve 3 problemes reliés au fait que windows n'est pas a jour. À l'aide !

Merci angelique, est-ce que le proactive defense de Kaspersky est un firewall? Et est-ce que je peux remettre le resident de spybot? Y'a t-il une solution pour upgrader à sp2 si mon xp n'est pas original?

Merci de ta rapidité angelique. Bon alors j'ai relancé le hijackthis supprimer le c: combofix et rapport. Puis j'ai double-clique sur OTMoveIt3.exe et j'ai mis ce que tu m'as indique dans les instructions. J'ai installé AtfCleaner puis je l'ai exécuter mais y'a pas trouver rien. Voici les 2 rapports hijackthis et OTmoveit3. Pour ce qui est d'installer XP SP2 et IE7, je ne sais pas si c'est une bonne idée car je n'ai pas un original de XP. Que faire? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:58:15, on 2008-11-24 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\notepad.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKUS\S-1-5-18\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O15 - Trusted Zone: *.finefind.nettraffic2cash.biz O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137878581502 O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137878570476 O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.ca/downloads/BUM/B..._2/axofupld.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc.ca/Sirf...iveCGM/Acgm.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{290E63B3-F140-4638-A476-95C249ECF706}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{65CE5EBE-E646-4158-9827-39D5D83E9E58}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{6F032269-A0BA-43D6-8995-2B9FE63BEE09}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D3DDC1D2-1AAC-4145-B560-FE4B5122FF82}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D915B6-D730-4BCD-B8C7-9247AA3BE0E6}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8}: NameServer = 208.67.220.220 208.67.222.222 O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) -- End of file - 6692 bytes OTmoveit3 ========== FILES ========== File/Folder C:\WINDOWS\System32\lawariko.dll not found. File/Folder c:\windows\system32\forukabe.dll not found. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11242008_084845 Files moved on Reboot... C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.

Allo Angelique, bon c'est déjà une bonne nouvelle. Le PC est encore lent par rapport à avant mais oui c'est mieux. J'ai un fond d'écran bleu avant j'avais une photo. Pour ce qui est du rapport de Kapersky, il est vide et voici le rapport de rsti Log Logfile of random's system information tool 1.04 (written by random/random) Run by Tommy at 2008-11-24 07:35:20 Microsoft Windows XP Professionnel Service Pack 1 System drive C: has 2 GB (10%) free of 20 GB Total RAM: 495 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:35:49, on 2008-11-24 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Qualcomm\Eudora\Eudora.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Tommy\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Tommy.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [CPM679c3253] Rundll32.exe "c:\windows\system32\forukabe.dll",a O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [rotezuniga] Rundll32.exe "C:\WINDOWS\System32\lawariko.dll",s (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [rotezuniga] Rundll32.exe "C:\WINDOWS\System32\lawariko.dll",s (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O15 - Trusted Zone: *.finefind.nettraffic2cash.biz O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137878581502 O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137878570476 O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.ca/downloads/BUM/B..._2/axofupld.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.registrefoncier.gouv.qc.ca/Sirf...iveCGM/Acgm.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{290E63B3-F140-4638-A476-95C249ECF706}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{65CE5EBE-E646-4158-9827-39D5D83E9E58}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{6F032269-A0BA-43D6-8995-2B9FE63BEE09}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{D3DDC1D2-1AAC-4145-B560-FE4B5122FF82}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{E5D915B6-D730-4BCD-B8C7-9247AA3BE0E6}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\..\{0C6C0F17-AFF5-4DEF-BE91-EA5D5D0BC1A8}: NameServer = 208.67.220.220 208.67.222.222 O20 - AppInit_DLLs: c:\windows\system32\forukabe.dll O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\forukabe.dll (file missing) O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\forukabe.dll (file missing) O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) -- End of file - 7461 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 846364] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe [2005-06-23 57344] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-07-11 413696] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe [2007-01-29 200768] "CPM679c3253"=c:\windows\system32\forukabe.dll [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="c:\windows\system32\forukabe.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\System32\klogon.dll [2007-01-29 200768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] WRLogonNTF.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\forukabe.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\forukabe.