stella09

Bonjour! J'ai téléchargé CleanUp et tous les outils ont été effectivement supprimé! Si vous pouviez me donner quelques conseils pour que mon ordinateur soit mieux sécurisé, ca ne serait pas de refus! Merci de m'avoir aider! Stella09

Bonsoir! Voici le rapport Combofix: ComboFix 09-01-08.05 - Sebastien 2009-01-11 20:25:08.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.223 [GMT 1:00] LancÚ depuis: c:\documents and settings\Sebastien\Bureau\youplaboum.exe.exe Commutateurs utilisÚs :: c:\documents and settings\Sebastien\Bureau\CFScript.txt.txt * Un nouveau point de restauration a ÚtÚ crÚÚ . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 )))))))))))))))))))))))))))))))))))) . 2009-01-09 16:28 . 2009-01-09 16:28 <REP> d-------- C:\rsit 2009-01-09 14:27 . 2009-01-09 14:27 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-01-09 14:19 . 2009-01-09 14:19 <REP> d-------- c:\windows\ERUNT 2009-01-09 14:13 . 2009-01-09 14:44 <REP> d-------- c:\program files\SDFix 2009-01-08 21:36 . 2009-01-08 21:07 1,529,241 --a------ c:\program files\SDFix.exe 2009-01-07 13:12 . 2009-01-07 13:12 <REP> d-------- c:\documents and settings\All Users\Application Data\1132588574 2008-12-24 13:17 . 2003-12-12 16:06 1,693,696 --a------ c:\windows\system32\ltclr13n.dll 2008-12-24 13:17 . 2003-11-04 15:11 155,648 --a------ c:\windows\system32\lftif13n.dll 2008-12-24 13:17 . 2003-11-04 15:10 98,304 --a------ c:\windows\system32\lffax13n.dll 2008-12-21 13:41 . 2008-12-21 13:41 58,702 --a------ C:\RECUP.DOC . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-10 15:41 --------- d-----w c:\program files\Logitech 2009-01-09 13:47 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-11-11 15:21 1,337 ---ha-w c:\documents and settings\Sebastien\hpothb07.dat 2008-05-26 08:23 9,306 ----a-w c:\program files\hijackthis.log 2008-05-25 09:01 1,649,976 ----a-w c:\program files\mbam-setup.exe 2008-05-24 09:52 401,720 ----a-w c:\program files\hijackthis.exe 2007-08-02 11:09 1,658,048 ------w c:\program files\pf-setup.exe 2006-03-16 15:03 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe 2006-02-12 17:43 1,106,812 ----a-w c:\program files\wrar350fr.exe 2005-09-17 11:35 20 ----a-w c:\program files\log.txt 2007-05-07 12:11 60,518 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2007-05-07 12:11 49,248 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2007-05-07 12:11 165,992 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "CapFax"="c:\program files\Classic PhoneTools\CapFax.EXE" [2001-12-10 20739] "Disk Monitor"="c:\program files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe" [2003-10-16 438784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-06 282624] "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Sebastien\Menu D‚marrer\Programmes\D‚marrage\ Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1997-11-03 254128] Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-07-10 344064] PowerReg Scheduler.exe [2004-12-27 256000] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-04-24 122880] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R4 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?] . Contenu du dossier 'Tâches planifiées' 2005-04-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1103710636.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52] 2009-01-11 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wanadoo.fr IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9e43735806ea427185d942562bc5e7ea IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9e43735806ea427185d942562bc5e7ea FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-11 20:30:52 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(636) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\ntvdm.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-01-11 20:38:20 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-11 19:38:16 ComboFix2.txt 2009-01-10 16:07:11 ComboFix3.txt 2009-01-09 17:51:14 Avant-CF: 70 504 067 072 octets libres Après-CF: 70,491,418,624 octets libres 143 --- E O F --- 2008-12-18 19:38:16 A+. Stella09.

