Ibeaux

Salut, Un GRAND MERCI en tout cas, ça m'a permis de voir une autre façette de l'informatique Au fait, quelles sont tes qualifications, je suis très imprésionné. Au plaisir et bon courage pour les autres cas.... @+

C'est ok pour le Pc bureau, j'ai aussi désactiver la restaurations systèmes sur les 2 PC et voici le rapport pour Java: JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Feb 13 09:18:24 2009 Found and removed: C:\Program Files\Java\jre1.5.0_03 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: Software\JavaSoft\Java2D\1.5.0_03 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Classes\JavaPlugin.150_03 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_03 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_03 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510003 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150030} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_03 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_03\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ ------------------------------------ Finished reporting.

Bonjour, J'ai effectué les différentes procédures indiqués, cela à bien fonctionné sur le portable mais pas sur le PC bureau avec JavaRa, il me dit que la connexion à Internet n'est pas bonne, j'arrive pourtant à aller sur Internet, je vais réessayer, voici le rapport pour le portable: JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Feb 13 08:59:16 2009 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting.

Bonsoir, Je viens de terminer le scan de l'ordinateur avec MaCfee et il n'a rien trouvé. Je penses que mes problèmes sont résolus, un grand merci pour l'aide sans quoi j'aurais dû formatter l'ordinateur. @+++

voici, le rapport [ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\SDFIX: trouvé ! C:\Combofix: trouvé ! C:\Qoobox: trouvé ! C:\Rsit: trouvé ! C:\ComboFix\Combofix.txt: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\HijackThis.lnk: trouvé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\ComboFix.exe: trouvé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\HJTInstall.exe: trouvé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\Rsit.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\HijackThis.lnk: supprimé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\HJTInstall.exe: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\ComboFix\Combofix.txt: supprimé ! C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\Rsit.exe: supprimé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\SDFIX: supprimé ! C:\Combofix: supprimé ! C:\Qoobox: supprimé ! C:\Rsit: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! Corbeille vidée! Fichiers temporaires nettoyés !

Effectivement, il a l'air tronqué. Je pensais n'avoir copier/coller qu'une partie, mais c'est pas le cas. Il n'y a que cela dans le rapport. Je recommance la procédure en mode sans échec peut-être? Le fichier, c'est bien celui qui est dans le répértoire C:\combofix\combofix.txt

Voilà le rapport de combofix: Je peux activer l'option pour visualiser les fichiers cachées ainsi que les dossiers. ComboFix 09-02-10.03 - 2009-02-12 9:47:07.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.281 [GMT 1:00] Lancé depuis: C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\ComboFix.exe Commutateurs utilisés :: C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\CFScript.txt * Un nouveau point de restauration a été créé FILE :: H:\a2h2.com I:\hl80c6b1.com . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-12 au 2009-02-12 )))))))))))))))))))))))))))))))))))) . 2009-02-11 14:14 . 2009-02-11 14:15 <REP> d-------- C:\rsit 2009-02-11 11:42 . 2009-02-11 11:42 <REP> d-------- C:\Program Files\Trend Micro 2009-02-10 13:57 . 2009-02-10 13:57 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2009-02-10 13:55 . 2009-02-10 13:55 <REP> d-------- C:\WINDOWS\ERUNT 2009-02-10 13:46 . 2009-02-10 14:43 <REP> d-------- C:\SDFix 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\Malwarebytes 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-02-10 10:18 . 2009-01-14 16:11 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2009-02-10 10:18 . 2009-01-14 16:11 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2009-02-06 13:58 . 2009-02-06 13:58 <REP> d-------- C:\Program Files\Prevx 2009-02-06 13:58 . 2009-02-06 13:58 21,512 --a------ C:\WINDOWS\system32\drivers\pxscan.sys 2009-02-06 13:57 . 2009-02-06 15:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2009-02-06 13:57 . 2009-02-06 13:57 71 --a------ C:\WINDOWS\wininit.ini 2009-02-05 17:05 . 2008-06-19 16:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2009-02-05 17:04 . 2009-02-05 17:04 <REP> d-------- C:\Program Files\Panda Security 2009-01-28 07:58 . 2009-01-28 11:00 <REP> d-------- C:\DVD 2009-01-26 11:51 . 2009-01-26 11:51 27 --a------ C:\WINDOWS\SonySNCRZ25.ini 2009-01-22 16:43 . 2009-01-22 16:43 <REP> d-------- C:\Program Files\RealVNC . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-12 08:56 --------- d-----w C:\Program Files\SysMetrix 2009-02-12 08:56 --------- d-----w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\stickies 2009-02-12 08:54 --------- d-----w C:\Program Files\PestPatrol 2009-02-10 08:10 --------- d-----w C:\Program Files\Island Top 9 2009-02-09 12:45 91,648 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp 2009-02-09 07:35 6,705,664 ----a-w C:\WINDOWS\Internet Logs\xDBB4.tmp 2009-02-09 07:35 26,624 ----a-w C:\WINDOWS\Internet Logs\xDBB8.tmp 2009-02-09 06:47 6,781,952 ----a-w C:\WINDOWS\Internet Logs\xDBB0.tmp 2009-02-09 06:46 1,489,920 ----a-w C:\WINDOWS\Internet Logs\xDBB3.tmp 2009-02-09 06:44 --------- d-----w C:\Program Files\ScanSpyware v3.8.0.2 2009-02-06 13:33 --------- d-----w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\U3 2009-02-05 15:22 --------- d-----w C:\Program Files\UltraVNC 2009-01-28 06:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2009-01-14 11:14 --------- d-----w C:\Program Files\Microsoft ActiveSync 2009-01-09 15:42 --------- d-----w C:\Program Files\INCU 2009-01-09 11:00 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2009-01-09 11:00 249,856 ------w C:\WINDOWS\Setup1.exe 2009-01-09 07:34 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-12-22 15:33 --------- d-----w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\dvdcss 2008-12-20 22:47 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-12-05 15:51 6,550,016 ----a-w C:\WINDOWS\Internet Logs\xDBAF.tmp 2008-12-05 15:51 48,640 ----a-w C:\WINDOWS\Internet Logs\xDBB1.tmp 2008-11-27 15:52 6,521,856 ----a-w C:\WINDOWS\Internet Logs\xDBAE.tmp 2008-11-27 15:51 20,992 ----a-w C:\WINDOWS\Internet Logs\xDBB2.tmp 2008-11-27 13:56 23,040 ----a-w C:\WINDOWS\Internet Logs\xDB149.tmp 2008-11-27 13:49 6,521,856 ----a-w C:\WINDOWS\Internet Logs\xDB148.tmp 2008-11-27 07:38 6,521,856 ----a-w C:\WINDOWS\Internet Logs\xDBAA.tmp 2008-11-27 07:32 229,888 ----a-w C:\WINDOWS\Internet Logs\xDBAB.tmp 2008-11-21 13:59 68,352 ----a-w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\GDIPFONTCACHEV1.DAT 2008-07-30 10:23 34,924 -c--a-w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\mdbu.bin 2005-03-02 07:26 560 -c--a-w C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\ViewerApp.dat 2008-08-21 12:49 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082120080822\index.dat .

Il est en cours, ça met un peu plus de temps que d'habitude, dès que je l'ai, je le poste. Bonne journée,

Je viens d'envoyer pour analyse le fichier setup1.exe et voici le rapport : Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.73 2009.01.04 - AhnLab-V3 2008.12.31.0 2009.01.04 - AntiVir 7.9.0.45 2009.01.04 - Authentium 5.1.0.4 2009.01.04 - Avast 4.8.1281.0 2009.01.04 - AVG 8.0.0.199 2009.01.04 - BitDefender 7.2 2009.01.05 - CAT-QuickHeal 10.00 2009.01.03 - ClamAV 0.94.1 2009.01.04 - Comodo 874 2009.01.04 - DrWeb 4.44.0.09170 2009.01.04 - eTrust-Vet 31.6.6289 2009.01.02 - Ewido 4.0 2008.12.31 - F-Prot 4.4.4.56 2009.01.04 - F-Secure 8.0.14470.0 2009.01.05 - Fortinet 3.117.0.0 2009.01.04 - GData 19 2009.01.05 - Ikarus T3.1.1.45.0 2009.01.03 - K7AntiVirus 7.10.575 2009.01.03 - Kaspersky 7.0.0.125 2009.01.05 - McAfee 5484 2009.01.04 - McAfee+Artemis 5484 2009.01.04 - Microsoft 1.4205 2009.01.05 - NOD32 3735 2009.01.04 - Norman 5.80.02 2009.01.02 - Panda 9.0.0.4 2009.01.04 - PCTools 4.4.2.0 2009.01.04 - Prevx1 V2 2009.01.05 - Rising 21.10.62.00 2009.01.04 - SecureWeb-Gateway 6.7.6 2009.01.04 - Sophos 4.37.0 2009.01.05 - Sunbelt 3.2.1809.2 2008.12.22 - TheHacker 6.3.1.4.205 2009.01.05 - TrendMicro 8.700.0.1004 2009.01.04 - VBA32 3.12.8.10 2009.01.04 - ViRobot 2009.1.3.1541 2009.01.03 - VirusBuster 4.5.11.0 2009.01.04 - Information additionnelle File size: 249856 bytes MD5...: 5365986bd88284801b2e9099a1436574 SHA1..: d3d3982279b2172b0189c9e73afaf2d4861afdbf SHA256: abd1894cfba767db39f26ce0180fda3c95272013569572b8c106512c413f69d4 SHA512: 7ef79a08c963b96e45e4bd636668bca23259e3ab060a0e1c80d357882c74637e 73d4b8300bd4a28070e27fd80cadba7c6adbae282c4cd6c7dee2a898a74440e1 ssdeep: 6144:0ZIKgce2fzNn3mzSAj0UTp1bDQwZefWnwJIB:0Zvaj0UTp1XtV PEiD..: - TrID..: File type identification Win32 Executable Microsoft Visual Basic 6 (71.5%) Win32 Executable MS Visual C++ (generic) (21.3%) Win32 Executable Generic (4.8%) Generic Win/DOS Executable (1.1%) DOS Executable Generic (1.1%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4037e0 timedatestamp.....: 0x36fb7f82 (Fri Mar 26 12:37:22 1999) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x350ec 0x36000 6.00 2e908fa76d0554a5c14c50b724bdb060 .data 0x37000 0x5390 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rsrc 0x3d000 0x4edc 0x5000 3.53 5a00390dca08fbd73762cd18629c078f ( 1 imports ) > MSVBVM60.DLL: __vbaVarTstGt, __vbaVarSub, __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaVarVargNofree, __vbaFreeVar, __vbaLineInputStr, __vbaLenBstr, -, __vbaStrVarMove, -, -, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, -, -, _adj_fprem1, __vbaRecAnsiToUni, -, __vbaCopyBytes, __vbaResume, __vbaStrCat, __vbaRecDestruct, __vbaSetSystemError, __vbaNameFile, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaLateMemSt, -, __vbaForEachCollObj, __vbaBoolStr, __vbaExitProc, __vbaFileCloseAll, -, __vbaCyAdd, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaBoolVar, __vbaForEachCollVar, -, __vbaBoolVarNull, _CIsin, -, -, __vbaErase, __vbaLateMemStAd, __vbaNextEachCollObj, -, __vbaVarZero, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, -, __vbaCyI2, __vbaStrCmp, __vbaVarTstEq, __vbaCyI4, __vbaNextEachCollVar, __vbaPrintObj, __vbaI2I4, DllFunctionCall, __vbaVarOr, __vbaVarLateMemSt, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaR4Var, __vbaLateIdCallLd, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaNew, -, _CIsqrt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaFpCmpCy, __vbaVarMul, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, __vbaVarDiv, -, __vbaFPException, __vbaInStrVar, -, -, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, __vbaDateVar, -, __vbaI2Var, -, -, -, _CIlog, -, __vbaErrorOverflow, __vbaFileOpen, -, __vbaInStr, __vbaNew2, -, __vbaCyMulI2, _adj_fdiv_m32i, -, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, -, __vbaDerefAry1, _adj_fdivr_m32, __vbaPowerR8, -, _adj_fdiv_r, -, -, -, -, __vbaI4Var, __vbaAryLock, __vbaVarAdd, __vbaVarDup, __vbaStrToAnsi, __vbaFpI2, __vbaFpI4, __vbaVarCopy, -, __vbaVarLateMemCallLd, __vbaR8IntI2, __vbaLateMemCallLd, _CIatan, -, __vbaStrMove, __vbaCastObj, __vbaStrVarCopy, -, _allmul, __vbaLenVarB, __vbaLateIdSt, _CItan, -, __vbaAryUnlock, _CIexp, __vbaMidStmtBstr, -, __vbaFreeStr, __vbaFreeObj, - ( 0 exports ) ThreatExpert info: http://www.threatexpert.com/report.aspx?md...b2e9099a1436574