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=C:\PROGRA~1\Qualcomm\Eudora\EuShlExt.dll [2001-04-12 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2008-11-24 07:35:20 ----D---- C:\rsit 2008-11-24 01:08:48 ----D---- C:\_OTMoveIt 2008-11-24 01:01:46 ----D---- C:\ComboFix 2008-11-22 22:01:22 ----D---- C:\WINDOWS\temp 2008-11-19 07:50:19 ----D---- C:\Documents and Settings\Tommy\Application Data\Malwarebytes 2008-11-19 07:50:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-19 07:50:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-11-18 08:03:30 ----SHD---- C:\FOUND.004 2008-11-18 07:40:18 ----A---- C:\Boot.bak 2008-11-18 07:40:12 ----RASHD---- C:\cmdcons 2008-11-17 18:53:13 ----D---- C:\Program Files\Trend Micro 2008-11-17 18:47:50 ----SHD---- C:\FOUND.003 2008-11-15 09:24:12 ----SHD---- C:\FOUND.002 2008-11-15 09:16:10 ----A---- C:\WINDOWS\System32\mucltui.dll.mui 2008-11-15 09:16:08 ----A---- C:\WINDOWS\System32\mucltui.dll 2008-11-15 09:15:41 ----A---- C:\WINDOWS\System32\wucltui.dll.mui 2008-11-15 09:15:40 ----A---- C:\WINDOWS\System32\wuaueng.dll.mui 2008-11-15 09:15:38 ----A---- C:\WINDOWS\System32\wuapi.dll.mui 2008-11-15 08:58:07 ----D---- C:\WINDOWS\ERUNT 2008-11-15 08:42:56 ----D---- C:\WINDOWS\ERDNT 2008-11-15 08:30:06 ----A---- C:\WINDOWS\System32\tmp.txt 2008-11-15 08:29:40 ----A---- C:\rapport.txt 2008-11-14 18:36:27 ----A---- C:\WINDOWS\System32\6f8cc5b1-.txt 2008-11-14 18:35:38 ----SHD---- C:\WINDOWS\CSC 2008-11-14 18:02:59 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-14 18:02:42 ----SHD---- C:\FOUND.001 2008-11-14 17:55:38 ----D---- C:\WINDOWS\Minidump 2008-11-14 07:22:09 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop 2008-11-14 07:21:37 ----D---- C:\Program Files\PCPitstop 2008-11-13 19:25:24 ----SHD---- C:\FOUND.000 2008-11-13 17:58:38 ----D---- C:\Documents and Settings\Tommy\Application Data\TomTom 2008-11-13 17:58:03 ----D---- C:\Program Files\TomTom HOME 2 ======List of files/folders modified in the last 1 months====== 2008-11-24 01:11:28 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-22 22:05:34 ----A---- C:\WINDOWS\system.ini 2008-11-20 08:03:02 ----A---- C:\WINDOWS\NeroDigital.ini 2008-11-18 07:40:20 ----RASH---- C:\boot.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 klif;Klif; \??\C:\WINDOWS\System32\drivers\klif.sys [] R2 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys [] R2 Defrag32;Defrag32; C:\WINDOWS\System32\drivers\Defrag32.sys [2004-02-11 54432] R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887] R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807] R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys [] R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199] R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711] R2 tmcomm;tmcomm; \??\C:\WINDOWS\System32\drivers\tmcomm.sys [] R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751] R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 ham50;Intel V92 HaM Data Fax Voice; C:\WINDOWS\System32\DRIVERS\IntelH51.sys [2001-08-06 454815] R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-07-03 19328] R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-11-17 118144] R3 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 40320] S3 akshasp;Aladdin HASP Key; C:\WINDOWS\System32\DRIVERS\akshasp.sys [2005-06-10 327808] S3 aksusb;Aladdin USB Key; C:\WINDOWS\System32\DRIVERS\aksusb.sys [2005-06-10 100096] S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-02-17 170880] S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167] S3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712] S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904] S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912] S3 ENETHUSB;Speedstream Ethernet USB Adapter; C:\WINDOWS\System32\DRIVERS\enethusb.sys [2002-10-28 26381] S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2002-08-29 38272] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864] S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471] S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480] S3 SiS300i;SiS300i; C:\WINDOWS\System32\DRIVERS\sis300ip.sys [2001-08-17 101760] S3 SiS7018;Service pour le pilote d'échantillonnage AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97sis.sys [2001-08-17 297728] S3 SISNIC;Pilote de carte Fast Ethernet PCI SiS; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2001-08-17 31232] S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\System32\DRIVERS\tunmp.sys [2003-06-30 11776] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS [] S3 upperdev;upperdev; C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064] S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2003-07-03 16000] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2001-08-17 24192] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\System32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760] S3 Wdf01000;Wdf01000; C:\WINDOWS\System32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2002-08-29 69376] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AVP;Kaspersky Anti-Virus 6.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe [2007-01-29 200768] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-12-14 61440] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 PDSched;PDScheduler; C:\Program Files\Raxco\PerfectDisk\PDSched.exe [2004-02-11 200771] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-11 38912] R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6; C:\WINDOWS\System32\svchost.exe [2001-08-28 12800] S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2004-02-11 434245] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864] S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe [] -----------------EOF----------------- Info info.txt logfile of random's system information tool 1.04 2008-11-24 07:35:55 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3D Home Architect 4-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Broderbund\3D Home Architect 4\Uninst.isu" Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 7.0.1-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} Apowersoft Youtube Downloader (Ultimate)-->C:\Program Files\Apowersoft\Apowersoft Youtube Downloader (Ultimate)\Uninstall.exe ASUS Probe V2.22.01-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll" Correctif Lecteur Windows Media 9 [Voir KB885492 pour plus d'informations]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe Correctif Windows XP - KB820291-->C:\WINDOWS\$NtUninstallKB820291$\spuninst\spuninst.exe Correctif Windows XP - KB821253-->C:\WINDOWS\$NtUninstallKB821253$\spuninst\spuninst.exe Correctif Windows XP - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe Correctif Windows XP - KB823182-->C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe Correctif Windows XP - KB824105-->C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe Correctif Windows XP - KB824141-->C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe Correctif Windows XP - KB825119-->C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe Correctif Windows XP - KB826939-->C:\WINDOWS\$NtUninstallKB826939$\spuninst\spuninst.exe Correctif Windows XP - KB826942-->C:\WINDOWS\$NtUninstallKB826942$\spuninst\spuninst.exe Correctif Windows XP - KB828035-->C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe Correctif Windows XP - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe Correctif Windows XP - KB833987-->C:\WINDOWS\$NtUninstallKB833987$\spuninst\spuninst.exe Correctif Windows XP - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe Correctif Windows XP - KB837001-->C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe Correctif Windows XP - KB839645-->C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe Correctif Windows XP - KB840315-->C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe Correctif Windows XP - KB840374-->C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe Correctif Windows XP - KB840987-->C:\WINDOWS\$NtUninstallKB840987$\spuninst\spuninst.exe Correctif Windows XP - KB841356-->C:\WINDOWS\$NtUninstallKB841356$\spuninst\spuninst.exe Correctif Windows XP - KB841533-->C:\WINDOWS\$NtUninstallKB841533$\spuninst\spuninst.exe Correctif Windows XP - KB841873-->C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe Correctif Windows XP - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe Correctif Windows XP - KB867282-->C:\WINDOWS\$NtUninstallKB867282-IE6SP1-20050127.163319$\spuninst\spuninst.exe Correctif Windows XP - KB871250-->C:\WINDOWS\$NtUninstallKB871250$\spuninst\spuninst.exe Correctif Windows XP - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Correctif Windows XP - KB873376-->C:\WINDOWS\$NtUninstallKB873376$\spuninst\spuninst.exe Correctif Windows XP - KB883357-->C:\WINDOWS\$NtUninstallKB883357$\spuninst\spuninst.exe Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Correctif Windows XP - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Correctif Windows XP - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Correctif Windows XP - KB891711-->C:\WINDOWS\$NtUninstallKB891711$\spuninst\spuninst.exe Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Correctif Windows XP (SP2) Q322011-->C:\WINDOWS\$NtUninstallQ322011$\spuninst\spuninst.exe Correctif Windows XP (SP2) Q327979-->C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe Correctif Windows XP (SP2) Q814995-->C:\WINDOWS\$NtUninstallQ814995$\spuninst\spuninst.exe Correctif Windows XP (SP2) Q819696-->C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe Efficient Networks SpeedStream DSL-->C:\Program Files\Efficient Networks\SpeedStream DSL\setup.exe -uninstall Eudora-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Qualcomm\Eudora\Uninst.isu" -c"C:\Program Files\Qualcomm\Eudora\EudUnInst.dll" Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} EZ Eudora Backup-->C:\WINDOWS\rapidui.exe -ui ezeudorabackup.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Kaspersky Anti-Virus 6.0-->MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920} Kaspersky Anti-Virus 6.0-->MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920} Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} mIRC-->"C:\Documents and Settings\Tommy\Mes documents\mIRC\mirc.exe" -uninstall Module de loterie 1.4.0-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\SPK230.inf, DefaultUninstall MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} Nero 7 Essentials-->MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641033} Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48} Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943} Nokia PC Suite-->MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2} Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fre_ca_web.exe /LANG="3084" Nokia Software Updater-->MsiExec.exe /X{48110A46-A3A4-481E-8230-7873B7F4C696} OLYMPUS CAMEDIA Master 4.3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.3 Pack réseau avancé pour Windows XP-->C:\WINDOWS\$NtUninstallKB817778$\spuninst\spuninst.exe PC Connectivity Solution-->MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E} PerfectDisk-->MsiExec.exe /I{0FFCBC14-E43C-4DD8-9F48-7F6997149A3E} PowerArchiver 2006 v9.51-->"C:\Program Files\PowerArchiver\unins000.exe" S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display' S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2' S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2' S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay' Security Task Manager 1.7-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Security Task Manager" Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe TruColorII Software-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ProLite\TruColorII 2\DeIsL1.isu" -c"C:\Program Files\ProLite\TruColorII 2\_ISREG32.DLL" Uniblue Registry Booster-->"C:\Program Files\Uniblue\Registry Booster\unins000.exe" VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971} Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=0a00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Voilà

Voici les réponses donnés pour les scans Je ne trouve pas les fichiers, mais lorsque je copie le c: ..... que tu m'as écrit et que je fais submit ça indique: The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file Je te reviens avec le log de Kapersky

Voilà j'ai effacer combofix, ensuite j'ai telecharger le otmoveit3 j'ai copié ce que tu m'as écrit et je l'ai démarré. Il m'a demandé de redémarrer l'ordinateur puis une fois redémarrer j'ai ce message qui apparait --------------------------- RUNDLL --------------------------- Erreur de chargement de c:\windows\system32\forukabe.dll Le module spécifié est introuvable. --------------------------- OK --------------------------- Log Otmoveit3 ========== FILES ========== DllUnregisterServer procedure not found in c:\windows\system32\forukabe.dll c:\windows\system32\forukabe.dll NOT unregistered. c:\windows\system32\forukabe.dll moved successfully. DllUnregisterServer procedure not found in c:\windows\system32\godisida.dll c:\windows\system32\godisida.dll NOT unregistered. c:\windows\system32\godisida.dll moved successfully. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11242008_010848 Files moved on Reboot... C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.