Bonjour. Voici le rapport antivir demandé. Il y a eu un virus détecté que je n'ai pas supprimé tout de suite, mais mis en quarantaine. Je l'ai supprimé par la suite. J'éspère que ce n'est pas grave. Avira AntiVir Personal Report file date: dimanche 11 janvier 2009 15:30 Scanning for 1179377 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Save mode Username: Sebastien Computer name: HILAIRE-03C0AE3 Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 26/11/2008 16:26:34 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 14:25:56 ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 12:24:44 ANTIVIR2.VDF : 7.1.1.88 726528 Bytes 08/01/2009 12:37:20 ANTIVIR3.VDF : 7.1.1.96 100864 Bytes 10/01/2009 12:36:53 Engineversion : 8.2.0.54 AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 15:53:33 AESCRIPT.DLL : 8.1.1.24 340348 Bytes 09/01/2009 12:37:33 AESCN.DLL : 8.1.1.5 123251 Bytes 08/11/2008 08:42:50 AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 12:30:16 AEPACK.DLL : 8.1.3.5 393588 Bytes 09/01/2009 12:37:31 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 12/12/2008 06:57:44 AEHEUR.DLL : 8.1.0.78 1532280 Bytes 09/01/2009 12:37:29 AEHELP.DLL : 8.1.2.0 119159 Bytes 19/11/2008 15:59:40 AEGEN.DLL : 8.1.1.8 323956 Bytes 12/12/2008 06:51:08 AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 15:53:22 AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 16:22:19 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 15:53:18 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 11/08/2008 12:09:25 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 11 janvier 2009 15:30 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD5 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '69' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\SDFix\backups\catchme.zip [0] Archive type: ZIP --> TDSSedrm.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program --> TDSSjriv.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program --> TDSSfcof.dll [DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program --> TDSSxnaq.dll [DETECTION] Is the TR/TDss.AT.518 Trojan [NOTE] The file was moved to '49de0c66.qua'! End of the scan: dimanche 11 janvier 2009 16:29 Used time: 58:53 Minute(s) The scan has been done completely. 7065 Scanning directories 242894 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 242889 Files not concerned 2614 Archives were scanned 5 Warnings 1 Notes Le rapport RSIT Logfile of random's system information tool 1.05 (written by random/random) Run by Sebastien at 2009-01-11 16:51:42 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 67 GB (57%) free of 117 GB Total RAM: 511 MB (31% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:51:48, on 11/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Classic PhoneTools\CapFax.EXE C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Documents and Settings\Sebastien\Bureau\RSIT.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\SEBAST~1\Bureau\Sebastien.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9e43735806ea427185d942562bc5e7ea O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9e43735806ea427185d942562bc5e7ea O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.mappy.com O15 - Trusted Zone: http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://regulus.upmf-grenoble.fr/qp2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O17 - HKLM\System\CS1\Services\Tcpip\..\{074E0CE5-B019-413C-9232-AB4EBF4F74F2}: NameServer = 80.10.246.130 80.10.246.3 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 9405 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1103710636.job C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "CapFax"=C:\Program Files\Classic PhoneTools\CapFax.EXE [2001-12-10 20739] "Disk Monitor"=C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe [2003-10-16 438784] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-06 282624] "LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-06-13 127036] "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\Sebastien\Menu Démarrer\Programmes\Démarrage Event Reminder.lnk - C:\pmw\PMREMIND.EXE Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe PowerReg Scheduler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 1 months====== 2009-01-10 17:07:14 ----D---- C:\WINDOWS\temp 2009-01-10 17:07:11 ----A---- C:\ComboFix.txt 2009-01-09 18:37:12 ----A---- C:\Boot.bak 2009-01-09 18:37:07 ----RASHD---- C:\cmdcons 2009-01-09 18:33:25 ----A---- C:\WINDOWS\zip.exe 2009-01-09 18:33:25 ----A---- C:\WINDOWS\VFIND.exe 2009-01-09 18:33:25 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-01-09 18:33:25 ----A---- C:\WINDOWS\SWSC.exe 2009-01-09 18:33:25 ----A---- C:\WINDOWS\SWREG.exe 2009-01-09 18:33:25 ----A---- C:\WINDOWS\sed.exe 2009-01-09 18:33:25 ----A---- C:\WINDOWS\NIRCMD.exe 2009-01-09 18:33:25 ----A---- C:\WINDOWS\grep.exe 2009-01-09 18:33:25 ----A---- C:\WINDOWS\fdsv.exe 2009-01-09 18:33:21 ----D---- C:\WINDOWS\ERDNT 2009-01-09 18:33:21 ----D---- C:\Qoobox 2009-01-09 16:28:42 ----D---- C:\rsit 2009-01-09 14:43:14 ----D---- C:\Documents and Settings\Sebastien\Application Data\WinRAR 2009-01-09 14:19:22 ----D---- C:\WINDOWS\ERUNT 2009-01-09 14:13:31 ----D---- C:\Program Files\SDFix 2009-01-08 21:36:25 ----A---- C:\Program Files\SDFix.exe 2009-01-07 13:12:31 ----D---- C:\Documents and Settings\All Users\Application Data\1132588574 2008-12-24 13:17:15 ----A---- C:\WINDOWS\system32\ltclr13n.dll 2008-12-24 13:17:15 ----A---- C:\WINDOWS\system32\lftif13n.dll 2008-12-24 13:17:15 ----A---- C:\WINDOWS\system32\lffax13n.dll 2008-12-13 11:35:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-13 11:27:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-13 11:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-13 11:21:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ ======List of files/folders modified in the last 1 months====== 2009-01-11 15:29:35 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-11 15:18:21 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-11 15:14:33 ----D---- C:\WINDOWS\Prefetch 2009-01-11 09:49:54 ----D---- C:\Program Files\Mozilla Firefox 2009-01-10 17:07:17 ----D---- C:\WINDOWS\system32\drivers 2009-01-10 17:07:17 ----D---- C:\WINDOWS\system32 2009-01-10 17:07:14 ----D---- C:\WINDOWS 2009-01-10 17:00:25 ----A---- C:\WINDOWS\system.ini 2009-01-10 16:57:19 ----D---- C:\WINDOWS\AppPatch 2009-01-10 16:57:19 ----D---- C:\Program Files\Fichiers communs 2009-01-10 16:52:35 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-10 16:41:29 ----D---- C:\Program Files\Logitech 2009-01-09 18:42:48 ----D---- C:\WINDOWS\system32\config 2009-01-09 18:37:13 ----RASH---- C:\boot.ini 2009-01-09 14:47:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-09 14:27:23 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-01-09 14:13:31 ----RD---- C:\Program Files 2008-12-24 13:14:48 ----A---- C:\WINDOWS\NeroDigital.ini 2008-12-18 20:38:16 ----HD---- C:\WINDOWS\inf 2008-12-18 20:37:40 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-13 11:35:08 ----A---- C:\WINDOWS\imsins.BAK 2008-12-13 11:34:45 ----SHD---- C:\WINDOWS\Installer 