Bonjour Pear, Hier, j'ai oublié de connecter les clés USB. Je les ai fait ce matin et voici le rapport log.txt : ComboFix 09-02-10.03 - 2009-02-12 8:32:46.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.226 [GMT 1:00] Lancé depuis: c:\documents and settings\Demirel.TECBIOMEDICUS\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-12 au 2009-02-12 )))))))))))))))))))))))))))))))))))) . 2009-02-11 14:14 . 2009-02-11 14:15 <REP> d-------- C:\rsit 2009-02-11 11:42 . 2009-02-11 11:42 <REP> d-------- c:\program files\Trend Micro 2009-02-10 13:57 . 2009-02-10 13:57 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-02-10 13:55 . 2009-02-10 13:55 <REP> d-------- c:\windows\ERUNT 2009-02-10 13:46 . 2009-02-10 14:43 <REP> d-------- C:\SDFix 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Malwarebytes 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-10 10:18 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-10 10:18 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-06 13:58 . 2009-02-06 13:58 <REP> d-------- c:\program files\Prevx 2009-02-06 13:58 . 2009-02-06 13:58 21,512 --a------ c:\windows\system32\drivers\pxscan.sys 2009-02-06 13:57 . 2009-02-06 15:03 <REP> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-02-06 13:57 . 2009-02-06 13:57 71 --a------ c:\windows\wininit.ini 2009-02-05 17:05 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2009-02-05 17:04 . 2009-02-05 17:04 <REP> d-------- c:\program files\Panda Security 2009-01-28 07:58 . 2009-01-28 11:00 <REP> d-------- C:\DVD 2009-01-26 11:51 . 2009-01-26 11:51 27 --a------ c:\windows\SonySNCRZ25.ini 2009-01-22 16:43 . 2009-01-22 16:43 <REP> d-------- c:\program files\RealVNC . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-12 07:46 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\stickies 2009-02-12 07:45 --------- d-----w c:\program files\SysMetrix 2009-02-12 07:44 --------- d-----w c:\program files\PestPatrol 2009-02-10 08:10 --------- d-----w c:\program files\Island Top 9 2009-02-09 12:45 91,648 ----a-w c:\windows\Internet Logs\xDBB5.tmp 2009-02-09 07:35 6,705,664 ----a-w c:\windows\Internet Logs\xDBB4.tmp 2009-02-09 07:35 26,624 ----a-w c:\windows\Internet Logs\xDBB8.tmp 2009-02-09 06:47 6,781,952 ----a-w c:\windows\Internet Logs\xDBB0.tmp 2009-02-09 06:46 1,489,920 ----a-w c:\windows\Internet Logs\xDBB3.tmp 2009-02-09 06:44 --------- d-----w c:\program files\ScanSpyware v3.8.0.2 2009-02-06 13:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\U3 2009-02-05 15:22 --------- d-----w c:\program files\UltraVNC 2009-01-28 06:57 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-01-14 11:14 --------- d-----w c:\program files\Microsoft ActiveSync 2009-01-09 15:42 --------- d-----w c:\program files\INCU 2009-01-09 11:00 73,216 ----a-w c:\windows\ST6UNST.EXE 2009-01-09 11:00 249,856 ------w c:\windows\Setup1.exe 2009-01-09 07:34 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-22 15:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\dvdcss 2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-05 15:51 6,550,016 ----a-w c:\windows\Internet Logs\xDBAF.tmp 2008-12-05 15:51 48,640 ----a-w c:\windows\Internet Logs\xDBB1.tmp 2008-11-27 15:52 6,521,856 ----a-w c:\windows\Internet Logs\xDBAE.tmp 2008-11-27 15:51 20,992 ----a-w c:\windows\Internet Logs\xDBB2.tmp 2008-11-27 13:56 23,040 ----a-w c:\windows\Internet Logs\xDB149.tmp 2008-11-27 13:49 6,521,856 ----a-w c:\windows\Internet Logs\xDB148.tmp 2008-11-27 07:38 6,521,856 ----a-w c:\windows\Internet Logs\xDBAA.tmp 2008-11-27 07:32 229,888 ----a-w c:\windows\Internet Logs\xDBAB.tmp 2008-11-21 13:59 68,352 ----a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\GDIPFONTCACHEV1.DAT 2008-07-30 10:23 34,924 -c--a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\mdbu.bin 2005-03-02 07:26 560 -c--a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\ViewerApp.dat 2008-08-21 12:49 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082120080822\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-02-11_17.04.01.64 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-16 20:18:31 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll + 2008-10-16 20:18:31 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll + 2008-10-16 20:18:31 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll + 2008-10-16 20:18:31 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll + 2008-10-16 20:18:32 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll + 2008-10-16 13:12:20 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe + 2008-10-16 20:18:32 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll + 2008-10-16 20:18:32 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll + 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll + 2008-10-16 20:18:32 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll + 2008-10-16 20:18:32 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll + 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll + 2008-10-16 20:18:35 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll + 2008-10-16 20:18:35 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll + 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe + 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe + 2008-10-16 20:18:36 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll + 2008-10-16 20:18:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll + 2008-10-16 20:18:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll + 2008-12-13 06:37:56 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll + 2008-10-16 20:18:40 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll + 2008-10-16 20:18:40 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll + 2008-10-16 20:18:41 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll + 2008-10-16 20:18:41 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll + 2008-10-16 20:18:41 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll + 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll + 2008-10-16 20:18:41 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll + 2008-10-16 20:18:42 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll + 2008-10-16 20:18:42 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll + 2008-10-16 20:18:43 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll - 2008-10-16 20:18:31 124,928 ----a-w c:\windows\system32\advpack.dll + 2008-12-20 22:46:48 124,928 ----a-w c:\windows\system32\advpack.dll - 2008-10-16 20:18:31 124,928 -c----w c:\windows\system32\dllcache\advpack.dll + 2008-12-20 22:46:48 124,928 -c----w c:\windows\system32\dllcache\advpack.dll - 2008-10-16 20:18:31 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll + 2008-12-20 22:46:48 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll - 2008-10-16 20:18:31 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-12-20 22:46:48 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll - 2008-10-16 20:18:31 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll + 2008-12-20 22:46:49 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll - 2008-10-16 20:18:32 63,488 -c----w c:\windows\system32\dllcache\icardie.dll + 2008-12-20 22:46:49 63,488 -c----w c:\windows\system32\dllcache\icardie.dll - 2008-10-16 13:12:20 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe + 2008-12-19 09:11:12 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe - 2008-10-16 20:18:32 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll + 2008-12-20 22:46:49 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll - 2008-10-16 20:18:32 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll + 2008-12-20 22:46:49 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll - 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll + 2008-12-19 05:23:56 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll - 2008-10-16 20:18:32 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll + 2008-12-20 22:46:50 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll - 2008-10-16 20:18:32 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll + 2008-12-20 22:46:50 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll - 2008-10-16 20:18:35 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll + 2008-12-20 22:46:54 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll - 2008-10-16 20:18:35 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll + 2008-12-20 22:46:54 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll - 2008-10-16 20:18:35 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll + 2008-12-20 22:46:54 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll - 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe + 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe - 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe + 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe - 2008-10-16 20:18:36 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-12-20 22:46:56 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll - 2008-10-16 20:18:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll + 2008-12-20 22:46:56 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll - 2008-10-16 20:18:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll + 2008-12-20 22:46:57 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll - 2008-12-13 06:37:56 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll + 2009-01-16 20:15:42 3,594,752 -c--a-w c:\windows\system32\dllcache\mshtml.dll - 2008-10-16 20:18:40 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll + 2008-12-20 22:47:01 477,696 -c--a-w c:\windows\system32\dllcache\mshtmled.dll - 2008-10-16 20:18:40 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll + 2008-12-20 22:47:01 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll - 2008-10-16 20:18:41 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll + 2008-12-20 22:47:02 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll - 2008-10-16 20:18:41 102,912 -c----w c:\windows\system32\dllcache\occache.dll + 2008-12-20 22:47:02 102,912 -c----w c:\windows\system32\dllcache\occache.dll - 2008-10-16 20:18:41 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-12-20 22:47:02 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll - 2008-10-16 20:18:41 105,984 -c----w c:\windows\system32\dllcache\url.dll + 2008-12-20 22:47:02 105,984 -c----w c:\windows\system32\dllcache\url.dll - 2008-10-16 20:18:42 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll + 2008-12-20 22:47:03 1,160,192 -c--a-w c:\windows\system32\dllcache\urlmon.dll - 2008-10-16 20:18:42 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll + 2008-12-20 22:47:03 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll - 2008-10-16 20:18:43 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll + 2008-12-20 22:47:04 826,368 -c--a-w c:\windows\system32\dllcache\wininet.dll - 2008-10-16 20:18:31 347,136 ----a-w c:\windows\system32\dxtmsft.dll + 2008-12-20 22:46:48 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2008-10-16 20:18:31 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-12-20 22:46:48 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2008-10-16 20:18:31 133,120 ----a-w c:\windows\system32\extmgr.dll + 2008-12-20 22:46:49 133,120 ----a-w c:\windows\system32\extmgr.dll - 2008-10-16 20:18:32 63,488 ----a-w c:\windows\system32\icardie.dll + 2008-12-20 22:46:49 63,488 ----a-w c:\windows\system32\icardie.dll - 2008-10-16 13:12:20 70,656 ----a-w c:\windows\system32\ie4uinit.exe + 2008-12-19 09:11:12 70,656 ----a-w c:\windows\system32\ie4uinit.exe - 2008-10-16 20:18:32 153,088 ----a-w c:\windows\system32\ieakeng.dll + 2008-12-20 22:46:49 153,088 ----a-w c:\windows\system32\ieakeng.dll - 2008-10-16 20:18:32 230,400 ----a-w c:\windows\system32\ieaksie.dll + 2008-12-20 22:46:49 230,400 ----a-w c:\windows\system32\ieaksie.dll - 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll + 2008-12-19 05:23:56 161,792 ----a-w c:\windows\system32\ieakui.dll - 2008-10-16 20:18:32 383,488 ----a-w c:\windows\system32\ieapfltr.dll + 2008-12-20 22:46:50 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2008-10-16 20:18:32 384,512 ----a-w c:\windows\system32\iedkcs32.dll + 2008-12-20 22:46:50 384,512 ----a-w c:\windows\system32\iedkcs32.dll - 2008-10-16 20:18:35 6,066,176 ----a-w c:\windows\system32\ieframe.dll + 2008-12-20 22:46:54 6,066,688 ----a-w c:\windows\system32\ieframe.dll - 2008-10-16 20:18:35 44,544 ----a-w c:\windows\system32\iernonce.dll + 2008-12-20 22:46:54 44,544 ----a-w c:\windows\system32\iernonce.dll - 2008-10-16 20:18:35 267,776 ----a-w c:\windows\system32\iertutil.dll + 2008-12-20 22:46:54 267,776 ----a-w c:\windows\system32\iertutil.dll - 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe + 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2008-10-16 20:18:36 27,648 ----a-w c:\windows\system32\jsproxy.dll + 2008-12-20 22:46:56 27,648 ----a-w c:\windows\system32\jsproxy.dll - 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe + 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe - 2008-10-16 20:18:37 459,264 ----a-w c:\windows\system32\msfeeds.dll + 2008-12-20 22:46:56 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2008-10-16 20:18:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll + 2008-12-20 22:46:57 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2008-12-13 06:37:56 3,593,216 ----a-w c:\windows\system32\mshtml.dll + 2009-01-16 20:15:42 3,594,752 ----a-w c:\windows\system32\mshtml.dll - 2008-10-16 20:18:40 477,696 ----a-w c:\windows\system32\mshtmled.dll + 2008-12-20 22:47:01 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2008-10-16 20:18:40 193,024 ----a-w c:\windows\system32\msrating.dll + 2008-12-20 22:47:01 193,024 ----a-w c:\windows\system32\msrating.dll - 2008-10-16 20:18:41 671,232 ----a-w c:\windows\system32\mstime.dll + 2008-12-20 22:47:02 671,232 ----a-w c:\windows\system32\mstime.dll - 2008-10-16 20:18:41 102,912 ----a-w c:\windows\system32\occache.dll + 2008-12-20 22:47:02 102,912 ----a-w c:\windows\system32\occache.dll - 2008-10-16 20:18:41 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-12-20 22:47:02 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll + 2008-07-09 07:40:22 18,296 ------w c:\windows\system32\spmsg.dll - 2008-10-16 20:18:41 105,984 ----a-w c:\windows\system32\url.dll + 2008-12-20 22:47:02 105,984 ----a-w c:\windows\system32\url.dll - 2008-10-16 20:18:42 1,160,192 ----a-w c:\windows\system32\urlmon.dll + 2008-12-20 22:47:03 1,160,192 ----a-w c:\windows\system32\urlmon.dll - 2008-10-16 20:18:42 233,472 ----a-w c:\windows\system32\webcheck.dll + 2008-12-20 22:47:03 233,472 ----a-w c:\windows\system32\webcheck.dll + 2009-02-12 07:45:42 16,384 ----atw c:\windows\temp\Perflib_Perfdata_2dc.dat . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176] "MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480] "CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728] "SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-03-14 136512] "PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304] "Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514] "Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-04-01 693520] "Don't Panic!"="c:\program files\PANICWARE\DON'T_PANIC_FR!\DP.EXE" [2001-06-16 1384448] "OmniPage"="c:\program files\Caere\OmniPagePro90\opware32.exe" [1998-10-28 44032] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2004-09-14 684032] "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-05-17 36864] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe" [2006-11-14 1115336] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe" [2006-11-14 1852314] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-11-14 135168] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-11-10 49254] Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2004-11-10 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\program files\ffdshow\ffdshow.ax "msacm.avis"= c:\program files\ffdshow\ffdshow.ax "MSACM.CEGSM"= mobilev.acm "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "VIDC.MJPG"= pvmjpg21.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\stickies\\stickies.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Panicware\\Don't_Panic_FR!\\dp.exe"= "c:\\Program Files\\Island Top 9\\startup.exe"= "c:\\Program Files\\ICQLite\\ICQLite.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"= "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Jeyo Mobile Companion\\JeyoMobileCompanion.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\OUTLOOK.EXE"= "c:\\Program Files\\SOTI\\Pocket Controller-Professional\\PocketController.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [2008-02-07 17264] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-05 28544] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-06 21512] R0 snapman;Acronis Snapshots Manager;c:\windows\system32\drivers\snapman.sys [2008-07-30 99776] R0 timounter;Acronis True Image Backup Archive Explorer;c:\windows\system32\drivers\timntr.sys [2008-07-30 392320] R1 cdrbsdrv;cdrbsdrv;c:\windows\system32\drivers\cdrbsdrv.sys [2005-02-24 32256] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-05-11 59904] R1 P3;Pilote processeur Intel Pentium III;c:\windows\system32\drivers\p3.sys [2002-08-29 46848] R1 StarOpen;StarOpen;c:\windows\system32\drivers\StarOpen.sys [2008-05-07 5632] R2 AcrSch2Svc;Acronis Scheduler2 Service;c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2006-11-14 397312] R2 bgsvcgen;B's Recorder GOLD Library General Service;c:\windows\system32\bgsvcgen.exe [2008-10-28 86016] R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-06 4107832] R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2004-12-21 18240] R2 irda;Protocole IrDA;c:\windows\system32\drivers\irda.sys [2004-12-06 88192] R2 Irmon;Moniteur infrarouge;c:\windows\system32\svchost.exe -k netsvcs [2002-08-30 14336] R2 MGABGEXE;MGABGEXE;c:\windows\system32\mgabg.exe [2002-01-16 81920] R2 tifsfilter;Acronis True Image FS Filter;c:\windows\system32\drivers\tifsfilt.sys [2008-07-30 32768] R2 UleadBurningHelper;Ulead Burning Helper;c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2008-02-06 49152] R3 ASAPIW2k;ASAPIW2K;c:\windows\system32\drivers\asapiW2k.sys [2005-07-05 11264] R3 E100B;Pilote de carte Intel ® PRO;c:\windows\system32\drivers\e100b325.sys [2004-11-05 117760] R3 EntDrv51;EntDrv51;c:\windows\system32\drivers\entdrv51.sys [2007-11-26 8320] R3 G200;G200;c:\windows\system32\drivers\g200mini.sys [2004-09-14 260992] R3 Rasirda;Miniport réseau étendu (IrDA);c:\windows\system32\drivers\rasirda.sys [2004-12-06 19584] S1 cdrbsvsd;cdrbsvsd; [x] S2 KC180;IRXpress USB IrDA Device;c:\windows\system32\drivers\kcirusb.sys [2004-12-06 17904] S3 DWMRCS;DameWare Mini Remote Control;c:\windows\SYSTEM32\DWRCS.EXE -service --> c:\windows\SYSTEM32\DWRCS.EXE -service [?] S3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows\system32\drivers\KCIRNET.sys [2004-12-06 11856] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-10 38496] S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2004-04-14 20736] S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2008-07-16 299904] S3 MSIRCOMM;Microsoft IR Communications Driver;c:\windows\system32\drivers\msircomm.sys [2004-12-14 22016] S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2006-09-05 14468] S3 NdisIP;Connection TV/vidéo Microsoft;c:\windows\system32\drivers\ndisip.sys [2008-07-15 10880] S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [2008-07-15 311684] S3 SLIP;Détrameur décalage BDA;c:\windows\system32\drivers\slip.sys [2008-07-15 11136] S3 StillCam;Pilote d'appareil photo numérique série;c:\windows\system32\drivers\serscan.sys [2004-11-16 6912] S3 usb_rndisx;USB RNDIS Adapter;c:\windows\system32\drivers\usb8023x.sys [2004-08-04 12800] S3 wceusbsh;Windows CE USB Serial Host Driver;c:\windows\system32\drivers\wceusbsh.sys [2005-07-26 104576] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - ENTDRV51 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - pook.com \Shell\open\Command - pook.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b219df2-b21b-11dc-8ebc-0030050cc69f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3deebbb4-3797-11dd-8f31-0030050cc69f}] \Shell\AutoRun\command - iqe68o.bat \Shell\explore\Command - iqe68o.bat \Shell\open\Command - iqe68o.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94634aa0-89bd-11db-b106-0030050cc69f}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1156a8-c01c-11dc-8ecc-0030050cc69f}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256380-4679-11dc-969a-0030050cc69f}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256381-4679-11dc-969a-0030050cc69f}] \Shell\AutoRun\command - I:\hl80c6b1.com \Shell\open\Command - I:\hl80c6b1.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe089bd0-b628-11d9-9080-0030050cc69f}] \Shell\AutoRun\command - H:\hl80c6b1.com \Shell\open\Command - H:\hl80c6b1.com [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub . Contenu du dossier 'Tâches planifiées' 2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2005-10-17 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = 1 uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = hxxp://intranet uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: foto.com\be Trusted Zone: foto.com\www TCP: {34A93789-78F4-48BC-8CDF-09F7E9EBDA2A} = 192.168.162.5,192.168.162.3 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://asp.photoprintit.de/microsite/999/defaults/activex/ips/IPSUploader4.cab DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} - hxxp://xtraz.icq.com/xtraz/activex/MISBH.cab FF - ProfilePath - c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Mozilla\Firefox\Profiles\c5f7dco5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - component: c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Mozilla\Firefox\Profiles\c5f7dco5.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-12 08:42:25 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000004 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9e,84,09,44,17, 58,cd,de,a6,f3,14,71,8a,c5,9a,35,74,57,27,9b,54,d1,4d,40,a6,f3,14,71,8a,c5,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a2,fd,9d,69,45, a0,8f,fb,d0,98,d4,bd,0a,e6,79,92,32,ab,5f,41,f9,4f,b5,16,d0,98,d4,bd,0a,e6,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c1,a9,0f,f6,38, 6b,6b,c7,09,61,1a,a3,11,00,a2,ae,a9,e5,72,73,67,f7,f0,3a,09,61,1a,a3,11,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,5c,7a,1e,62,56, 5d,fb,cf,08,e7,68,d6,5c,b4,cd,f1,58,32,c0,f8,46,d9,77,ad,08,e7,68,d6,5c,b4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,25,05,16,9e,6c, 55,a2,d0,8d,be,12,1e,a1,91,16,6f,48,7d,e3,1e,ee,dc,4e,71,8d,be,12,1e,a1,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,23,d0,51,58,ff, e7,ff,8f,a3,c5,b5,43,94,bd,19,2e,ab,02,be,84,78,5c,1f,34,a3,c5,b5,43,94,bd,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c8,2e,87,ab,e7, de,c7,f0,b8,7b,c0,b9,09,14,fe,bc,cc,31,f7,7b,30,2e,3c,0a,b8,7b,c0,b9,09,14,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8e,a4,de,03,9d, 46,7f,4d,5d,43,4a,2f,77,91,33,47,55,7e,b7,69,06,3d,ce,6d,5d,43,4a,2f,77,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,65,26,17,1a,d2, 81,20,0d,7e,4b,89,21,03,b8,4e,43,45,ba,5d,9a,29,5a,f0,31,7e,4b,89,21,03,b8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,be,1b,47,66,db, 9d,e5,4c,06,f6,ae,ea,2d,07,2a,77,c5,ac,a4,5e,89,d4,5a,bf,06,f6,ae,ea,2d,07,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c1,a8,c5,5d,10, f3,67,f0,f7,e9,ec,6d,49,1d,94,58,a5,24,f1,6b,6a,d0,3f,2c,f7,e9,ec,6d,49,1d,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d3,6a,35,1f,89, 03,cc,cb,4d,88,5b,1b,af,d7,a0,d1,06,82,f8,4f,f7,b5,9a,12,4d,88,5b,1b,af,d7,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(952) c:\windows\system32\relog_ap.dll c:\windows\system32\EntApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Network Associates\Common Framework\FrameworkService.exe c:\program files\Network Associates\VirusScan\mcshield.exe c:\program files\Network Associates\VirusScan\vstskmgr.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Network Associates\Common Framework\naPrdMgr.exe c:\windows\system32\wwSecure.exe c:\program files\Network Associates\Common Framework\Mctray.exe c:\windows\system32\ntvdm.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\stickies\stickies.exe . ************************************************************************** . Heure de fin: 2009-02-12 8:55:08 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-12 07:54:39 ComboFix2.txt 2009-02-11 16:47:29 ComboFix3.txt 2009-02-11 16:09:14 Avant-CF: 8.060.502.016 octets libres Après-CF: 7,972,007,936 octets libres 504 --- E O F --- 2009-02-12 02:08:55