Voilà angelique j'ai mis le rapport plus haut et j'ai envoyé le fichier demandé. Désolé pour le retard un petit pepin m'a empéche de me connecter, merci de ton aide. Est-ce que ça va mieux pour ma machine?

ComboFix 08-11-18.02 - Tommy 2008-11-22 21:52:14.7 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.121 [GMT -5:00] Lancé depuis: c:\documents and settings\Tommy\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Tommy\Bureau\CFScript.txt * Un nouveau point de restauration a été créé FILE :: c:\windows\system32\404Fix.exe c:\windows\System32\defarewo.dll c:\windows\system32\defarewo.dll.vir c:\windows\system32\dumphive.exe c:\windows\system32\gejekoyu.dll.vir c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\mljwyhpf.ini c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\uoknxmor.ini c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Fichiers communs\Symantec Shared c:\program files\Fichiers communs\Symantec Shared\ccApp-103.0.1.26-2005-03-04-22-40-31-419.dmp c:\program files\Fichiers communs\Symantec Shared\ccApp-103.0.1.26-2005-03-04-22-40-31-429.dmp c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\ez_log.html c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlcnet.dll c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe c:\program files\Fichiers communs\Symantec Shared\CCPD-LC\symlctnk.dll c:\program files\Fichiers communs\Symantec Shared\SymTheme\1.0\SymTheme.dll C:\SDFix c:\sdfix\Add_DBFix_RunOnce_key.inf c:\sdfix\apps\assosfix.reg c:\sdfix\apps\Cghtme.exe c:\sdfix\apps\CheckApina1.txt c:\sdfix\apps\cliptext.exe c:\sdfix\apps\DBFix.inf c:\sdfix\apps\download.exe c:\sdfix\apps\dummy.sys c:\sdfix\apps\Enable_Command_Prompt.inf c:\sdfix\apps\Enable_Command_Prompt.reg c:\sdfix\apps\ERDNT.E_E c:\sdfix\apps\ERDNTDOS.LOC c:\sdfix\apps\ERDNTWIN.LOC c:\sdfix\apps\ERUNT.EXE c:\sdfix\apps\ERUNT.LOC c:\sdfix\apps\fix.reg c:\sdfix\apps\FixBeep.reg c:\sdfix\apps\FixBH.reg c:\sdfix\apps\FixComponents.reg c:\sdfix\apps\FIXCU.reg c:\sdfix\apps\FIXLM.reg c:\sdfix\apps\FixPath.exe c:\sdfix\apps\FixRedir.reg c:\sdfix\apps\FixSchedule.reg c:\sdfix\apps\FixWebCheck.reg c:\sdfix\apps\fixXP.reg c:\sdfix\apps\FixXPsp2.reg c:\sdfix\apps\grep.exe c:\sdfix\apps\HaxdFix.reg c:\sdfix\apps\HPFix.reg c:\sdfix\apps\HPFix2.reg c:\sdfix\apps\HPFix3.reg c:\sdfix\apps\HPFix4.reg c:\sdfix\apps\HPFix5.reg c:\sdfix\apps\HPFix6.reg c:\sdfix\apps\HPFix7.reg c:\sdfix\apps\HPFix8.reg c:\sdfix\apps\HPFix9.reg c:\sdfix\apps\Installed.txt c:\sdfix\apps\isadmin.exe c:\sdfix\apps\leg2.txt c:\sdfix\apps\legacy.txt c:\sdfix\apps\legacybk.txt c:\sdfix\apps\locate.com c:\sdfix\apps\LS.exe c:\sdfix\apps\MD5File.exe c:\sdfix\apps\moveex.exe c:\sdfix\apps\MyGcpvFix.reg c:\sdfix\apps\MyGkFix2.reg c:\sdfix\apps\Process.exe c:\sdfix\apps\procs.exe c:\sdfix\apps\psservice.exe c:\sdfix\apps\Rem.txt c:\sdfix\apps\Rem2.txt c:\sdfix\apps\Replace\regedit.exe c:\sdfix\apps\Replace\w2k\AUTOEXEC.NT c:\sdfix\apps\Replace\w2k\beep.sys c:\sdfix\apps\Replace\w2k\command.com c:\sdfix\apps\Replace\w2k\command.PIF c:\sdfix\apps\Replace\w2k\CONFIG.NT c:\sdfix\apps\Replace\w2k\null.sys c:\sdfix\apps\Replace\xp\AUTOEXEC.NT c:\sdfix\apps\Replace\xp\beep.sys c:\sdfix\apps\Replace\xp\command.com c:\sdfix\apps\Replace\xp\command.PIF c:\sdfix\apps\Replace\xp\CONFIG.NT c:\sdfix\apps\Replace\xp\null.sys c:\sdfix\apps\Reset_AppInit_DLLs.reg c:\sdfix\apps\RestartIt!.exe c:\sdfix\apps\Restore_SafeBoot_Windows2000.reg c:\sdfix\apps\Restore_SafeBoot_WindowsXP.reg c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP2.reg c:\sdfix\apps\Restore_SafeBoot_WindowsXP_SP3.reg c:\sdfix\apps\Restore_SecurityCenter.reg c:\sdfix\apps\Restore_SharedAccess.reg c:\sdfix\apps\sc.exe c:\sdfix\apps\sed.exe c:\sdfix\apps\SF.exe c:\sdfix\apps\shutdown.exe c:\sdfix\apps\srv2.txt c:\sdfix\apps\srv2bk.txt c:\sdfix\apps\svc.txt c:\sdfix\apps\svcbk.txt c:\sdfix\apps\Swreg.exe c:\sdfix\apps\swsc.exe c:\sdfix\apps\UnRAR.exe c:\sdfix\apps\unzip.exe c:\sdfix\apps\vfind.exe c:\sdfix\apps\WINMSG.EXE