2008-12-13 11:31:36 ----D---- C:\Program Files\Internet Explorer 2008-12-13 11:31:25 ----D---- C:\WINDOWS\ie7updates 2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-12 07:58:27 ----SD---- C:\Documents and Settings\Sebastien\Application Data\Microsoft 2008-12-12 07:52:37 ----D---- C:\WINDOWS\system32\CatRoot ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-12-22 82380] R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684] R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 Cnxtdiag;Cnxtdiag; C:\WINDOWS\system32\DRIVERS\cnxtdiag.sys [2001-07-03 17776] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544] R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\fallback.sys [2001-07-12 310739] R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\fsksnt.sys [2001-06-14 127405] R2 K56;K56; C:\WINDOWS\system32\DRIVERS\k56nt.sys [2001-07-12 427167] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-05 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-05 55936] R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\faxnt.sys [2001-06-14 216987] R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\tonesnt.sys [2001-06-14 56639] R2 V124;V124; C:\WINDOWS\system32\DRIVERS\v124nt.sys [2001-07-12 534605] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640] R3 NVENET;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2004-01-29 93764] R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032] R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [] S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [] S3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\basic2.sys [2001-07-12 77426] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504] S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-02-03 14240] S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-02-03 938272] S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-02-01 348640] S3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\rksample.sys [2001-06-14 67622] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2001-07-12 584304] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536] R2 LVPrcSrv;Process Monitor; c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- Merci de votre aide. Stella09

Bonjour! Merci pour ton aide. Voici le rapport Malwarebytes: Malwarebytes' Anti-Malware 1.32 Version de la base de données: 1638 Windows 5.1.2600 Service Pack 3 10/01/2009 16:39:15 mbam-log-2009-01-10 (16-39-15).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 166114 Temps écoulé: 1 hour(s), 18 minute(s), 45 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Voici le rapport ComboFix: ComboFix 09-01-08.05 - Sebastien 2009-01-10 16:53:26.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.234 [GMT 1:00] Lancé depuis: c:\documents and settings\Sebastien\Bureau\youplaboum.exe.exe Commutateurs utilisés :: c:\documents and settings\Sebastien\Bureau\CFScript.txt.txt * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . A:\AUTORUN.INF F:\autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-10 au 2009-01-10 )))))))))))))))))))))))))))))))))))) . 2009-01-09 16:28 . 2009-01-09 16:28 <REP> d-------- C:\rsit 2009-01-09 14:27 . 2009-01-09 14:27 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-01-09 14:19 . 2009-01-09 14:19 <REP> d-------- c:\windows\ERUNT 2009-01-09 14:13 . 2009-01-09 14:44 <REP> d-------- c:\program files\SDFix 2009-01-08 21:36 . 2009-01-08 21:07 1,529,241 --a------ c:\program files\SDFix.exe 2009-01-07 13:12 . 2009-01-07 13:12 <REP> d-------- c:\documents and settings\All Users\Application Data\1132588574 2008-12-24 13:17 . 2003-12-12 16:06 1,693,696 --a------ c:\windows\system32\ltclr13n.dll 2008-12-24 13:17 . 2003-11-04 15:11 155,648 --a------ c:\windows\system32\lftif13n.dll 2008-12-24 13:17 . 2003-11-04 15:10 98,304 --a------ c:\windows\system32\lffax13n.dll 2008-12-21 13:41 . 2008-12-21 13:41 58,702 --a------ C:\RECUP.DOC . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-10 15:41 --------- d-----w c:\program files\Logitech 2009-01-09 13:47 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-11-11 15:21 1,337 ---ha-w c:\documents and settings\Sebastien\hpothb07.dat 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-05-26 08:23 9,306 ----a-w c:\program files\hijackthis.log 2008-05-25 09:01 1,649,976 ----a-w c:\program files\mbam-setup.exe 2008-05-24 09:52 401,720 ----a-w c:\program files\hijackthis.exe 2007-08-02 11:09 1,658,048 ------w c:\program files\pf-setup.exe 2006-03-16 15:03 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe 2006-02-12 17:43 1,106,812 ----a-w c:\program files\wrar350fr.exe 2005-09-17 11:35 20 ----a-w c:\program files\log.txt 2007-05-07 12:11 60,518 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2007-05-07 12:11 49,248 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2007-05-07 12:11 165,992 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\All Users\Application Data\1132588574 ---- 2009-01-09 16:13 97 --a------ c:\documents and settings\All Users\Application Data\1132588574\config.udb 2009-01-07 13:12 226 --a------ c:\documents and settings\All Users\Application Data\1132588574\init.udb 2009-01-07 13:12 12930 --a------ c:\documents and settings\All Users\Application Data\1132588574\Langs.udb ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "CapFax"="c:\program files\Classic PhoneTools\CapFax.EXE" [2001-12-10 20739] "Disk Monitor"="c:\program files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe" [2003-10-16 438784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-06 282624] "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Sebastien\Menu D‚marrer\Programmes\D‚marrage\ Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1997-11-03 254128] Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-07-10 344064] PowerReg Scheduler.exe [2004-12-27 256000] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-04-24 122880] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0stera [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R4 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?] . Contenu du dossier 'Tâches planifiées' 2005-04-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1103710636.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52] 2009-01-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wanadoo.fr IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9e43735806ea427185d942562bc5e7ea IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9e43735806ea427185d942562bc5e7ea FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-10 17:00:15 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(644) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\ati2evxx.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\windows\system32\ntvdm.exe c:\program files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-01-10 17:07:09 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-10 16:07:05 ComboFix2.txt 2009-01-09 17:51:14 Avant-CF: 70 507 741 184 octets libres Après-CF: 70,496,260,096 octets libres 167 --- E O F --- 2008-12-18 19:38:16 Ca va déjà mieux sans le Rootkit. J'attend pour savoir ce qu'il faut faire d'autre. Merci encore. Stella09