voici le rapport : ComboFix 09-02-10.03 - Ibrahim_Demirel 2009-02-11 16:44:33.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.511.234 [GMT 1:00] Lancé depuis: c:\documents and settings\Demirel.TECBIOMEDICUS\Bureau\ibeaux.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\mdm.exe E:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-11 au 2009-02-11 )))))))))))))))))))))))))))))))))))) . 2009-02-11 14:14 . 2009-02-11 14:15 <REP> d-------- C:\rsit 2009-02-11 11:42 . 2009-02-11 11:42 <REP> d-------- c:\program files\Trend Micro 2009-02-10 13:57 . 2009-02-10 13:57 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-02-10 13:55 . 2009-02-10 13:55 <REP> d-------- c:\windows\ERUNT 2009-02-10 13:46 . 2009-02-10 14:43 <REP> d-------- C:\SDFix 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Malwarebytes 2009-02-10 10:18 . 2009-02-10 10:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-10 10:18 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-10 10:18 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-06 13:58 . 2009-02-06 13:58 <REP> d-------- c:\program files\Prevx 2009-02-06 13:58 . 2009-02-06 13:58 21,512 --a------ c:\windows\system32\drivers\pxscan.sys 2009-02-06 13:57 . 2009-02-06 15:03 <REP> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI 2009-02-06 13:57 . 2009-02-06 13:57 71 --a------ c:\windows\wininit.ini 2009-02-05 17:05 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2009-02-05 17:04 . 2009-02-05 17:04 <REP> d-------- c:\program files\Panda Security 2009-01-28 07:58 . 2009-01-28 11:00 <REP> d-------- C:\DVD 2009-01-26 11:51 . 2009-01-26 11:51 27 --a------ c:\windows\SonySNCRZ25.ini 2009-01-22 16:43 . 2009-01-22 16:43 <REP> d-------- c:\program files\RealVNC . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-11 15:57 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\stickies 2009-02-11 15:56 --------- d-----w c:\program files\SysMetrix 2009-02-11 15:55 --------- d-----w c:\program files\PestPatrol 2009-02-10 08:10 --------- d-----w c:\program files\Island Top 9 2009-02-09 12:45 91,648 ----a-w c:\windows\Internet Logs\xDBB5.tmp 2009-02-09 07:35 6,705,664 ----a-w c:\windows\Internet Logs\xDBB4.tmp 2009-02-09 07:35 26,624 ----a-w c:\windows\Internet Logs\xDBB8.tmp 2009-02-09 06:47 6,781,952 ----a-w c:\windows\Internet Logs\xDBB0.tmp 2009-02-09 06:46 1,489,920 ----a-w c:\windows\Internet Logs\xDBB3.tmp 2009-02-09 06:44 --------- d-----w c:\program files\ScanSpyware v3.8.0.2 2009-02-06 13:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\U3 2009-02-05 15:22 --------- d-----w c:\program files\UltraVNC 2009-01-28 06:57 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-01-14 11:14 --------- d-----w c:\program files\Microsoft ActiveSync 2009-01-09 15:42 --------- d-----w c:\program files\INCU 2009-01-09 11:00 73,216 ----a-w c:\windows\ST6UNST.EXE 2009-01-09 11:00 249,856 ------w c:\windows\Setup1.exe 2009-01-09 07:34 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-22 15:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\dvdcss 2008-12-11 14:33 --------- d-----w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Canon 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-05 15:51 6,550,016 ----a-w c:\windows\Internet Logs\xDBAF.tmp 2008-12-05 15:51 48,640 ----a-w c:\windows\Internet Logs\xDBB1.tmp 2008-11-27 15:52 6,521,856 ----a-w c:\windows\Internet Logs\xDBAE.tmp 2008-11-27 15:51 20,992 ----a-w c:\windows\Internet Logs\xDBB2.tmp 2008-11-27 13:56 23,040 ----a-w c:\windows\Internet Logs\xDB149.tmp 2008-11-27 13:49 6,521,856 ----a-w c:\windows\Internet Logs\xDB148.tmp 2008-11-27 07:38 6,521,856 ----a-w c:\windows\Internet Logs\xDBAA.tmp 2008-11-27 07:32 229,888 ----a-w c:\windows\Internet Logs\xDBAB.tmp 2008-11-21 13:59 68,352 ----a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\GDIPFONTCACHEV1.DAT 2008-07-30 10:23 34,924 -c--a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\mdbu.bin 2005-03-02 07:26 560 -c--a-w c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\ViewerApp.dat 2008-08-21 12:49 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082120080822\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176] "MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "PPMemCheck"="c:\progra~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 148480] "CookiePatrol"="c:\progra~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 73728] "SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-03-14 136512] "PestPatrol Control Center"="c:\progra~1\PESTPA~1\PPControl.exe" [2004-11-15 98304] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304] "Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514] "Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2004-04-01 693520] "Don't Panic!"="c:\program files\PANICWARE\DON'T_PANIC_FR!\DP.EXE" [2001-06-16 1384448] "OmniPage"="c:\program files\Caere\OmniPagePro90\opware32.exe" [1998-10-28 44032] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Matrox Powerdesk"="c:\windows\system32\PDesk\PDesk.exe" [2004-09-14 684032] "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-05-17 36864] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe" [2006-11-14 1115336] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe" [2006-11-14 1852314] "Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-11-14 135168] "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Demirel\Menu D‚marrer\Programmes\D‚marrage\ Stickies.lnk - c:\program files\stickies\stickies.exe [2007-01-22 700416] c:\documents and settings\Demirel.TECBIOMEDICUS\Menu D‚marrer\Programmes\D‚marrage\ PopTray.lnk - c:\program files\PopTray\PopTray.exe [2006-09-16 1666048] Stickies.lnk - c:\program files\stickies\stickies.exe [2007-01-22 700416] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\program files\ffdshow\ffdshow.ax "msacm.avis"= c:\program files\ffdshow\ffdshow.ax "MSACM.CEGSM"= mobilev.acm "msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "VIDC.MJPG"= pvmjpg21.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\stickies\\stickies.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Panicware\\Don't_Panic_FR!\\dp.exe"= "c:\\Program Files\\Island Top 9\\startup.exe"= "c:\\Program Files\\ICQLite\\ICQLite.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\WinHTTrack\\WinHTTrack.exe"= "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Jeyo Mobile Companion\\JeyoMobileCompanion.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\OUTLOOK.EXE"= "c:\\Program Files\\SOTI\\Pocket Controller-Professional\\PocketController.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [2008-02-07 17264] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-05 28544] R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-06 21512] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-05-11 59904] R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [2004-12-21 18240] R3 G200;G200;c:\windows\system32\drivers\g200mini.sys [2004-09-14 260992] S2 KC180;IRXpress USB IrDA Device;c:\windows\system32\drivers\kcirusb.sys [2004-12-06 17904] S3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows\system32\drivers\KCIRNET.sys [2004-12-06 11856] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-02-10 38496] S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2004-04-14 20736] S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2008-07-16 299904] S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [2006-09-05 14468] S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [2008-07-15 311684] --- Autres Services/Pilotes en mémoire --- *Deregistered* - AcrSch2Svc *Deregistered* - ALG *Deregistered* - AudioSrv *Deregistered* - bgsvcgen *Deregistered* - Browser *Deregistered* - CryptSvc *Deregistered* - CSIScanner *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - dmserver *Deregistered* - Dnscache *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - helpsvc *Deregistered* - ImapiService *Deregistered* - Irmon *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - McAfeeFramework *Deregistered* - McShield *Deregistered* - McTaskManager *Deregistered* - MDM *Deregistered* - MGABGEXE *Deregistered* - Netlogon *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - PolicyAgent *Deregistered* - ProtectedStorage *Deregistered* - RasMan *Deregistered* - RemoteRegistry *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - srservice *Deregistered* - SSDPSRV *Deregistered* - stisvc *Deregistered* - TapiSrv *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - UleadBurningHelper *Deregistered* - vsmon *Deregistered* - W32Time *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - wwSecSvc *Deregistered* - WZCSVC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - pook.com \Shell\open\Command - pook.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{013271d8-f1dd-11dd-8fef-0030050cc69f}] \Shell\AutoRun\command - H:\a2h2.com \Shell\open\Command - H:\a2h2.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b219df2-b21b-11dc-8ebc-0030050cc69f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3deebbb4-3797-11dd-8f31-0030050cc69f}] \Shell\AutoRun\command - iqe68o.bat \Shell\explore\Command - iqe68o.bat \Shell\open\Command - iqe68o.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94634aa0-89bd-11db-b106-0030050cc69f}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1156a8-c01c-11dc-8ecc-0030050cc69f}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256380-4679-11dc-969a-0030050cc69f}] \Shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256381-4679-11dc-969a-0030050cc69f}] \Shell\AutoRun\command - I:\hl80c6b1.com \Shell\open\Command - I:\hl80c6b1.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe089bd0-b628-11d9-9080-0030050cc69f}] \Shell\AutoRun\command - H:\hl80c6b1.com \Shell\open\Command - H:\hl80c6b1.com [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub . Contenu du dossier 'Tâches planifiées' 2009-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2005-10-17 c:\windows\Tasks\XoftSpy.job - c:\program files\XoftSpy\XoftSpy.exe [] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe HKLM-Run-PestPatrolCL - (no file) MSConfigStartUp-WinVNC - c:\program files\UltraVNC\WinVNC.exe . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = 1 uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = hxxp://intranet uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: foto.com\be Trusted Zone: foto.com\www TCP: {34A93789-78F4-48BC-8CDF-09F7E9EBDA2A} = 192.168.162.5,192.168.162.3 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://asp.photoprintit.de/microsite/999/defaults/activex/ips/IPSUploader4.cab DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} - hxxp://xtraz.icq.com/xtraz/activex/MISBH.cab FF - ProfilePath - c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Mozilla\Firefox\Profiles\c5f7dco5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - component: c:\documents and settings\Demirel.TECBIOMEDICUS\Application Data\Mozilla\Firefox\Profiles\c5f7dco5.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-11 16:54:07 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync] "Name"="ActiveSync" "DisplayName"="Microsoft ActiveSync" "Param1"="ActiveSync" "Type"="wellknown" "Order"=dword:00000001 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings] "Name"="IESettings" "Type"="IESettings" "Order"=dword:00000004 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles] "Name"="MediaFiles" "Type"="MediaFiles" "Order"=dword:00000003 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW] "Name"="NPW" "Param1"="NPW" "Type"="wellknown" "Order"=dword:00000002 "State"=dword:0000000b [HKEY_USERS\S-1-5-21-1576148642-138444281-227697207-1062\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook] "Name"="Outlook" "DisplayName"="Microsoft Outlook" "Param1"="Outlook" "Type"="wellknown" "Order"=dword:00000000 "State"=dword:00000020 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,9e,84,09,44,17, 58,cd,de,a6,f3,14,71,8a,c5,9a,35,74,57,27,9b,54,d1,4d,40,a6,f3,14,71,8a,c5,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,a2,fd,9d,69,45, a0,8f,fb,d0,98,d4,bd,0a,e6,79,92,32,ab,5f,41,f9,4f,b5,16,d0,98,d4,bd,0a,e6,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c1,a9,0f,f6,38, 6b,6b,c7,09,61,1a,a3,11,00,a2,ae,a9,e5,72,73,67,f7,f0,3a,09,61,1a,a3,11,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,5c,7a,1e,62,56, 5d,fb,cf,08,e7,68,d6,5c,b4,cd,f1,58,32,c0,f8,46,d9,77,ad,08,e7,68,d6,5c,b4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,25,05,16,9e,6c, 55,a2,d0,8d,be,12,1e,a1,91,16,6f,48,7d,e3,1e,ee,dc,4e,71,8d,be,12,1e,a1,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,23,d0,51,58,ff, e7,ff,8f,a3,c5,b5,43,94,bd,19,2e,ab,02,be,84,78,5c,1f,34,a3,c5,b5,43,94,bd,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c8,2e,87,ab,e7, de,c7,f0,b8,7b,c0,b9,09,14,fe,bc,cc,31,f7,7b,30,2e,3c,0a,b8,7b,c0,b9,09,14,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,8e,a4,de,03,9d, 46,7f,4d,5d,43,4a,2f,77,91,33,47,55,7e,b7,69,06,3d,ce,6d,5d,43,4a,2f,77,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,65,26,17,1a,d2, 81,20,0d,7e,4b,89,21,03,b8,4e,43,45,ba,5d,9a,29,5a,f0,31,7e,4b,89,21,03,b8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,be,1b,47,66,db, 9d,e5,4c,06,f6,ae,ea,2d,07,2a,77,c5,ac,a4,5e,89,d4,5a,bf,06,f6,ae,ea,2d,07,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,c1,a8,c5,5d,10, f3,67,f0,f7,e9,ec,6d,49,1d,94,58,a5,24,f1,6b,6a,d0,3f,2c,f7,e9,ec,6d,49,1d,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,d3,6a,35,1f,89, 03,cc,cb,4d,88,5b,1b,af,d7,a0,d1,06,82,f8,4f,f7,b5,9a,12,4d,88,5b,1b,af,d7,\ . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(892) c:\windows\system32\relog_ap.dll c:\windows\system32\EntApi.dll - - - - - - - > 'explorer.exe'(1260) c:\windows\system32\EntApi.dll c:\program files\PANICWARE\DON'T_PANIC_FR!\DPHOOK32.DLL c:\windows\PANICNT.dll c:\program files\Caere\OmniPagePro90\ophook32.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe c:\windows\system32\bgsvcgen.exe c:\program files\Prevx\prevx.exe c:\program files\Network Associates\Common Framework\FrameworkService.exe c:\program files\Network Associates\VirusScan\mcshield.exe c:\program files\Network Associates\VirusScan\vstskmgr.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\mgabg.exe c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\system32\ZoneLabs\vsmon.exe c:\program files\Network Associates\Common Framework\naPrdMgr.exe c:\windows\system32\wwSecure.exe c:\program files\Prevx\prevx.exe c:\program files\Network Associates\Common Framework\Mctray.exe c:\windows\system32\ntvdm.exe c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe c:\progra~1\MI3AA1~1\rapimgr.exe . ************************************************************************** . Heure de fin: 2009-02-11 17:08:35 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-11 16:08:04 Avant-CF: 8.212.127.744 octets libres AprÞs-CF: 8,131,014,656 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn 412 --- E O F --- 2009-01-14 13:49:37