c:\sdfix\apps\winsec.reg c:\sdfix\apps\zip.exe c:\sdfix\backups\backupreg.zip c:\sdfix\backups\catchme.log c:\sdfix\backups_old\backupreg.zip c:\sdfix\backups_old\catchme.log c:\sdfix\backups_old\HOSTS c:\sdfix\backups_old1\backupreg.zip c:\sdfix\backups_old1\backups.zip c:\sdfix\backups_old1\catchme.log c:\sdfix\backups_old1\HOSTS c:\sdfix\catchme.exe c:\sdfix\DBFix.bat c:\sdfix\dummy.sys c:\sdfix\Report.txt c:\sdfix\Report_old_1.txt c:\sdfix\Report_old_2.txt c:\sdfix\RunThis.bat c:\sdfix\SDFIX_ReadMe_Online.url c:\sdfix\temp00 c:\sdfix\W2K_VirusAlert_Repair.inf c:\sdfix\XP_VirusAlert_Repair.inf c:\windows\system32\404Fix.exe c:\windows\system32\adisidog.ini c:\windows\system32\defarewo.dll.vir c:\windows\system32\dumphive.exe c:\windows\system32\foleleza.dll c:\windows\system32\gejekoyu.dll.vir c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\lawariko.dll c:\windows\system32\mljwyhpf.ini c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\TDSSosvd.dat c:\windows\system32\uoknxmor.ini c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\wadavuro.dll c:\windows\system32\WS2Fix.exe c:\windows\system32\zitajalu.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DHCPHOSTS -------\Legacy_DHCPMGR -------\Legacy_EGHOCXTA -------\Legacy_LHNKPNWE5 -------\Legacy_PIFSERVICE -------\Service_DHCPHOSTS -------\Service_DHCPMGR -------\Service_eghocxta -------\Service_lhnkpnwe5 -------\Service_pifService ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-23 au 2008-11-23 )))))))))))))))))))))))))))))))))))) . 2008-11-19 07:50 . 2008-11-19 07:50 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-19 07:50 . 2008-11-19 07:50 <REP> d-------- c:\documents and settings\Tommy\Application Data\Malwarebytes 2008-11-19 07:50 . 2008-11-19 07:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-19 07:50 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-19 07:50 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-18 08:03 . 2008-11-18 08:03 <REP> d--hs---- C:\FOUND.004 2008-11-17 18:53 . 2008-11-17 18:53 <REP> d-------- c:\program files\Trend Micro 2008-11-17 18:47 . 2008-11-17 18:47 <REP> d--hs---- C:\FOUND.003 2008-11-15 09:24 . 2008-11-15 09:24 <REP> d--hs---- C:\FOUND.002 2008-11-15 09:16 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll 2008-11-15 09:16 . 2007-07-30 19:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui 2008-11-15 09:15 . 2007-07-30 19:19 38,232 --a------ c:\windows\system32\wucltui.dll.mui 2008-11-15 09:15 . 2007-07-30 19:20 30,040 --a------ c:\windows\system32\wuaucpl.cpl.mui 2008-11-15 09:15 . 2007-07-30 19:19 30,040 --a------ c:\windows\system32\wuapi.dll.mui 2008-11-15 09:15 . 2007-07-30 19:18 21,336 --a------ c:\windows\system32\wuaueng.dll.mui 2008-11-15 08:59 . 2008-11-15 08:59 575,488 --a------ c:\windows\system32\dllcache\user32.dll 2008-11-15 08:58 . 2008-11-15 08:58 <REP> d-------- c:\windows\ERUNT 2008-11-15 08:41 . 2008-11-15 08:41 <REP> d-------- c:\documents and settings\Administrateur\Menu Démarrer 2008-11-15 08:41 . 2008-11-15 08:41 <REP> d-------- c:\documents and settings\Administrateur\Bureau 2008-11-15 08:30 . 2008-11-17 07:54 2,508 --a------ c:\windows\system32\tmp.reg 2008-11-14 18:03 . 2003-08-19 11:40 <REP> d-------- c:\documents and settings\Administrateur\Modèles 2008-11-14 18:03 . 2003-08-19 11:40 <REP> d-------- c:\documents and settings\Administrateur\Favoris 2008-11-14 18:03 . 2008-11-14 18:03 <REP> d---s---- c:\documents and settings\Administrateur 2008-11-14 18:02 . 2008-11-14 18:02 <REP> d--hs---- C:\FOUND.001 2008-11-14 07:22 . 2008-11-14 07:22 <REP> d-------- c:\documents and settings\All Users\Application Data\PCPitstop 2008-11-14 07:21 . 2008-11-14 07:21 <REP> d-------- c:\program files\PCPitstop 2008-11-13 19:25 . 2008-11-13 19:25 <REP> d--hs---- C:\FOUND.000 2008-11-13 17:58 . 2008-11-13 17:58 <REP> d-------- c:\program files\TomTom HOME 2 2008-11-13 17:58 . 2008-11-13 17:58 <REP> d-------- c:\documents and settings\Tommy\Application Data\TomTom 2008-11-08 07:43 . 