Bonsoir! J'ai fait tout ce qu'il fallait faire. Voici le rapport de combofix: ComboFix 09-01-08.05 - Sebastien 2009-01-09 18:39:35.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.224 [GMT 1:00] Lancé depuis: c:\documents and settings\Sebastien\Bureau\youplaboum.exe.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\404Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\stera.log c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN -------\Legacy_TDSSSERV.SYS -------\Legacy_VSPF -------\Legacy_VSPF_HK -------\Service_TDSSserv.sys -------\Service_vspf -------\Service_vspf_hk ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-09 au 2009-01-09 )))))))))))))))))))))))))))))))))))) . 2009-01-09 16:28 . 2009-01-09 16:28 <REP> d-------- C:\rsit 2009-01-09 14:27 . 2009-01-09 14:27 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-01-09 14:19 . 2009-01-09 14:19 <REP> d-------- c:\windows\ERUNT 2009-01-09 14:13 . 2009-01-09 14:44 <REP> d-------- c:\program files\SDFix 2009-01-08 21:36 . 2009-01-08 21:07 1,529,241 --a------ c:\program files\SDFix.exe 2009-01-07 13:12 . 2009-01-07 13:12 <REP> d-------- c:\documents and settings\All Users\Application Data\1132588574 2008-12-24 13:17 . 2003-12-12 16:06 1,693,696 --a------ c:\windows\system32\ltclr13n.dll 2008-12-24 13:17 . 2003-11-04 15:11 155,648 --a------ c:\windows\system32\lftif13n.dll 2008-12-24 13:17 . 2003-11-04 15:10 98,304 --a------ c:\windows\system32\lffax13n.dll 2008-12-21 13:41 . 2008-12-21 13:41 58,702 --a------ C:\RECUP.DOC . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-09 13:47 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-11-11 15:21 1,337 ---ha-w c:\documents and settings\Sebastien\hpothb07.dat 2008-05-26 08:23 9,306 ----a-w c:\program files\hijackthis.log 2008-05-25 09:01 1,649,976 ----a-w c:\program files\mbam-setup.exe 2008-05-24 09:52 401,720 ----a-w c:\program files\hijackthis.exe 2007-08-02 11:09 1,658,048 ------w c:\program files\pf-setup.exe 2006-03-16 15:03 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe 2006-02-12 17:43 1,106,812 ----a-w c:\program files\wrar350fr.exe 2005-09-17 11:35 20 ----a-w c:\program files\log.txt 2007-05-07 12:11 60,518 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2007-05-07 12:11 49,248 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2007-05-07 12:11 165,992 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "CapFax"="c:\program files\Classic PhoneTools\CapFax.EXE" [2001-12-10 20739] "Disk Monitor"="c:\program files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe" [2003-10-16 438784] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-06 282624] "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2007-12-12 107248] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Sebastien\Menu D‚marrer\Programmes\D‚marrage\ Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1997-11-03 254128] Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-07-10 344064] PowerReg Scheduler.exe [2004-12-27 256000] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-08-07 67128] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-04-24 122880] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0stera [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R4 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-05 14336] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?] . Contenu du dossier 'Tâches planifiées' 2005-04-03 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1103710636.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52] 2009-01-09 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-WOOKIT - c:\progra~1\Wanadoo\Shell.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wanadoo.fr IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9e43735806ea427185d942562bc5e7ea IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9e43735806ea427185d942562bc5e7ea Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-09 18:44:47 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(644) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\ati2evxx.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\windows\system32\ntvdm.exe c:\program files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe c:\windows\system32\wscntfy.exe c:\program files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe . ************************************************************************** . Heure de fin: 2009-01-09 18:51:12 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-09 17:51:08 Avant-CF: 70 001 754 112 octets libres Après-CF: 70,488,227,840 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 177 --- E O F --- 2008-12-18 19:38:16 Merci. Stella09

Bonjour! Merci pour ton aide!! J'ai réussi à télécharger SDFix et tout le reste à marcher. Voici mes différents rapports. SDFIx SDFix: Version 1.240 Run by Sebastien on 09/01/2009 at 14:29 Microsoft Windows XP [version 5.1.2600] Running From: C:\PROGRA~1\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\Sebastien\Mes documents\My Documents.url - Deleted C:\Documents and Settings\Sebastien\Mes documents\NeroVision\Ma musique\My Music.url - Deleted C:\Documents and Settings\Sebastien\Mes documents\Mes images\My Pictures.url - Deleted C:\Documents and Settings\Sebastien\Mes documents\NeroVision\Mes vid‚os\My Video.url - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\sfsrv.exe.bat - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\vistasp1.exe.bat - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp10.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp11.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp12.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp13.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp14.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp15.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp16.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp17.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp18.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp19.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp1A.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp1B.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp1C.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp1D.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp1E.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp1F.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp20.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp21.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp22.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp23.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp24.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp25.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp26.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp27.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp28.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp29.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp2A.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp2B.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp2C.