Premier fichier Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.73 2009.01.28 - AhnLab-V3 5.0.0.2 2009.01.28 - AntiVir 7.9.0.60 2009.01.28 - Authentium 5.1.0.4 2009.01.27 - Avast 4.8.1281.0 2009.01.27 - AVG 8.0.0.229 2009.01.28 - BitDefender 7.2 2009.01.28 - CAT-QuickHeal 10.00 2009.01.28 - ClamAV 0.94.1 2009.01.28 - Comodo 948 2009.01.27 - DrWeb 4.44.0.09170 2009.01.28 - eSafe 7.0.17.0 2009.01.27 - eTrust-Vet 31.6.6331 2009.01.28 - F-Prot 4.4.4.56 2009.01.27 - F-Secure 8.0.14470.0 2009.01.28 - Fortinet 3.117.0.0 2009.01.28 - GData 19 2009.01.28 - Ikarus T3.1.1.45.0 2009.01.28 - K7AntiVirus 7.10.607 2009.01.27 - Kaspersky 7.0.0.125 2009.01.28 - McAfee 5508 2009.01.27 - McAfee+Artemis 5508 2009.01.27 - Microsoft 1.4205 2009.01.28 - NOD32 3806 2009.01.28 - Norman 5.93.01 2009.01.27 - nProtect 2009.1.8.0 2009.01.28 - Panda 9.5.1.2 2009.01.27 - PCTools 4.4.2.0 2009.01.27 - Prevx1 V2 2009.01.28 - Rising 21.13.42.00 2009.01.23 - SecureWeb-Gateway 6.7.6 2009.01.28 - Sophos 4.37.0 2009.01.28 - Sunbelt 3.2.1835.2 2009.01.16 - Symantec 10 2009.01.28 - TheHacker 6.3.1.5.229 2009.01.26 - TrendMicro 8.700.0.1004 2009.01.28 - VBA32 3.12.8.11 2009.01.27 - ViRobot 2009.1.28.1579 2009.01.28 - VirusBuster 4.5.11.0 2009.01.27 - Information additionnelle File size: 1384448 bytes MD5...: 3e4938d84a2bddb1cb626e6c2340b0fd SHA1..: 889f193e14593d08dfc1a9402f625cc234552b24 SHA256: 577f02adfcc617aca69dfbe6f0949583b62a8c77262d1ed26141edf6a8dbcf02 SHA512: c2a0409810ea02bc7f51b736bc078fb57c3eef382536d1c54bc0c735f6576e47 b098b0037b11fc32c1e7341b1a5ce0c1144340904073e71949e08618c6f66142 ssdeep: 24576:fdDGO6/ZG06NuixCqS0aQIAyUP9PlWfRkFt:6PqOcIqPlWfC PEiD..: Armadillo v1.71 TrID..: File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40b50 timedatestamp.....: 0x41925b7e (Wed Nov 10 18:18:38 2004) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x6807f 0x69000 6.55 fee200ddae0b85be2613b758635ac540 .rdata 0x6a000 0x1565a 0x16000 4.49 b0ed8b2760081902080e11f0d13f19e9 .data 0x80000 0xabc8 0x7000 4.63 e3692db954fb59dacbcb90954cc7309c .rsrc 0x8b000 0xca560 0xcb000 7.26 cc2c846eb5f9f5830b608571e1a796c3 ( 16 imports ) > SHLWAPI.dll: PathAppendA, PathFileExistsA > WININET.dll: DeleteUrlCacheEntry, InternetOpenUrlA, InternetCloseHandle, InternetQueryDataAvailable, InternetReadFile, InternetOpenA > KERNEL32.dll: GetCurrentDirectoryA, GetTickCount, RtlUnwind, GetFileType, RaiseException, GetStartupInfoA, GetCommandLineA, ExitProcess, GetTimeZoneInformation, GetLocalTime, GetACP, ExitThread, HeapSize, HeapReAlloc, SetStdHandle, SetHandleCount, GetStdHandle, LCMapStringA, LCMapStringW, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetStringTypeA, GetStringTypeW, IsBadCodePtr, WritePrivateProfileStringA, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetProfileStringA, DeleteFileA, GetTempFileNameA, GetModuleFileNameA, GlobalFree, SizeofResource, LoadResource, FindResourceA, GlobalAlloc, SetCurrentDirectoryA, InterlockedDecrement, GetVersionExA, GetVersion, lstrlenA, lstrlenW, GetCPInfo, LockResource, lstrcmpiA, GetDriveTypeA, GetWindowsDirectoryA, FileTimeToSystemTime, FileTimeToLocalFileTime, FindClose, FindFirstFileA, GetFileAttributesA, SetFileAttributesA, FindNextFileA, RemoveDirectoryA, WaitForSingleObject, CopyFileA, CloseHandle, GetFileSize, CreateFileA, MulDiv, SetErrorMode, GetOEMCP, GetProcessVersion, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalAlloc, GetCurrentThread, IsBadReadPtr, IsBadWritePtr, GetThreadLocale, GetVolumeInformationA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, GetCurrentProcess, DuplicateHandle, lstrcmpA, SuspendThread, SetThreadPriority, ResumeThread, SystemTimeToFileTime, FormatMessageA, LocalFree, MultiByteToWideChar, InterlockedIncrement, GlobalLock, GlobalUnlock, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, GetModuleHandleA, ReadFile, lstrcpynA, GetFileTime, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, WriteFile, GetFullPathNameA, CreateThread, ResetEvent, CreateDirectoryA, TerminateThread, ExpandEnvironmentStringsA, CreateToolhelp32Snapshot, Process32First, Process32Next, GetSystemTime, GetComputerNameA, SetEvent, CreateEventA, Sleep, CreateProcessA, GetLastError, GetExitCodeProcess, HeapAlloc, HeapFree, WideCharToMultiByte, SetLastError, OpenProcess, GetProcAddress, TerminateProcess, GetTempPathA, GetSystemDirectoryA, lstrcatA, WinExec, lstrcpyA, LoadLibraryA, FreeLibrary, Beep > USER32.dll: RegisterClipboardFormatA, SetParent, GetNextDlgGroupItem, CopyAcceleratorTableA, CharNextA, SetCapture, GetDCEx, GetClassNameA, MapDialogRect, SetWindowContextHelpId, CharUpperA, SetRectEmpty, GetMessageA, ValidateRect, DestroyMenu, EndDialog, CreateDialogIndirectParamA, LoadStringA, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, IsWindowEnabled, ShowWindow, MoveWindow, SetWindowTextA, SetDlgItemTextA, EndPaint, BeginPaint, SendDlgItemMessageA, MapWindowPoints, SetActiveWindow, SetFocus, AdjustWindowRectEx, EqualRect, DeferWindowPos, SetScrollInfo, GetTopWindow, IsChild, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, DestroyWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowPos, IntersectRect, GetWindowPlacement, GetFocus, GetCursorPos, SetScrollPos, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DefDlgProcA, IsWindowUnicode, DestroyCursor, DestroyIcon, RegisterWindowMessageA, MessageBoxA, PostQuitMessage, IsWindowVisible, IsIconic, DrawIcon, GetSystemMenu, LoadIconA, PostThreadMessageA, LockWindowUpdate, GetWindowThreadProcessId, EnumWindows, LoadCursorA, CopyIcon, IsWindow, MessageBeep, SetWindowLongA, TrackPopupMenu, BringWindowToTop, GetMessagePos, ScreenToClient, KillTimer, ReleaseCapture, PtInRect, SetTimer, UpdateWindow, PeekMessageA, DispatchMessageA, IsDialogMessageA, TranslateMessage, GetWindowDC, SetWindowRgn, GrayStringA, GetSubMenu, TabbedTextOutA, GetSysColorBrush, GetMenuStringA, CreateMenu, CreatePopupMenu, GetMenuItemID, GetMenuState, ModifyMenuA, GetMenuItemCount, AppendMenuA, GetWindowLongA, SendMessageA, IsMenu, GetNextDlgTabItem, GetParent, SetCursor, InvalidateRect, GetActiveWindow, WindowFromPoint, ClientToScreen, PostMessageA, GetWindowRect, DrawFocusRect, InflateRect, CopyRect, GetClientRect, OffsetRect, DrawStateA, FillRect, GetSysColor, ReleaseDC, GetDC, CreateIconIndirect, GetIconInfo, LoadImageA, FrameRect, EnableWindow, CopyImage, LoadBitmapA, GetMenuItemInfoA, SetRect, DrawEdge, SystemParametersInfoA, DrawIconEx, DrawTextA, GetDesktopWindow, GetSystemMetrics, GetScrollInfo > GDI32.dll: ScaleViewportExtEx, SetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, GetTextExtentPoint32W, SelectClipRgn, ExcludeClipRect, IntersectClipRect, MoveToEx, LineTo, SetViewportExtEx, GetViewportExtEx, GetWindowExtEx, CreatePatternBrush, GetMapMode, SetRectRgn, CreateRectRgnIndirect, DPtoLP, StretchDIBits, GetCharWidthA, GetTextMetricsA, GetTextColor, LPtoDP, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetBkMode, RestoreDC, SaveDC, GetClipBox, GetCurrentObject, CreateFontIndirectA, CreateSolidBrush, CreatePen, GetBkMode, GetDeviceCaps, CreateFontA, GetObjectA, GetPixel, SetPixel, CreateBitmap, SelectObject, SetBkColor, CreateRoundRectRgn, GetDIBits, CreateRectRgn, CombineRgn, GetBkColor, StretchBlt, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetTextExtentPointA, CreateDIBitmap, PatBlt, CreateDIBSection, Ellipse, CreateCompatibleBitmap, GetStockObject, DeleteObject, SetTextColor, DeleteDC, BitBlt, CreateCompatibleDC, GetTextExtentPoint32A > comdlg32.dll: GetOpenFileNameA, GetFileTitleA, GetSaveFileNameA > WINSPOOL.DRV: ClosePrinter, OpenPrinterA, DocumentPropertiesA > ADVAPI32.dll: RegCloseKey, RegOpenKeyExA, RegQueryValueA, RegSetValueExA, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, RegEnumKeyA, RegOpenKeyA, GetUserNameA, RegQueryValueExA > SHELL32.dll: SHBrowseForFolderA, SHGetMalloc, SHGetPathFromIDListA, SHGetSpecialFolderPathA, ShellExecuteA, ShellExecuteExA > COMCTL32.dll: ImageList_GetIconSize, ImageList_ReplaceIcon, ImageList_GetIcon, ImageList_GetImageInfo, ImageList_Draw, ImageList_AddMasked, _TrackMouseEvent, ImageList_SetBkColor, ImageList_GetBkColor, -, ImageList_Destroy, ImageList_Create, ImageList_LoadImageA, ImageList_DrawIndirect, ImageList_GetImageCount > oledlg.dll: - > ole32.dll: CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CoTaskMemAlloc, CoTaskMemFree, CoFreeUnusedLibraries, CLSIDFromProgID, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, CoCreateInstance, OleRun, CreateStreamOnHGlobal, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, CoCreateGuid, CLSIDFromString > OLEPRO32.DLL: -, -, - > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, - > urlmon.dll: URLDownloadToCacheFileA > WINMM.dll: PlaySoundA ( 0 exports ) Deuxième fichier Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.11 - AhnLab-V3 5.0.0.2 2009.02.11 - AntiVir 7.9.0.76 2009.02.11 - Authentium 5.1.0.4 2009.02.11 - Avast 4.8.1335.0 2009.02.10 - AVG 8.0.0.229 2009.02.11 - BitDefender 7.2 2009.02.11 - CAT-QuickHeal 10.00 2009.02.11 - ClamAV 0.94.1 2009.02.11 - Comodo 974 2009.02.11 - DrWeb 4.44.0.09170 2009.02.11 - eSafe 7.0.17.0 2009.02.11 - eTrust-Vet 31.6.6350 2009.02.11 - F-Prot 4.4.4.56 2009.02.11 - F-Secure 8.0.14470.0 2009.02.11 - Fortinet 3.117.0.0 2009.02.11 - GData 19 2009.02.11 - Ikarus T3.1.1.45.0 2009.02.11 - K7AntiVirus 7.10.627 2009.02.11 - Kaspersky 7.0.0.125 2009.02.11 - McAfee 5522 2009.02.10 - McAfee+Artemis 5522 2009.02.10 - Microsoft 1.4306 2009.02.11 - NOD32 3846 2009.02.11 - Norman 6.00.02 2009.02.11 - nProtect 2009.1.8.0 2009.02.11 - Panda 10.0.0.10 2009.02.11 - PCTools 4.4.2.0 2009.02.11 - Prevx1 V2 2009.02.11 - Rising 21.16.22.00 2009.02.11 - SecureWeb-Gateway 6.7.6 2009.02.11 - Sophos 4.38.0 2009.02.11 - Sunbelt 3.2.1851.2 2009.02.11 - Symantec 10 2009.02.11 - TheHacker 6.3.1.85.252 2009.02.11 - TrendMicro 8.700.0.1004 2009.02.11 - VBA32 3.12.8.12 2009.02.11 - ViRobot 2009.2.11.1600 2009.02.11 - VirusBuster 4.5.11.0 2009.02.11 - Information additionnelle File size: 1817 bytes MD5...: c3cb3ee13a99744b6ee08727bdf677bd SHA1..: a6ba0fafa75f9e245e61661d81a6f91b2e7da511 SHA256: 96dadfccbe6cf4d00c487634befd75964edaac710d42706a8e02c74f6547e137 SHA512: efa1bac5b9df02fdd378316cd4500723a6f7d01e20733f00d0d2587390078510 02c3e048f3d3e5702f4ef2d0b5bf6a166db839fddac0a28497c90ed320ce9323 ssdeep: 48:XGmjShkZZAiMn5rg4YqSRZOPOyZppFlCaealJ:2EShKw5rg4bGOGyZppZ PEiD..: - TrID..: File type identification Generic INI configuration (100.0%) PEInfo: - Troisième fichier: Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.11 - AhnLab-V3 5.0.0.2 2009.02.11 - AntiVir 7.9.0.76 2009.02.11 - Authentium 5.1.0.4 2009.02.11 - Avast 4.8.1335.0 2009.02.10 - AVG 8.0.0.229 2009.02.11 - BitDefender 7.2 2009.02.11 - CAT-QuickHeal 10.00 2009.02.11 - ClamAV 0.94.1 2009.02.11 - Comodo 974 2009.02.11 - DrWeb 4.44.0.09170 2009.02.11 - eSafe 7.0.17.0 2009.02.11 - eTrust-Vet 31.6.6350 2009.02.11 - F-Prot 4.4.4.56 2009.02.11 - F-Secure 8.0.14470.0 2009.02.11 - Fortinet 3.117.0.0 2009.02.11 - GData 19 2009.02.11 - Ikarus T3.1.1.45.0 2009.02.11 - K7AntiVirus 7.10.627 2009.02.11 - Kaspersky 7.0.0.125 2009.02.11 - McAfee 5522 2009.02.10 - McAfee+Artemis 5522 2009.02.10 - Microsoft 1.4306 2009.02.11 - NOD32 3846 2009.02.11 - Norman 6.00.02 2009.02.11 - nProtect 2009.1.8.0 2009.02.11 - Panda 10.0.0.10 2009.02.11 - PCTools 4.4.2.0 2009.02.11 - Prevx1 V2 2009.02.11 - Rising 21.16.22.00 2009.02.11 - SecureWeb-Gateway 6.7.6 2009.02.11 - Sophos 4.38.0 2009.02.11 - Sunbelt 3.2.1851.2 2009.02.11 - Symantec 10 2009.02.11 - TheHacker 6.3.1.85.252 2009.02.11 - TrendMicro 8.700.0.1004 2009.02.11 - VBA32 3.12.8.12 2009.02.11 - ViRobot 2009.2.11.1600 2009.02.11 - VirusBuster 4.5.11.0 2009.02.11 - Information additionnelle File size: 71 bytes MD5...: 37aa1e187e7401ab0bbb081eed194981 SHA1..: ea7ed3bdd9a64bcc5cce047fab31bc66e4865ec5 SHA256: ddd517e0361562a9af767807e2eec19b553c6b3d151f65a90970e0084c0a3077 SHA512: c256791dd3bbacac8f99dd6b10a0db164bd0809d2c35f0415e5f7d2f9e0cb0b2 7d04776a80c3f8dbee46d30aaf54d5eb35b0ddd1c6e37701f7e2c2abf4dbc2d5 ssdeep: 3:dLhUrcm0bjOPzw3VRLE:du+jEIVRLE PEiD..: - TrID..: File type identification Generic INI configuration (100.0%) PEInfo: -