2008-11-08 07:43 65,680 --ah----- c:\windows\MEMORY.DMP 2008-10-23 17:48 . 2002-01-19 17:10 597,834 --a------ c:\windows\system32\AS-IFce1.ocx 2008-10-23 17:48 . 2004-04-08 11:27 279,392 --a------ c:\windows\system32\XceedFtp.dll 2008-10-23 17:48 . 2001-07-28 13:50 265,753 --a------ c:\windows\system32\AS-Exp2.ocx 2008-10-23 17:48 . 2000-12-06 00:00 109,248 --a------ c:\windows\system32\MSWINSCK.OCX . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-23 03:03 32 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-11-23 03:03 32 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-11-23 03:03 32 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-11-23 03:03 32 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-11-23 02:47 90,164 --sha-w c:\windows\system32\forukabe.dll 2008-11-23 02:47 86,068 --sha-w c:\windows\system32\godisida.dll 2008-10-09 22:59 --------- d-----w c:\documents and settings\All Users\Application Data\Apowersoft 2008-10-09 22:58 --------- d-----w c:\program files\Apowersoft 2008-10-09 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\Tiger Install 2008-06-27 18:14 152,016 ----a-w c:\documents and settings\Tommy\Application Data\GDIPFONTCACHEV1.DAT 2006-06-16 21:17 152,016 ----a-w c:\documents and settings\Tommy\Application Data\GDIPFONTCACHEV1.DAT 2005-02-07 00:59 0 --sha-w c:\windows\wigjg.dat 2005-02-01 14:35 0 --sha-w c:\windows\skchw.dat 2005-02-03 13:18 0 --sha-w c:\windows\koqdw.dat 2005-01-15 22:02 0 --sha-w c:\windows\imtnv.dll 2005-02-03 19:32 0 --sha-w c:\windows\tkrmh.dat 2005-01-21 11:07 0 --sha-w c:\windows\nlydm.dll 2005-01-09 13:06 0 --sha-w c:\windows\system32\hnxps.dat 2005-01-15 18:29 0 --sha-w c:\windows\system32\lawdb.dll 2005-01-14 11:19 0 --sha-w c:\windows\system32\laefc.dll 2005-02-10 12:20 0 --sha-w c:\windows\system32\rqkgt.dll 2005-01-19 01:46 0 --sha-w c:\windows\system32\rkhoj.dll 2005-02-01 14:35 0 --sha-w c:\windows\system32\fikpk.dll . ((((((((((((((((((((((((((((( snapshot@2008-11-18_ 7.54.32.07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-18 12:25:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-11-23 02:47:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-11-18 12:25:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-11-23 02:47:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-11-23 02:47:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-07-11 413696] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 200768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-12-06 1392640] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-03 110592] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2001-04-12 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-22 22:05:36 Windows 5.1.2600 Service Pack 1 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE c:\program files\FICHIERS COMMUNS\AHEAD\LIB\NMINDEXSTORESVR.EXE c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE c:\windows\SYSTEM32\WDFMGR.EXE c:\program files\RAXCO\PERFECTDISK\PDSCHED.EXE c:\program files\FICHIERS COMMUNS\AHEAD\LIB\NMINDEXINGSERVICE.EXE . ************************************************************************** . Heure de fin: 2008-11-22 22:11:19 - La machine a redémarré ComboFix-quarantined-files.txt 2008-11-23 03:10:42 ComboFix5.txt 2008-11-23 02:48:30 ComboFix4.txt 2008-11-18 23:35:30 ComboFix3.txt 2008-11-20 00:56:42 ComboFix2.txt 2008-11-21 12:45:48 Avant-CF: 408 748 032 octets libres Après-CF: 394,739,712 octets libres 312