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp2D.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp2E.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp2F.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp30.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp31.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp32.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp33.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp34.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp35.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp36.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp37.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp38.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp39.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp3A.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp3B.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp3C.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp3D.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp3E.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp3F.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp4.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp40.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp41.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp42.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp43.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp44.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp45.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp46.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp47.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp48.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp49.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp4A.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp4B.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp4C.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp4D.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp4E.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp4F.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp5.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp50.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp51.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp52.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp53.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp54.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp55.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp56.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp57.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp58.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp59.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp5A.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp5B.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp5C.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp5D.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp5E.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp5F.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp6.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp60.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp61.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp62.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp63.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp64.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp65.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp66.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp67.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp68.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp69.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp6A.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp6B.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp6C.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp6D.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp6E.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp6F.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp7.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp70.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp71.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp72.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp73.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp74.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp75.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp8.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp8C.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp8D.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp8E.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp8F.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp9.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp90.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp91.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp92.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp93.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmp97.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmpA.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmpB.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmpC.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmpD.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmpE.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmpE4.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmpE5.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmpE6.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\tmpF.tmp - Deleted C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\s1265.php.bat - Deleted C:\WINDOWS\system32\TDSSxbad.dll - Deleted C:\WINDOWS\system32\TDSSnirj.dat - Deleted C:\WINDOWS\system32\TDSSqyaa.log - Deleted Could Not Remove C:\WINDOWS\system32\TDSSedrm.dll Could Not Remove C:\WINDOWS\system32\TDSSjriv.dll Could Not Remove C:\WINDOWS\system32\TDSSfcof.dll Could Not Remove C:\WINDOWS\system32\TDSSxnaq.dll Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-09 14:44:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... disk error: C:\WINDOWS\system32\config\system, 0 scanning hidden registry entries ... disk error: C:\WINDOWS\system32\config\software, 0 disk error: C:\Documents and Settings\Sebastien\ntuser.dat, 0 scanning hidden files ... disk error: C:\WINDOWS\ please note that you need administrator rights to perform deep scan Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Disabled:Warcraft III" "C:\\Program Files\\Securitoo\\Av_Fw\\backweb\\8520111\\Program\\fspex.exe"="C:\\Program Files\\Securitoo\\Av_Fw\\backweb\\8520111\\Program\\fspex.exe:*:Enabled:Securitoo Antivirus Firewall" "C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : C:\WINDOWS\system32\TDSSedrm.dll Found C:\WINDOWS\system32\TDSSjriv.dll Found C:\WINDOWS\system32\TDSSfcof.dll Found C:\WINDOWS\system32\TDSSxnaq.dll Found File Backups: - C:\PROGRA~1\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 30 Oct 2008 215 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiAF.tmp" Sun 8 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Finished! Malwarebytes Malwarebytes' Anti-Malware 1.32 Version de la base de données: 1634 Windows 5.1.2600 Service Pack 3 09/01/2009 16:13:55 mbam-log-2009-01-09 (16-13-55).