Pour mon PC Bureau voici le log.txt : Logfile of random's system information tool 1.05 (written by random/random) Run by Ibrahim_Demirel at 2009-02-11 14:14:30 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 8 GB (39%) free of 21 GB Total RAM: 511 MB (20% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:14:51, on 11/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Prevx\prevx.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mgabg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wwSecure.exe C:\Program Files\Prevx\prevx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\QTTask.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\SysMetrix\SysMetrix.exe C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\McTray.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE C:\Program Files\Caere\OmniPagePro90\opware32.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\PDesk\PDesk.exe C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\PopTray\PopTray.exe C:\Program Files\stickies\stickies.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Demirel.TECBIOMEDICUS\Bureau\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Ibrahim_Demirel.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://intranet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Don't Panic!] "C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE" O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Ibrahim_Demirel" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://be.foto.com O15 - Trusted Zone: www.foto.com O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226574099240 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://www.admincefig.dyndns.org/msrdp.cab O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://192.168.16.34/program/SonySncRz25View.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - http://asp.photoprintit.de/microsite/999/d...PSUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{34A93789-78F4-48BC-8CDF-09F7E9EBDA2A}: NameServer = 192.168.162.5,192.168.162.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINDOWS\SYSTEM32\DWRCS.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- End of file - 13077 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\XoftSpy.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar4.dll [2007-01-19 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-19 2436160] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720] "PestPatrolCL"= [] "PPMemCheck"=c:\PROGRA~1\PESTPA~1\PPMemCheck.exe [2003-04-19 148480] "CookiePatrol"=c:\PROGRA~1\PESTPA~1\CookiePatrol.exe [2005-01-10 73728] "SysMetrix"=C:\Program Files\SysMetrix\SysMetrix.exe [2006-02-25 2637824] "McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [2008-03-14 136512] "PestPatrol Control Center"=c:\PROGRA~1\PESTPA~1\PPControl.exe [2004-11-15 98304] "ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 98304] "Network Associates Error Reporting Service"=C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe [2003-10-07 147514] "Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2004-04-01 693520] "Don't Panic!"=C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE [2001-06-16 1384448] "OmniPage"=C:\Program Files\Caere\OmniPagePro90\opware32.exe [1998-10-28 44032] "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2004-03-10 406016] "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-29 196608] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Matrox Powerdesk"=C:\WINDOWS\system32\PDesk\PDesk.exe [2004-09-14 684032] "UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-05-17 36864] "TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe [2006-11-14 1115336] "AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe [2006-11-14 1852314] "Acronis Scheduler2 Service"=C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe [2006-11-14 135168] "OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2006-05-16 40960] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1211176] "MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2008-04-14 1695232] "OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2006-05-16 57344] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Index Washer"=C:\Program Files\Webroot\Washer\WashIdx.exe [2005-05-20 51200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC] C:\Program Files\UltraVNC\WinVNC.exe -servicehelper [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE C:\Documents and Settings\Demirel.TECBIOMEDICUS\Menu Démarrer\Programmes\Démarrage PopTray.lnk - C:\Program Files\PopTray\PopTray.exe Stickies.lnk - C:\Program Files\stickies\stickies.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\stickies\stickies.exe"="C:\Program Files\stickies\stickies.exe:*:Enabled:Stickies 4.5a" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Panicware\Don't_Panic_FR!\dp.exe"="C:\Program Files\Panicware\Don't_Panic_FR!\dp.exe:*:Enabled:Don't Panic!" "C:\Program Files\Island Top 9\startup.exe"="C:\Program Files\Island Top 9\startup.exe:*:Enabled: " "C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite" "C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows" "C:\Program Files\WinHTTrack\WinHTTrack.exe"="C:\Program Files\WinHTTrack\WinHTTrack.exe:*:Enabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes" "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" "C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Disabled:TrueVector Service" "C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe"="C:\Program Files\Sprite Software\Sprite Backup\SpriteService.exe:*:Enabled:Sprite Backup PC Service" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Microsoft Office\Office\WINWORD.EXE"="C:\Program Files\Microsoft Office\Office\WINWORD.EXE:*:Enabled:Microsoft Word for Windows" "C:\Program Files\Jeyo Mobile Companion\JeyoMobileCompanion.exe"="C:\Program Files\Jeyo Mobile Companion\JeyoMobileCompanion.exe:*:Enabled:Jeyo Mobile Companion" "C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE:*:Enabled:Microsoft Outlook" "C:\Program Files\SOTI\Pocket Controller-Professional\PocketController.exe"="C:\Program Files\SOTI\Pocket Controller-Professional\PocketController.exe:*:Enabled:Pocket Controller - Professional" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] shell\AutoRun\command - pook.com shell\open\command - pook.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{013271d8-f1dd-11dd-8fef-0030050cc69f}] shell\AutoRun\command - H:\a2h2.com shell\open\command - H:\a2h2.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b219df2-b21b-11dc-8ebc-0030050cc69f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3deebbb4-3797-11dd-8f31-0030050cc69f}] shell\AutoRun\command - iqe68o.bat shell\explore\command - iqe68o.bat shell\open\command - iqe68o.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94634aa0-89bd-11db-b106-0030050cc69f}] shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1156a8-c01c-11dc-8ecc-0030050cc69f}] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256380-4679-11dc-969a-0030050cc69f}] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8256381-4679-11dc-969a-0030050cc69f}] shell\AutoRun\command - I:\hl80c6b1.com shell\open\command - I:\hl80c6b1.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe089bd0-b628-11d9-9080-0030050cc69f}] shell\AutoRun\command - H:\hl80c6b1.com shell\open\command - H:\hl80c6b1.com ======List of files/folders created in the last 1 months====== 2009-02-11 14:14:30 ----D---- C:\rsit 2009-02-11 11:42:10 ----D---- C:\Program Files\Trend Micro 2009-02-10 13:55:11 ----D---- C:\WINDOWS\ERUNT 2009-02-10 13:46:22 ----D---- C:\SDFix 2009-02-10 10:18:36 ----D---- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\Malwarebytes 2009-02-10 10:18:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-02-10 10:18:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-02-06 13:58:26 ----D---- C:\Program Files\Prevx 2009-02-06 13:57:59 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2009-02-06 13:57:50 ----A---- C:\WINDOWS\wininit.ini 2009-02-06 09:44:06 ----A---- C:\WINDOWS\ntbtlog.txt 2009-02-05 17:04:14 ----D---- C:\Program Files\Panda Security 2009-02-05 15:25:36 ----HD---- C:\Config.Msi 2009-01-28 07:58:51 ----D---- C:\DVD 2009-01-26 11:51:39 ----A---- C:\WINDOWS\SonySNCRZ25.ini 2009-01-22 16:43:08 ----D---- C:\Program Files\RealVNC 2009-01-14 14:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ ======List of files/folders modified in the last 1 months====== 2009-02-11 14:10:50 ----D---- C:\WINDOWS\Temp 2009-02-11 14:05:38 ----D---- C:\Program Files\PestPatrol 2009-02-11 11:58:12 ----A---- C:\WINDOWS\wincmd.ini 2009-02-11 11:42:10 ----D---- C:\Program Files 2009-02-11 11:30:26 ----D---- C:\WINDOWS\system32 2009-02-11 10:43:08 ----D---- C:\WINDOWS\Prefetch 2009-02-11 09:43:34 ----D---- C:\WINDOWS\Internet Logs 2009-02-11 09:26:31 ----D---- C:\Program Files\SysMetrix 2009-02-11 08:33:42 ----A---- C:\WINDOWS\hpbafd.ini 2009-02-10 17:16:08 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-10 14:45:55 ----D---- C:\quarantine 2009-02-10 13:57:59 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-10 13:55:11 ----D---- C:\WINDOWS 2009-02-10 12:27:25 ----D---- C:\Program Files\Mozilla Firefox 2009-02-10 11:32:41 ----D---- C:\WINDOWS\system32\drivers 2009-02-10 09:10:26 ----D---- C:\Program Files\Island Top 9 2009-02-10 08:51:06 ----D---- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\stickies 2009-02-09 10:15:54 ----D---- C:\WINDOWS\system32\config 2009-02-09 10:12:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-02-09 10:11:45 ----SHD---- C:\WINDOWS\Installer 2009-02-09 10:05:57 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-02-09 09:29:09 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-09 08:45:34 ----SHD---- C:\WINDOWS\CSC 2009-02-09 08:14:43 ----HD---- C:\WINDOWS\inf 2009-02-09 07:44:11 ----D---- C:\Program Files\ScanSpyware v3.8.0.2 2009-02-06 14:33:42 ----D---- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\U3 2009-02-05 17:03:34 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-02-05 16:22:18 ----SD---- C:\Documents and Settings\Demirel.TECBIOMEDICUS\Application Data\Microsoft 2009-02-05 16:22:01 ----D---- C:\Program Files\UltraVNC 2009-02-05 16:11:11 ----SD---- C:\WINDOWS\system32\Microsoft 2009-02-05 15:29:30 ----D---- C:\WINDOWS\WinSxS 2009-02-04 16:22:38 ----AC---- C:\WINDOWS\NeroDigital.ini 2009-01-28 07:57:39 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2009-01-14 15:27:39 ----D---- C:\WINDOWS\Debug 2009-01-14 14:47:38 ----HD---- C:\WINDOWS\$hf_mig$ 2009-01-14 12:14:30 ----D---- C:\Program Files\Microsoft ActiveSync ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-11 32256] R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2007-11-26 59904] R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632] R2 DbgMsg;Debug Message; \??\C:\WINDOWS\System32\Drivers\DbgMsg.sys [] R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192] R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-07-30 32768] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R2 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-11 11264] R3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-23 117760] R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys [] R3 G200;G200; C:\WINDOWS\system32\DRIVERS\g200mini.sys [2004-09-14 260992] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2007-11-26 117024] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-11-07 14604] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-30 5888] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [] S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [] S2 KC180;IRXpress USB IrDA Device; C:\WINDOWS\System32\Drivers\kcirusb.sys [2001-10-04 17904] S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 KCIRDA;%KCIRDA.ServiceDesc%; C:\WINDOWS\system32\DRIVERS\KCIrNet.sys [2001-10-04 11856] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] S3 MosIrUsb;MosIrUsb.sys; C:\WINDOWS\system32\DRIVERS\MosIrUsb.sys [2004-04-14 20736] S3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP; C:\WINDOWS\system32\DRIVERS\MRVW225.sys [2007-07-05 299904] S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 MTK;Media Technology Kernel Driver; C:\WINDOWS\System32\Drivers\fide.sys [2006-09-05 14468] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 P1001VID;Creative WebCam (WDM); C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-06-03 311684] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-23 6912] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2006-11-14 397312] R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016] R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-02-06 4107832] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2008-03-14 103744] R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2007-11-26 221191] R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2007-11-26 29184] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120] R2 MGABGEXE;MGABGEXE; C:\WINDOWS\system32\mgabg.exe [2002-01-16 81920] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2004-04-01 824584] R2 wwSecSvc;Washer Security Access; C:\WINDOWS\system32\wwSecure.exe [2005-05-20 486400] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\SYSTEM32\DWRCS.EXE -service [] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- Et le fichier info.txt : info.txt logfile of random's system information tool 1.05 2009-02-11 14:15:09 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACDSee 8-->MsiExec.exe /I{DD54C6DE-B787-406D-A5A7-A49E0471E45B} Acer MP3 Flash Stick-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{025CAFA7-3EC5-4284-8D9C-F401CCCF7A06}\setup.exe" -l0x9 Acronis True Image Enterprise Server-->MsiExec.exe /X{378F9A62-061E-4368-AA0A-1BA004772E98} Acronis DriveCleanser-->C:\Program Files\Acronis\DriveCleanser\MediaBuilder.exe -uninstall Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop Elements-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll" Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} Adobe Reader for Pocket PC 2.0-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{291A772C-FFB9-4681-B720-AB2A0A620896} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} Akimania Crypto Polle 1.0-->"C:\Program Files\Akimania Crypto Polle\uninstall.exe" Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ArcSoft PhotoBase-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\ArcSoft\PhotoBase\Uninst.isu" Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe" AvantGo Client-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}\setup.exe" -l0x40c CP Calcul de Résistances 2.0-->C:\Program Files\Atlence\Calcul de Résistances 2.0\unins000.exe Canon PhotoRecord-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll" Canon ScanGear Toolbox 3.1-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3.1\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3.1\uninst.dll" CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe" Chinese Simplified Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003} Chinese Traditional Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003} Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Creative WebCam Driver (1.02.08.0807)-->C:\WINDOWS\CtDrvIns.exe -uninstall USB\VID_041E&PID_400D -plugin P1001Pin.dll -pluginres P1001Pin.crl DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" Editeur Foto.com 2.3-->"C:\Program Files\Foto.com\Editeur Foto.com\unins000.exe" ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe" FileMaker Pro 5.0-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\FileMaker\FileMaker Pro 5\System\DeIsL1.isu" GlobalDictio_PPC-->C:\Program Files\Microsoft ActiveSync\GlobalDictio_PPC\Uninstall.exe GlobalDictio_PPC Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll" Hide Folders XP 2.9.8 for Windows XP/Vista-->"C:\Program Files\Hide Folders XP 2\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" hp deskjet 970c series (Supprimer uniquement)-->C:\Program Files\hp deskjet 970c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=970c -huninstall ICQ 4.1-->C:\Program Files\ICQLite\ICQLiteUninstall.EXE ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x40c UNINSTALL INCU-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\INCU\ST6UNST.LOG" Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll" IRXpress USB IrDA-->"C:\Program Files\IRXpress\IRXpress USB IrDA\IsStub32.exe" -f"C:\Program Files\IRXpress\IRXpress USB IrDA\DeIsL1.isu" -c"C:\Program Files\IRXpress\IRXpress USB IrDA\_ISREG32.DLL" Island Top-->MsiExec.exe /I{E6BD7B38-E8B0-4868-B849-3302972EA64C} Ismap Inside-->"C:\WINDOWS\psuninst.exe" "C:\Program Files\Microsoft ActiveSync\Inside\uninst.dat" J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Jeyo Mobile Companion 1.1-->"C:\Program Files\Jeyo Mobile Companion\unins000.exe" Kasuei Hitchhiker-->MsiExec.exe /I{40335797-977B-481B-8660-9607986A5A18} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x40c Logiciel graphique Matrox (supprimer seulement)-->C:\WINDOWS\system32\PDesk\PDUninst.exe Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} MailNavigator v.1.11-->"C:\Program Files\MailNavigator\uninstall.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" McAfee VirusScan Enterprise-->MsiExec.exe /I{4DCA2739-9D16-4B55-808C-E72CD70A5BD3} McAfee VirusScan PDA 1.0-->MsiExec.exe /I{89D5D497-E449-4BAE-B0A5-1E13D73C6EE2} Microsoft .NET Compact Framework 1.0 SP3-->MsiExec.exe /I{7A0BAED2-066E-4B4F-8FA5-472A4655F4C2} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E} Microsoft Calculatrice Plus-->MsiExec.exe /I{13922F10-BD74-4912-AB11-E34B35062700} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft FrontPage Express-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\fpxpress.inf, Uninstall Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office XP Professional-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0050048383C9} Microsoft Outlook 2002-->MsiExec.exe /I{911A040C-6000-11D3-8CFE-0050048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Nero 7 Demo-->MsiExec.exe /I{6F9C0903-4311-4619-7B30-F1E19CF11036} OLYMPUS Master-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1036 /zUNINSTALL OmniPage Pro 9.0-->C:\Program Files\Caere\OmniPagePro90\Deinstall.exe "C:\Program Files\Caere\OmniPagePro90\uninstall.exe -f'C:\Program Files\Caere\OmniPagePro90\DeIsL1.isu'" OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Paint Shop Pro 6.0 (CD-ROM)-->C:\PROGRA~1\PAINTS~1\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe Pinnacle Instant PhotoAlbum-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A835519A-4EFC-4554-9D61-0BB4FC54D81B}\Setup.exe" -l0x40c UNINSTALL Pocket Controller-Professional-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}\Setup.exe" -l0x9 UNINSTALL pocket Theme Manager 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4CCBA3A8-A938-4300-9E40-3018EA1FCBEE}\setup.exe" -l0x40c Poi Edit v4.5.1-->C:\PROGRA~1\DNOTES~1\POIEDI~1\UNWISE.EXE C:\PROGRA~1\DNOTES~1\POIEDI~1\INSTALL.LOG PoiEdit-->C:\PROGRA~1\DNOTES~1\POIEDI~1\UNWISE.EXE C:\PROGRA~1\DNOTES~1\POIEDI~1\INSTALL.LOG PopTray 3.20-->C:\Program Files\PopTray\Uninstall.exe Prevx CSI-->"C:\Program Files\Prevx\prevx.exe" /prop UNINSTALL=Y P-touch Editor 3.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\brother\Ptouch32\Uninst.isu" QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Real Alternative 1.43-->"C:\Program Files\Real Alternative\unins000.exe" Scan Manager 5.2-->MsiExec.exe /I{E0A1559B-9886-11D4-8D06-0050DA284A39} ScanSpyware v3.8.0.2-->"C:\Program Files\ScanSpyware v3.8.0.2\unins000.exe" SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Sony Ericsson Communications Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8BC806D-0703-11D4-BB23-006008676AF8}\Setup.exe" -l0x40c -l040c --remove=y Sony Ericsson Image Editor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05E9F134-07C9-4249-9B80-EE5D975F201B}\setup.exe" -l0x40c -l040c --remove=y Sony Ericsson MMS Home Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9462C4AD-D6C4-4365-B4AD-BFE0B1E216C3}\setup.exe" -l0x40c -l040c --remove=y Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL Spb Backup-->C:\Program Files\Microsoft ActiveSync\Spb Backup\Uninstall.exe Spb Backup Spb Brain Evolution-->C:\Program Files\Microsoft ActiveSync\Spb Brain Evolution\Uninstall.exe Spb Brain Evolution Spb Bubbles VGA-->C:\Program Files\Microsoft ActiveSync\SpbBubbles\Uninstall.exe Spb Bubbles VGA Spb Bubbles-->C:\Program Files\Microsoft ActiveSync\SpbBubbles\Uninstall.exe Spb Bubbles Spb Diary-->C:\Program Files\Microsoft ActiveSync\Spb Diary\Uninstall.exe Spb Diary Spb Imageer-->C:\Program Files\Microsoft ActiveSync\Spb Imageer\Uninstall.exe Spb Imageer Spb Mobile Shell-->C:\Program Files\Microsoft ActiveSync\SpbMobileShell\Uninstall.exe Spb Mobile Shell Spb Pocket Plus-->C:\Program Files\Microsoft ActiveSync\Spb Pocket Plus\Uninstall.exe Spb Pocket Plus Spb Weather-->C:\Program Files\Microsoft ActiveSync\Spb Weather\Uninstall.exe Spb Weather Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Stickies 6.0a-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 6.0a SysMetrix 3.41-->C:\Program Files\SysMetrix\uninst.exe Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe Ulead VideoStudio 10-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\setup.exe" -l0x40c Ultr@VNC Release 1.0.0 RC 18 - Win32-->"C:\Program Files\UltraVNC\unins000.exe" vixy converter uninstall-->"C:\Program Files\vixy.net\unins000.exe" VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe" Window Washer-->C:\WINDOWS\Unwash6.exe Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinHTTrack Website Copier 3.33-->"C:\Program Files\WinHTTrack\unins000.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ZoneAlarm Pro-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe ======Hosts File====== 127.0.0.1 localhost System event log Computer Name: TECH2_NEO Event Code: 8033 Message: L'explorateur a forcé une élection sur le réseau \Device\NetBT_Tcpip_{03079138-9E80-4BB3-BC14-355D04EF85BB} car un maître explorateur a été arrêté. Record Number: 4284 Source Name: BROWSER Time Written: 20090202083748.000000+060 Event Type: information User: Computer Name: TECH2_NEO Event Code: 7036 Message: Le service VNC Server Version 4 est entré dans l'état : arrêté. Record Number: 4283 Source Name: Service Control Manager Time Written: 20090202082140.000000+060 Event Type: information User: Computer Name: TECH2_NEO Event Code: 7035 Message: Un contrôle Arrêter a correctement été envoyé au service VNC Server Version 4. Record Number: 4282 Source Name: Service Control Manager Time Written: 20090202082140.000000+060 Event Type: information User: TECBIOMEDICUS\Ibrahim_Demirel Computer Name: TECH2_NEO Event Code: 7036 Message: Le service HTTP SSL est entré dans l'état : en cours d'exécution. Record Number: 4281 Source Name: Service Control Manager Time Written: 20090202081850.000000+060 Event Type: information User: Computer Name: TECH2_NEO Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service HTTP SSL. Record Number: 4280 Source Name: Service Control Manager Time Written: 20090202081850.000000+060 Event Type: information User: TECBIOMEDICUS\Ibrahim_Demirel Application event log Computer Name: TECH2_NEO Event Code: 257 Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041970.vbs\A0041970.vbs est infecté par le virus VBS/IE-Title (Virus). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de) Record Number: 15314 Source Name: Alert Manager Event Interface Time Written: 20080813100856.000000+120 Event Type: error User: Computer Name: TECH2_NEO Event Code: 257 Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041952.inf\A0041952.inf est infecté par le virus Generic!atr (Cheval de Troie). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de) Record Number: 15313 Source Name: Alert Manager Event Interface Time Written: 20080813100856.000000+120 Event Type: error User: Computer Name: TECH2_NEO Event Code: 257 Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041951.vbs\A0041951.vbs est infecté par le virus VBS/IE-Title (Virus). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de) Record Number: 15312 Source Name: Alert Manager Event Interface Time Written: 20080813100856.000000+120 Event Type: error User: Computer Name: TECH2_NEO Event Code: 257 Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041933.inf\A0041933.inf est infecté par le virus Generic!atr (Cheval de Troie). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de) Record Number: 15311 Source Name: Alert Manager Event Interface Time Written: 20080813100855.000000+120 Event Type: error User: Computer Name: TECH2_NEO Event Code: 257 Message: VirusScan Enterprise: Le fichier h:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP76\A0041932.vbs\A0041932.vbs est infecté par le virus VBS/IE-Title (Virus). Détecté à l'aide du moteur d'analyse 5200, version des fichiers DAT 5359.(ordinateur source TECH2_NEO, adresse IP 192.168.22.17, utilisateur Ibrahim_Demirel, exécution de VirusScan Enter 8.0 - Analyse à la de) Record Number: 15310 Source Name: Alert Manager Event Interface Time Written: 20080813100855.000000+120 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\Samsung\Samsung PC Studio 3\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0803 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip -----------------EOF-----------------