Bonjour angelique, merci de ton aide. Désolé pour Apollo mais j'espère qu'il comprendera. J'ai vidé la quarantine de MBAM, j'ai copié ce que tu m'as dit dans CFScript et je l'ai fait glissé sur Combofix. J'ai double cliquer sur Combofix pour le démarrer et je te mets le rapport parcontre il n'y a pas eu de fichier zippé de créer dans le répertoire que tu m'as donné. Dans ce répertoire, il y a seulement un répertoire C, Registry_backups et un fichier texte catchme. J'ai fait le tout en mode normal. ComboFix 08-11-18.02 - Tommy 2008-11-21 7:27:41.6 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.184 [GMT -5:00] Lancé depuis: c:\documents and settings\Tommy\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-21 au 2008-11-21 )))))))))))))))))))))))))))))))))))) . 2008-11-19 07:50 . 2008-11-19 07:50 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-19 07:50 . 2008-11-19 07:50 <REP> d-------- c:\documents and settings\Tommy\Application Data\Malwarebytes 2008-11-19 07:50 . 2008-11-19 07:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-19 07:50 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-19 07:50 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-18 08:03 . 2008-11-18 08:03 <REP> d--hs---- C:\FOUND.004 2008-11-17 20:32 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe 2008-11-17 20:32 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe 2008-11-17 20:32 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe 2008-11-17 20:32 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe 2008-11-17 20:32 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe 2008-11-17 20:32 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe 2008-11-17 20:32 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe 2008-11-17 20:32 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe 2008-11-17 20:32 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe 2008-11-17 20:32 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe 2008-11-17 18:53 . 2008-11-17 18:53 <REP> d-------- c:\program files\Trend Micro 2008-11-17 18:47 . 2008-11-17 18:47 <REP> d--hs---- C:\FOUND.003 2008-11-15 09:24 . 2008-11-15 09:24 <REP> d--hs---- C:\FOUND.002 2008-11-15 09:16 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll 2008-11-15 09:16 . 2007-07-30 19:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui 2008-11-15 09:15 . 2007-07-30 19:19 38,232 --a------ c:\windows\system32\wucltui.dll.mui 2008-11-15 09:15 . 2007-07-30 19:20 30,040 --a------ c:\windows\system32\wuaucpl.cpl.mui 2008-11-15 09:15 . 2007-07-30 19:19 30,040 --a------ c:\windows\system32\wuapi.dll.mui 2008-11-15 09:15 . 2007-07-30 19:18 21,336 --a------ c:\windows\system32\wuaueng.dll.mui 2008-11-15 08:59 . 2008-11-15 08:59 575,488 --a------ c:\windows\system32\dllcache\user32.dll 2008-11-15 08:58 . 2008-11-15 08:58 <REP> d-------- c:\windows\ERUNT 2008-11-15 08:55 . 2008-11-06 02:03 <REP> d-------- C:\SDFix 2008-11-15 08:41 . 2008-11-15 08:41 <REP> d-------- c:\documents and settings\Administrateur\Menu Démarrer 2008-11-15 08:41 . 2008-11-15 08:41 <REP> d-------- c:\documents and settings\Administrateur\Bureau 2008-11-15 08:30 . 2008-11-17 07:54 2,508 --a------ c:\windows\system32\tmp.reg 2008-11-15 00:42 . 2008-11-15 00:42 120 ---hs---- c:\windows\system32\mljwyhpf.ini 2008-11-14 18:36 . 2008-11-14 18:37 120 ---hs---- c:\windows\system32\uoknxmor.ini 2008-11-14 18:03 . 2003-08-19 11:40 <REP> d-------- c:\documents and settings\Administrateur\Modèles 2008-11-14 18:03 . 2003-08-19 11:40 <REP> d-------- c:\documents and settings\Administrateur\Favoris 2008-11-14 18:03 . 2008-11-14 18:03 <REP> d---s---- c:\documents and settings\Administrateur 2008-11-14 18:02 . 2008-11-14 18:02 <REP> d--hs---- C:\FOUND.001 2008-11-14 17:52 . 2008-11-14 17:52 527 --a------ c:\windows\system32\TDSSosvd.dat 2008-11-14 07:22 . 2008-11-14 07:22 <REP> d-------- c:\documents and settings\All Users\Application Data\PCPitstop 2008-11-14 07:21 . 2008-11-14 07:21 <REP> d-------- c:\program files\PCPitstop 2008-11-13 19:25 . 2008-11-13 19:25 <REP> d--hs---- C:\FOUND.000 2008-11-13 17:58 . 2008-11-13 17:58 <REP> d-------- c:\program files\TomTom HOME 2 2008-11-13 17:58 . 2008-11-13 17:58 <REP> d-------- c:\documents and settings\Tommy\Application Data\TomTom 2008-11-08 07:43 . 2008-11-08 07:43 65,680 --ah----- c:\windows\MEMORY.DMP 2008-10-23 17:48 . 2002-01-19 17:10 597,834 --a------ c:\windows\system32\AS-IFce1.ocx 2008-10-23 17:48 . 2004-04-08 11:27 279,392 --a------ c:\windows\system32\XceedFtp.dll 2008-10-23 17:48 . 