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 177460 Temps écoulé: 1 hour(s), 25 minute(s), 38 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 25 Processus mémoire infecté(s): C:\Documents and Settings\All Users\Application Data\1132588574\1635846906.exe (Rogue.SystemSecurity) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{427b1fd8-2123-4334-a7d8-7a497363914b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1635846906 (Rogue.SystemSecurity) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inetsrv (Backdoor.Bot) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\1132588574\1635846906.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\Sebastien\Bureau\install(2).exe (Rogue.Winweb) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSedrm.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSSfcof.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSSjriv.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\TDSSxnaq.dll (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\system32\drivers\TDSSrftc.sys (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\Temp\TDSS113c.tmp (Trojan.TDSS) -> Delete on reboot. C:\WINDOWS\Temp\TDSS241d.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS2507.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS2891.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS2a95.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS2d06.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS3013.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS313c.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS35b1.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS3776.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS39e7.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS3ddf.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS3fb3.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS44f3.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS4aee.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSS52af.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\TDSSc79.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\Sebastien\Bureau\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully. RSIT Logfile of random's system information tool 1.05 (written by random/random) Run by Sebastien at 2009-01-09 16:28:42 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 66 GB (57%) free of 117 GB Total RAM: 511 MB (28% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:28:52, on 09/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Classic PhoneTools\CapFax.EXE C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\OrangeHSS\Launcher\Launcher.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\ntvdm.exe C:\Program Files\OrangeHSS\systray\systrayapp.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\OrangeHSS\Deskboard\deskboard.exe C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Sebastien\Bureau\RSIT.exe C:\DOCUME~1\SEBAST~1\Bureau\Sebastien.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9e43735806ea427185d942562bc5e7ea O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9e43735806ea427185d942562bc5e7ea O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.mappy.com O15 - Trusted Zone: http://*.orange.fr O15 - Trusted Zone: http://rw.search.ke.voila.fr O15 - Trusted Zone: http://orange.weborama.fr O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://regulus.upmf-grenoble.fr/qp2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O17 - HKLM\System\CS1\Services\Tcpip\..\{074E0CE5-B019-413C-9232-AB4EBF4F74F2}: NameServer = 80.10.246.130 80.10.246.3 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 9912 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1103710636.job C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "CapFax"=C:\Program Files\Classic PhoneTools\CapFax.EXE [2001-12-10 20739] "Disk Monitor"=C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe [2003-10-16 438784] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-06 282624] "LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-06-13 127036] "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= [] "MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\Sebastien\Menu Démarrer\Programmes\Démarrage Event Reminder.lnk - C:\pmw\PMREMIND.EXE Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe PowerReg Scheduler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III" "C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe"="C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe:*:Enabled:Securitoo Antivirus Firewall" "C:\Program Files\WinAntiVirus Pro 2006\Updater.exe"="C:\Program Files\WinAntiVirus Pro 2006\Updater.exe:*:Enabled:updater.exe" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34bf47b3-5346-11dd-bd94-89138c5f90f4}] shell\AutoRun\command - F:\.\Recycled\Driveinfo.exe shell\Open\command - F:\.\Recycled\Driveinfo.exe ======File associations====== .scr - open - "%1" %* ======List of files/folders created in the last 1 months====== 2009-01-09 16:28:42 ----D---- C:\rsit 2009-01-09 14:43:14 ----D---- C:\Documents and Settings\Sebastien\Application Data\WinRAR 2009-01-09 14:19:22 ----D---- C:\WINDOWS\ERUNT 2009-01-09 14:13:31 ----D---- C:\Program Files\SDFix 2009-01-08 21:36:25 ----A---- C:\Program Files\SDFix.exe 2009-01-07 13:12:31 ----D---- C:\Documents and Settings\All Users\Application Data\1132588574 2008-12-24 13:17:15 ----A---- C:\WINDOWS\system32\ltclr13n.dll 2008-12-24 13:17:15 ----A---- C:\WINDOWS\system32\lftif13n.dll 2008-12-24 13:17:15 ----A---- C:\WINDOWS\system32\lffax13n.dll 2008-12-13 11:35:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-13 11:27:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-13 11:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-13 11:21:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ ======List of files/folders modified in the last 1 months====== 2009-01-09 16:20:16 ----D---- C:\Program Files\Mozilla Firefox 2009-01-09 16:19:04 ----D---- C:\WINDOWS\Temp 2009-01-09 16:18:00 ----D---- C:\WINDOWS\system32\drivers 2009-01-09 16:18:00 ----D---- C:\WINDOWS\system32 2009-01-09 16:17:41 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-09 14:47:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-09 14:44:11 ----D---- C:\WINDOWS\Prefetch 2009-01-09 14:27:23 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-01-09 14:27:23 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-09 14:19:22 ----D---- C:\WINDOWS 2009-01-09 14:13:31 ----RD---- C:\Program Files 2008-12-26 21:42:23 ----D---- C:\WINDOWS\system32\CatRoot2 2008-12-24 13:14:48 ----A---- C:\WINDOWS\NeroDigital.ini 2008-12-18 20:38:16 ----HD---- C:\WINDOWS\inf 2008-12-18 20:37:40 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-13 11:35:08 ----A---- C:\WINDOWS\imsins.BAK 2008-12-13 11:34:45 ----SHD---- C:\WINDOWS\Installer 2008-12-13 11:31:36 ----D---- C:\Program Files\Internet Explorer 2008-12-13 11:31:25 ----D---- C:\WINDOWS\ie7updates 