Voici le rapport de Toolscleaner : [ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Combofix.txt: trouvé ! C:\SDFIX: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\Ibo\Bureau\SdFix.exe: trouvé ! C:\Documents and Settings\Ibo\Bureau\HijackThis.lnk: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\Ibo\Bureau\SdFix.exe: supprimé ! C:\Documents and Settings\Ibo\Bureau\HijackThis.lnk: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\SDFIX: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé !

Merci pour l'aide, je ne serais pas arrivé seul. Sans vouloir abusé de votre gentilesse, pourriez-vous me dire si je peux appliquer cette procédure à mon pc de bureau? J'ai le même problème que sur mon portable. Voici le rapport d'HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:44:52, on 11/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Prevx\prevx.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mgabg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wwSecure.exe C:\Program Files\Prevx\prevx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\QTTask.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\SysMetrix\SysMetrix.exe C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\McTray.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE C:\Program Files\Caere\OmniPagePro90\opware32.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\PDesk\PDesk.exe C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\PopTray\PopTray.exe C:\Program Files\stickies\stickies.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://intranet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [sysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Don't Panic!] "C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE" O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Ibrahim_Demirel" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PopTray.lnk = C:\Program Files\PopTray\PopTray.exe O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://be.foto.com O15 - Trusted Zone: www.foto.com O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader5.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1226574099240 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://www.admincefig.dyndns.org/msrdp.cab O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://192.168.16.34/program/SonySncRz25View.cab O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - http://asp.photoprintit.de/microsite/999/d...PSUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{34A93789-78F4-48BC-8CDF-09F7E9EBDA2A}: NameServer = 192.168.162.5,192.168.162.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = erasme.ulb.ac.be O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINDOWS\SYSTEM32\DWRCS.EXE (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- End of file - 12891 bytes

Slt, Je trouve que le PC va mieux, il ne me fait pas des trucs bizarre et surtout moins lent que d'habitude. Que me conseillé vous comme antivirus? G Data et en période d'évaluation sur mon PC, j'utilisais McAfee ver 8.0 i, antivirus du boulot, mais il 'a rien vu venir...

Désinstallation d'Avast effectué. Avant le problème, je n'arrivais pas à afficher les dossiers et fichiers cachées dans l'option des Dossiers en allant dans poste de travail/outils/options des dossiers/onglet affichage, j'activais l'option afficher les fichiers cachées et quand je retournais voir et l'option se désactivais tout seul. Voici le rapport: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:07:35, on 11/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\AntiVirus\Webfilter\AVKWebIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\AntiVirus\Webfilter\AVKWebIE.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [Don't Panic!] "C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Verrouillage des périphériques / Audition HP ProtectTools (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 12299 bytes

J'ai lancé une détection via l'antivirus G DATA et il a trouvé un Trojan.AutorunINF.GEN dans le fichier autorun.inf.vir Il a été mis en quantaine dans C\Qoobox \Quarantaine