2001-07-28 13:50 265,753 --a------ c:\windows\system32\AS-Exp2.ocx 2008-10-23 17:48 . 2000-12-06 00:00 109,248 --a------ c:\windows\system32\MSWINSCK.OCX . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-21 12:31 32 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-11-21 12:31 32 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-11-21 12:31 32 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-11-21 12:31 32 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-11-20 00:02 90,164 ----a-w c:\windows\system32\defarewo.dll.vir 2008-11-18 12:12 90,164 ----a-w c:\windows\system32\gejekoyu.dll.vir 2008-11-17 23:32 90,164 --sha-w c:\windows\system32\foleleza.dll 2008-11-17 23:32 86,068 --sha-w c:\windows\system32\zitajalu.dll 2008-10-09 22:59 --------- d-----w c:\documents and settings\All Users\Application Data\Apowersoft 2008-10-09 22:58 --------- d-----w c:\program files\Apowersoft 2008-10-09 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\Tiger Install 2008-06-27 18:14 152,016 ----a-w c:\documents and settings\Tommy\Application Data\GDIPFONTCACHEV1.DAT 2006-06-16 21:17 152,016 ----a-w c:\documents and settings\Tommy\Application Data\GDIPFONTCACHEV1.DAT 2005-02-07 00:59 0 --sha-w c:\windows\wigjg.dat 2005-02-01 14:35 0 --sha-w c:\windows\skchw.dat 2005-02-03 13:18 0 --sha-w c:\windows\koqdw.dat 2005-01-15 22:02 0 --sha-w c:\windows\imtnv.dll 2005-02-03 19:32 0 --sha-w c:\windows\tkrmh.dat 2005-01-21 11:07 0 --sha-w c:\windows\nlydm.dll 2005-01-09 13:06 0 --sha-w c:\windows\system32\hnxps.dat 2005-01-15 18:29 0 --sha-w c:\windows\system32\lawdb.dll 2005-01-14 11:19 0 --sha-w c:\windows\system32\laefc.dll 2005-02-10 12:20 0 --sha-w c:\windows\system32\rqkgt.dll 2005-01-19 01:46 0 --sha-w c:\windows\system32\rkhoj.dll 2008-08-17 23:27 60,928 --sha-w c:\windows\system32\lawariko.dll 2008-08-17 23:27 60,928 --sha-w c:\windows\system32\wadavuro.dll 2005-02-01 14:35 0 --sha-w c:\windows\system32\fikpk.dll . ((((((((((((((((((((((((((((( snapshot@2008-11-18_ 7.54.32.07 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-18 12:25:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-11-21 12:21:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-11-18 12:25:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-11-21 12:21:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2008-11-21 12:21:26 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bbdf77ed-d067-4c0a-b50a-7367d123e192}] 2008-08-17 18:27 60928 --ahs---- c:\windows\System32\wadavuro.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-07-11 413696] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 200768] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-12-06 1392640] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-03 110592] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\progra~1\Qualcomm\Eudora\EuShlExt.dll" [2001-04-12 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"= ctwdm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"="0x00000000" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\Tommy\Application Data\Mozilla\Firefox\Profiles\46tefx7h.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.ebay.ca/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-21 07:33:35 Windows 5.1.2600 Service Pack 1 FAT NTAPI Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE c:\program files\FICHIERS COMMUNS\AHEAD\LIB\NMINDEXSTORESVR.EXE c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE c:\windows\SYSTEM32\WDFMGR.EXE c:\program files\RAXCO\PERFECTDISK\PDSCHED.EXE c:\program files\FICHIERS COMMUNS\AHEAD\LIB\NMINDEXINGSERVICE.EXE . ************************************************************************** . Heure de fin: 2008-11-21 7:45:42 - La machine a redémarré ComboFix-quarantined-files.txt 2008-11-21 12:45:22 ComboFix4.txt 2008-11-18 12:58:22 ComboFix5.txt 2008-11-21 12:27:02 ComboFix3.txt 2008-11-18 23:35:30 ComboFix2.txt 2008-11-20 00:56:42 Avant-CF: 596 639 744 octets libres Après-CF: 591,052,800 octets libres 164