2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-12 07:58:27 ----SD---- C:\Documents and Settings\Sebastien\Application Data\Microsoft 2008-12-12 07:52:37 ----D---- C:\WINDOWS\system32\CatRoot 2008-12-11 14:36:24 ----D---- C:\WINDOWS\Minidump 2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-12-22 82380] R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684] R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 Cnxtdiag;Cnxtdiag; C:\WINDOWS\system32\DRIVERS\cnxtdiag.sys [2001-07-03 17776] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544] R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\fallback.sys [2001-07-12 310739] R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\fsksnt.sys [2001-06-14 127405] R2 K56;K56; C:\WINDOWS\system32\DRIVERS\k56nt.sys [2001-07-12 427167] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-05 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-05 55936] R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\faxnt.sys [2001-06-14 216987] R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\tonesnt.sys [2001-06-14 56639] R2 V124;V124; C:\WINDOWS\system32\DRIVERS\v124nt.sys [2001-07-12 534605] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632] R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-05-25 48640] R3 NVENET;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2004-01-29 93764] R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-05-25 396032] R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 vspf;vspf; \??\C:\WINDOWS\system32\drivers\vspf5.sys [] S1 vspf_hk;vspf_hk; \??\C:\WINDOWS\system32\drivers\vspf_hk5.sys [] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [] S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [] S3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\basic2.sys [2001-07-12 77426] S3 catchme;catchme; \??\C:\DOCUME~1\SEBAST~1\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504] S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-02-03 14240] S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-02-03 938272] S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-02-01 348640] S3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\rksample.sys [2001-06-14 67622] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2001-07-12 584304] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536] R2 LVPrcSrv;Process Monitor; c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-08-25 516096] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- info.txt logfile of random's system information tool 1.05 2009-01-09 16:28:56 ======Uninstall list====== -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x40c /cont -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x40c /removeonly -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x40c -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x40c /removeonly -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9225EABF-4457-403B-A82B-91614C9DDDF7}\setup.exe" -l0x40c -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x40c /removeonly -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x40c -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x40c -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x40c -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9CCEA28-3608-4078-8A07-997646E1A357}\setup.exe" -l0x40c -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x40c /removeonly -removeonly -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD7FF74D-0AB5-48D6-929C-7E93A5162521}\setup.exe" -l0x40c -removeonly -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ‰Ä“úi‘ÌŒ±”ÅD‚m‚d‚sj-->C:\WINDOWS\IsUn0411.exe -f"C:\Program Files\‚·‚½‚¶‚¨—Î’ƒ\‰Ä“úi‘ÌŒ±”ÅD‚m‚d‚sj\Uninst.isu" ACDSee Classic-->C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG ActiveDolls - Radiant-->C:\Documents and Settings\Sebastien\Mes documents\v\Radiant\Uninstall.exe Adobe Acrobat Reader 3.01-->C:\WINDOWS\unin040c.exe -fC:\Acrobat3\Reader\DeIsL1.isu Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} AMI-CW52 V.92 PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F01&SUBSYS_900616EF\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F01&SUBSYS_900616EF Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Baldur's Gate-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Black Isle\Baldur's Gate\Uninst.isu" Barbarian Invasion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4905C2C7-96CB-4DD9-A706-C427913DE5AE}\setup.exe" -l0x40c Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45} Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C} Cardcaptor Sakura Screen Saver-->sstunst2.exe Cardcaptor Sakura Chaos-League-->C:\Program Files\Cyanide\Chaos-League\uninstall.exe Classic PhoneTools-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x40c ControlPanel Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Cossacks II-->C:\Program Files\GSC Game World\Cossacks II\uninstall.exe Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976} Disque de souvenirs HP-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70} DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DS Legends of Aranna-->"C:\Program Files\Microsoft Games\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove Encyclopédie Microsoft Encarta 98-->RunDll32 C:\PROGRA~1\MIE1DB~1\ENCYCL~1\UNENC98.DLL,Uninstall C:\PROGRA~1\MIE1DB~1\ENCYCL~1\SETUP98F\INST98F.LOG Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D} Fable - The Lost Chapters-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD} GameCenter-->C:\Program Files\Cyanide\GameCenter\uninstall.exe GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG Generic USB Card Reader Driver v2.2c-->C:\WINDOWS\iun6002.exe "C:\Program Files\Generic\USB Card Reader Driver v2.2c\irunin.ini" Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} GUILD WARS-->"C:\Program Files\GUILD WARS\Gw.exe" -uninstall Heroes of Might and Magic II-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Heroes2\DeIsL1.isu" Heroes of Might and Magic® III-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\3DO\Heroes3\Uninst.isu" -c"C:\Program Files\3DO\Heroes3\uninst.dll HijackThis 2.0.2-->"C:\PROGRA~1\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5} Impossible Creatures-->"C:\Program Files\Microsoft Games\Impossible Creatures\UNINSTAL.EXE" /runtemp /addremove Indian-->C:\WINDOWS\ST5UNST.EXE -n "c:\Documents and Settings\Sebastien\Mes documents\v\ST5UNST.LOG" InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe Java 2 Runtime Environment, SE v1.4.0_03-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Leisure Suit Larry - Magna Cum Laude-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A31289C6-04EF-4437-A35B-7CC96167145C} Les Sims Deluxe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l040c Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MediaInfo 0.7.4.7-->C:\Program Files\MediaInfo\uninst.exe Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x040c -removeonly Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Basic Edition 2003-->MsiExec.exe /I{9113040C-6000-11D3-8CFE-0150048383C9} Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mozilla Firefox (1.5)-->C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (fr)" MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Navigation par onglets (Windows Live Toolbar)-->MsiExec.exe /X{E916E61F-DE9D-4EAF-91E1-CEB50016326A} Need For Speed III-->C:\WINDOWS\UNIN040C.EXE -f"C:\Program Files\Electronic Arts\Need For Speed III\DeIsL1.isu" -c"C:\Program Files\Electronic Arts\Need For Speed III\eauninst.dll" Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI NvMixer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{F242B06B-517F-4D62-B654-16B11564A912} OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B} Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1} Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot PhotoFiltre-->"C:\Documents and Settings\Sebastien\Mes documents\PhotoFiltre\Uninst.exe" PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PrintMaster Gold 4.03-->c:\pmw\msrun.exe Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Rome - Total War - Alexander-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C1804BC-094F-431A-BEA5-37A837958029}\setup.exe" -l0x40c -removeonly Rome - Total War-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Sexy Memory-->C:\Documents and Settings\Sebastien\Mes documents\v\uninstall.exe Singles-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5628829F-3318-4DDA-988D-D301832F1611}\setup.exe" -l0x40c -removeonly Sonic UDF Reader-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sony Picture Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x40c /removeonly uninstall -removeonly Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL Spellforce - Diamond Edition-->MsiExec.exe /I{2CA13178-C16D-47A4-AA91-5441F57FF63E} SuperModelSolitaire-->C:\WINDOWS\iun3405.exe c:\smsolita Swimsuit Solitaire-->C:\PROGRA~1\Grandia2\wyvern\SWIMSU~1\UNWISE.EXE C:\PROGRA~1\Grandia2\wyvern\SWIMSU~1\install.LOG Tgp strip blackjack 1.00-->"C:\Documents and Settings\Sebastien\Mes documents\v\Tgp strip blackjack\unins000.exe" VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} Warhammer® Mark of Chaos-->C:\Program Files\InstallShield Installation Information\{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}\setup.exe -runfromtemp -l0x040c -removeonly Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D} Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall WordBiz version 1.8-->"C:\Program Files\WordBiz\unins000.exe" Worms2-->C:\WINDOWS\IsUninst.exe -fC:\Team17\Worms2\Uninst.isu XXXTYCOON-->C:\WINDOWS\st6unst.exe -n "C:\Documents and Settings\Sebastien\Mes documents\v\ST6UNST.LOG" ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: Avira AntiVir PersonalEdition System event log Computer Name: HILAIRE-03C0AE3 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur. Record Number: 322325 Source Name: Service Control Manager Time Written: 20081216084114.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: HILAIRE-03C0AE3 Event Code: 7036 Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution. Record Number: 322324 Source Name: Service Control Manager Time Written: 20081216084114.000000+060 Event Type: Informations User: Computer Name: HILAIRE-03C0AE3 Event Code: 7026 Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : vspf vspf_hk Record Number: 322323 Source Name: Service Control Manager Time Written: 20081216084113.000000+060 Event Type: erreur User: Computer Name: HILAIRE-03C0AE3 Event Code: 7000 Message: Le service General Purpose USB Driver (adildr.sys) n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable. Record Number: 322322 Source Name: Service Control Manager Time Written: 20081216084102.000000+060 Event Type: erreur User: Computer Name: HILAIRE-03C0AE3 Event Code: 17 Message: AVGNTFLT successfully loaded Record Number: 322321 Source Name: avgntflt Time Written: 20081216084050.000000+060 Event Type: Informations User: Application event log Computer Name: HILAIRE-03C0AE3 Event Code: 4096 Message: The AntiVir service has been started successfully! Record Number: 684 Source Name: Avira AntiVir Time Written: 20081022115323.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: HILAIRE-03C0AE3 Event Code: 105 Message: The service was started. Record Number: 683 Source Name: ATI Smart Time Written: 20081022115312.000000+120 Event Type: Informations User: Computer Name: HILAIRE-03C0AE3 Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 682 Source Name: SecurityCenter Time Written: 20081022103505.000000+120 Event Type: Informations User: Computer Name: HILAIRE-03C0AE3 Event Code: 4096 Message: The AntiVir service has been started successfully! Record Number: 681 Source Name: Avira AntiVir Time Written: 20081022103458.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: HILAIRE-03C0AE3 Event Code: 105 Message: The service was started. Record Number: 680 Source Name: ATI Smart Time Written: 20081022103445.000000+120 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Dois-je faire autre chose? Encore merci pour ton aide! Stella09

Bonjour! J'ai essayé de télécharger SDFix grâce à votre lien, mais ça ne marche pas. Je ne sais pas pourquoi et j'ai vraiment besoin d'aide, car le virus est vraiment installé! S'il vous plaît, que dois-je faire? merci. Stella09

Bonsoir! Merci de m'avoir répondu. J'ai fait la première opération avec le document texte et ça a marché, la bloc note s'est ouvert. Par contre, je n'arrive pas à télécharger SDFix (j'ai essayé plusieurs fois!) et comme je ne suis pas très douée pour ce genre de manipulations, j'aimerai savoir s'il y a un autre moyen de le télécharger? Merci pour votre aide. Stella09

Bonjour!! Mon ordinateur est un peu lent depuis quelques jours et aujourd'hui, une icône est apparue dans la barre outil m'indiquant que mon ordinateur n'était pas protégé. Or, j'ai l'antivirus Antivir, et cette icône n'a jamais été là. Elle se nomme system security et je crains qu'elle n'infecte complétement mon ordi. Pourriez-vous m'aider s'il vous plaît? Je vous envoie mon rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:38:20, on 11/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Classic PhoneTools\CapFax.EXE C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\inetsrv.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe C:\DOCUME~1\SEBAST~1\Bureau\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [inetsrv] C:\WINDOWS\system32\inetsrv.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9e43735806ea427185d942562bc5e7ea O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9e43735806ea427185d942562bc5e7ea O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://regulus.upmf-grenoble.fr/qp2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{074E0CE5-B019-413C-9232-AB4EBF4F74F2}: NameServer = 80.10.246.130 81.253.149.10 O17 - HKLM\System\CS1\Services\Tcpip\..\{074E0CE5-B019-413C-9232-AB4EBF4F74F2}: NameServer = 80.10.246.130 80.10.246.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{074E0CE5-B019-413C-9232-AB4EBF4F74F2}: NameServer = 80.10.246.130 81.253.149.10 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 9214 bytes En vous remerciant d'avance. Stella09