Bonjour, Voici le rapport avec un peu de retard, je n'ai pas Internet à la maison. ComboFix 09-02-08.02 - ibo 2009-02-10 19:40:26.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1015.369 [GMT 1:00] Lancé depuis: c:\documents and settings\Ibo\Bureau\ibeaux.exe AV: avast! antivirus 4.8.1335 [VPS 090209-0] *On-access scanning enabled* (Updated) AV: G DATA AntiVirus *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-10 au 2009-02-10 )))))))))))))))))))))))))))))))))))) . 2009-02-10 12:13 . 2009-02-10 12:12 109,006 -r-hs---- C:\2aaxaiy.exe 2009-02-10 11:59 . 2009-02-10 11:59 <REP> d-------- c:\windows\ERUNT 2009-02-10 11:55 . 2009-02-10 12:07 <REP> d-------- C:\SDFix 2009-02-09 14:48 . 2009-02-09 14:48 <REP> d-------- c:\windows\Sun 2009-02-09 14:47 . 2009-02-09 14:47 <REP> d-------- c:\program files\Java 2009-02-09 14:47 . 2009-02-09 14:47 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-09 14:47 . 2009-02-09 14:47 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-09 12:06 . 2009-02-09 13:04 68,424 --a------ c:\windows\system32\drivers\GRD.sys 2009-02-09 11:58 . 2009-02-09 12:54 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys 2009-02-09 11:57 . 2009-02-09 12:02 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA 2009-02-09 11:57 . 2009-02-09 12:54 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys 2009-02-09 11:57 . 2009-02-09 12:54 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys 2009-02-09 11:56 . 2009-02-09 11:56 <REP> d-------- c:\program files\G DATA 2009-02-09 11:56 . 2009-02-09 11:57 <REP> d-------- c:\program files\Fichiers communs\G DATA 2009-02-06 15:04 . 2009-02-06 15:38 <REP> d-------- c:\windows\BDOSCAN8 2009-02-05 16:23 . 2009-02-05 16:23 <REP> d-------- c:\program files\Trend Micro 2009-02-05 15:41 . 2009-02-05 15:41 <REP> d-------- c:\program files\Panda Security 2009-02-05 15:41 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2009-02-05 07:14 . 2009-02-05 07:14 <REP> d-------- C:\spoolerlogs 2009-02-04 10:39 . 2009-02-04 10:39 <REP> d-------- c:\documents and settings\Ibo\Application Data\McAfee 2009-02-04 10:09 . 2009-02-04 10:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-02-04 10:05 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2009-02-04 09:57 . 2009-02-04 09:57 <REP> d-------- c:\windows\system32\XPSViewer 2009-02-04 09:57 . 2009-02-04 09:57 <REP> d-------- c:\program files\Reference Assemblies 2009-02-04 09:57 . 2009-02-04 09:57 <REP> d-------- c:\program files\MSBuild 2009-02-04 09:56 . 2009-02-04 10:09 <REP> d-------- c:\windows\SxsCaPendDel 2009-02-04 09:56 . 2009-02-04 09:56 <REP> d-------- C:\273d0fdf73ed8139dd438565a6df583c 2009-02-04 09:56 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll 2009-02-04 09:56 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll 2009-02-04 09:56 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-02-04 09:56 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll 2009-02-04 09:56 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll 2009-02-04 09:56 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll 2009-02-04 09:56 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-02-02 15:33 . 2009-02-02 15:33 <REP> d-------- c:\program files\Spybot - Search & Destroy 2009-02-02 15:33 . 2009-02-03 07:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-02 15:06 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-02-02 14:26 . 2009-02-09 14:48 <REP> d-------- c:\documents and settings\Ibo\.housecall6.6 2009-01-27 14:37 . 2009-01-27 14:37 <REP> d-------- c:\program files\SystemRequirementsLab 2009-01-27 11:53 . 2009-02-09 08:04 512 --a------ c:\windows\randseed.rnd 2009-01-27 11:48 . 2009-01-27 11:48 <REP> d-------- c:\program files\Fichiers communs\Cisco Systems 2009-01-23 12:49 . 2009-01-23 12:49 <REP> d-------- c:\program files\RealVNC 2009-01-23 12:49 . 2008-10-14 01:03 20,992 --a------ c:\windows\system32\vncmirror.dll 2009-01-23 12:49 . 2008-10-14 01:03 4,608 --a------ c:\windows\system32\drivers\vncmirror.sys 2009-01-20 12:16 . 2009-01-20 12:16 <REP> d-------- c:\program files\Webroot 2009-01-20 12:16 . 2009-01-20 12:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Webroot 2009-01-20 12:15 . 2009-01-20 12:15 <REP> d--h----- c:\windows\PIF 2009-01-16 11:59 . 2009-01-16 11:59 <REP> d-------- c:\documents and settings\Ibo\Application Data\MyDataZone 2009-01-15 22:07 . 2009-01-15 22:07 <REP> d-------- c:\documents and settings\Ibo\Application Data\Windows Search 2009-01-12 16:21 . 2009-01-12 16:21 <REP> d-------- c:\program files\CDex_150 2009-01-12 13:07 . 2009-01-12 13:07 18,440 --a------ c:\documents and settings\Ibo\Application Data\GDIPFONTCACHEV1.DAT 2009-01-12 09:29 . 2001-08-23 17:04 12,288 --a------ c:\windows\system32\drivers\mouhid.sys 2009-01-12 09:29 . 2001-08-23 17:04 12,288 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2009-01-12 09:29 . 2008-04-13 19:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-01-12 09:29 . 2008-04-13 19:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-10 11:55 --------- d-----w c:\documents and settings\Ibo\Application Data\U3 2009-01-20 11:16 --------- d-----w c:\program files\Fichiers communs\Webroot Shared 2009-01-20 11:16 --------- d-----w c:\documents and settings\Ibo\Application Data\Webroot 2009-01-19 08:56 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-01-15 11:38 --------- d-----w c:\documents and settings\Ibo\Application Data\Wireshark 2009-01-09 18:07 --------- d-----w c:\documents and settings\Ibo\Application Data\dvdcss 2009-01-09 11:45 --------- d-----w c:\program files\Real 2009-01-09 11:45 --------- d-----w c:\program files\Fichiers communs\xing shared 2009-01-09 11:45 --------- d-----w c:\program files\Fichiers communs\Real 2009-01-09 09:41 --------- d-----w c:\program files\Audacity 2009-01-06 10:59 --------- d-----w c:\program files\SeaStorm 3D Screensaver 2009-01-06 07:50 --------- d-----w c:\program files\Dream Aquarium 2009-01-01 13:52 --------- d-----w c:\program files\Weight Watchers 2008-12-31 13:07 --------- d-----w c:\program files\Panicware 2008-12-31 12:14 --------- d-----w c:\program files\Wireshark 2008-12-31 12:12 --------- d-----w c:\program files\WinPcap 2008-12-26 12:03 --------- d-----w c:\program files\Microsoft Silverlight 2008-12-26 10:58 --------- d-----w c:\program files\Microsoft ActiveSync 2008-12-26 09:23 --------- d-----w c:\program files\Hide Folders XP 2 2008-12-23 14:28 --------- d-----w c:\documents and settings\Ibrahim_Demirel\Application Data\vlc 2008-12-23 11:33 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-23 11:33 --------- d-----w c:\program files\Windows Live 2008-12-23 11:33 --------- d-----w c:\program files\Microsoft 2008-12-23 11:27 --------- d-----w c:\program files\Fichiers communs\Windows Live 2008-12-22 10:35 --------- d-----w c:\documents and settings\Ibo\Application Data\Ahead 2008-12-22 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead 2008-12-22 10:29 --------- d-----w c:\program files\Fichiers communs\Ahead 2008-12-22 10:27 --------- d-----w c:\program files\Windows Sidebar 2008-12-22 10:27 --------- d-----w c:\program files\Nero 2008-12-22 10:27 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2008-12-22 08:53 --------- d-----w c:\program files\Hewlett-Packard 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((( SnapShot@2009-02-10_13.05.46.40 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-10 18:44:05 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_450.dat + 2009-02-10 18:44:02 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_748.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-27 39408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-09 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-09 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-09 150040] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328] "Don't Panic!"="c:\program files\PANICWARE\DON'T_PANIC_FR!\DP.EXE" [2001-06-16 1384448] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-09 185872] "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\AntiVirus\AVKTray\AVKTray.exe" [2008-11-24 958024] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-09 136600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2008-05-13 15:39 85504 c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2007-06-08 09:04 49152 c:\windows\system32\DeviceNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Panicware\\Don't_Panic_FR!\\dp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [2008-12-26 17264] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-05 28544] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-09 114768] R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-02-09 68424] R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [2004-08-05 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-09 20560] R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904] R2 AVKService;Planificateur G DATA;c:\program files\G DATA\AntiVirus\AVK\AVKService.exe [2008-09-08 386120] R2 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\AntiVirus\AVK\AVKWCtl.exe [2008-08-14 1185496] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-02-09 51016] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2009-01-20 598856] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-25 193840] R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-02-09 48712] R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-02-09 32328] R3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2007-07-17 35072] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-07-24 41216] S2 ASBroker;Courtier de session de connexion;c:\windows\System32\svchost.exe -k Cognizance [2004-08-05 14336] S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2008-11-27 30008] S3 FLCDLOCK;Verrouillage des périphériques / Audition HP ProtectTools;c:\windows\system32\flcdlock.exe [2007-06-08 172131] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9e75285-d57a-11dd-b546-001a4b7267b1}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contenu du dossier 'Tâches planifiées' 2009-02-10 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04] 2009-02-10 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.be/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: internet Trusted Zone: mcafee.com DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-10 19:49:28 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1000) c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\ocgina.dll c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\HPBrand.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\ItMsg.dll c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\AuthWiz.dll c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\TpmAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL c:\program files\Hewlett-Packard\IAM\bin\FRA\ittalsnap.DLL c:\program files\Hewlett-Packard\IAM\bin\FRA\TokenAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\BioAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll c:\windows\system32\xenroll.dll c:\windows\system32\DeviceNP.dll - - - - - - - > 'lsass.exe'(1056) c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\scardsvr.exe c:\windows\system32\agrsmsvc.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\searchindexer.exe c:\windows\system32\wbem\wmiapsrv.exe c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe c:\windows\system32\igfxsrvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\progra~1\MICROS~3\rapimgr.exe . ************************************************************************** . Heure de fin: 2009-02-10 19:51:34 - La machine a redémarré [ibo] ComboFix-quarantined-files.txt 2009-02-10 18:51:30 ComboFix2.txt 2009-02-10 12:07:03 Avant-CF: 20,312,416,256 octets libres Après-CF: 20,299,079,680 octets libres 274 --- E O F --- 2009-01-14 13:16:55

Il y a plusieurs fichier dans le répertoire en question, les voici: Désolé pour le contre temps, un peu occupé avec le boulot. Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.10 - AhnLab-V3 5.0.0.2 2009.02.10 - AntiVir 7.9.0.76 2009.02.10 - Authentium 5.1.0.4 2009.02.10 - Avast 4.8.1335.0 2009.02.09 - AVG 8.0.0.229 2009.02.09 - BitDefender 7.2 2009.02.10 - CAT-QuickHeal 10.00 2009.02.10 - ClamAV 0.94.1 2009.02.10 - Comodo 972 2009.02.09 - DrWeb 4.44.0.09170 2009.02.10 - eSafe 7.0.17.0 2009.02.09 - eTrust-Vet 31.6.6348 2009.02.10 - F-Prot 4.4.4.56 2009.02.09 - F-Secure 8.0.14470.0 2009.02.10 - Fortinet 3.117.0.0 2009.02.09 - GData 19 2009.02.10 - Ikarus T3.1.1.45.0 2009.02.10 - K7AntiVirus 7.10.624 2009.02.09 - Kaspersky 7.0.0.125 2009.02.10 - McAfee 5521 2009.02.10 - McAfee+Artemis 5521 2009.02.09 - Microsoft 1.4306 2009.02.09 - NOD32 3840 2009.02.10 - Norman 6.00.02 2009.02.09 - nProtect 2009.1.8.0 2009.02.10 - Panda 9.5.1.2 2009.02.09 - PCTools 4.4.2.0 2009.02.09 - Prevx1 V2 2009.02.10 - Rising 21.16.11.00 2009.02.10 - SecureWeb-Gateway 6.7.6 2009.02.10 - Sophos 4.38.0 2009.02.10 - Sunbelt 3.2.1847.2 2009.02.07 - Symantec 10 2009.02.10 - TheHacker 6.3.1.5.250 2009.02.09 - TrendMicro 8.700.0.1004 2009.02.10 - VBA32 3.12.8.12 2009.02.10 - ViRobot 2009.2.10.1598 2009.02.10 - VirusBuster 4.5.11.0 2009.02.09 - Information additionnelle File size: 147456 bytes MD5...: b903fd934be45d5a87338e0c7e1a03ed SHA1..: 8e71af948825872848a20b618abb9ada0f41272e SHA256: 1f0e2cb0dea98b18b53f9e01447b56cec83d1b703f9f7be160e09df3772c0d01 SHA512: b1ea8b1d08e54c4359abe457d8458db90097ea4133354ef6b089e01304d184f9 4fb81ba5f7c9475d20059f90ce4291525497daceafae539edc586199d773dd9b ssdeep: 3072:o1On0p70W1r3IXxAKFmZvLQW9v7aHtfHLOcPEKyW:opt0gzc6ZP9v2cx PEiD..: - TrID..: File type identification Win64 Executable Generic (95.5%) Generic Win/DOS Executable (2.2%) DOS Executable Generic (2.2%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xc900 timedatestamp.....: 0x4870b532 (Sun Jul 06 12:06:10 2008) machinetype.......: 0x8664 (AMD64) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1e826 0x1ea00 6.01 475710dbaa67aa51cedc1e672e0a0065 .orpc 0x20000 0xf2 0x200 3.15 15599aa923937cf7388f78f720dc7772 .data 0x21000 0x44d8 0x2000 2.15 351c8d925302bd8921b656a155a2d637 .pdata 0x26000 0x2274 0x2400 5.04 a35cd108f8f8fed7478ae5b9c72f928f .rsrc 0x29000 0x440 0x600 2.62 7450282545e041127716f8eacd2e5f75 .reloc 0x2a000 0x5f0 0x600 3.50 177753e57bd0f69771fd7daf11d93369 ( 5 imports ) > KERNEL32.dll: InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, DisableThreadLibraryCalls, CloseHandle, SetLastError, SetEvent, GetLastError, Sleep, WaitForSingleObject, CreateEventW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, MultiByteToWideChar, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, RtlUnwindEx, RaiseException, RtlPcToFileHeader, GetCPInfo, ExitProcess, GetProcAddress, GetModuleHandleA, TlsAlloc, TlsFree, TlsSetValue, TlsGetValue, HeapSetInformation, HeapCreate, HeapDestroy, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, WriteFile, HeapSize, LCMapStringA, LCMapStringW, FlushFileBuffers, SetFilePointer, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetACP, GetOEMCP, HeapReAlloc, LoadLibraryA, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, ReadFile, SetStdHandle > OLEAUT32.dll: -, -, - > ole32.dll: CoCreateInstance, CoUninitialize, CoInitializeEx > WINSPOOL.DRV: GetPrinterDriverW, OpenPrinterW, ReadPrinter, WritePrinter, SetJobW, GetJobW, ClosePrinter, StartDocPrinterW, EndDocPrinter > RPCRT4.dll: IUnknown_QueryInterface_Proxy, IUnknown_AddRef_Proxy, IUnknown_Release_Proxy, CStdStubBuffer_QueryInterface, CStdStubBuffer_AddRef, NdrOleFree, CStdStubBuffer_Disconnect, CStdStubBuffer_Invoke, CStdStubBuffer_IsIIDSupported, CStdStubBuffer_CountRefs, CStdStubBuffer_DebugServerQueryInterface, CStdStubBuffer_DebugServerRelease, NdrDllUnregisterProxy, NdrOleAllocate, CStdStubBuffer_Connect, NdrDllGetClassObject, NdrDllCanUnloadNow, NdrCStdStubBuffer_Release, NdrDllRegisterProxy ( 10 exports ) ClosePrintProcessor, ControlPrintProcessor, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, EnumPrintProcessorDatatypesW, GetPrintProcessorCapabilities, OpenPrintProcessor, PrintDocumentOnPrintProcessor Deuxième fichier Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.07 - AhnLab-V3 5.0.0.2 2009.02.07 - AntiVir 7.9.0.76 2009.02.07 - Authentium 5.1.0.4 2009.02.07 - Avast 4.8.1335.0 2009.02.07 - AVG 8.0.0.229 2009.02.07 - BitDefender 7.2 2009.02.07 - CAT-QuickHeal 10.00 2009.02.07 - ClamAV 0.94.1 2009.02.07 - Comodo 969 2009.02.07 - DrWeb 4.44.0.09170 2009.02.07 - eSafe 7.0.17.0 2009.02.05 - eTrust-Vet 31.6.6346 2009.02.07 - F-Prot 4.4.4.56 2009.02.07 - F-Secure 8.0.14470.0 2009.02.07 - Fortinet 3.117.0.0 2009.02.07 - GData 19 2009.02.07 - Ikarus T3.1.1.45.0 2009.02.07 - K7AntiVirus 7.10.623 2009.02.07 - Kaspersky 7.0.0.125 2009.02.07 - McAfee 5518 2009.02.07 - McAfee+Artemis 5519 2009.02.07 - Microsoft 1.4306 2009.02.06 - NOD32 3836 2009.02.07 - Norman 6.00.02 2009.02.06 - nProtect 2009.1.8.0 2009.02.07 - Panda 9.5.1.2 2009.02.07 - PCTools 4.4.2.0 2009.02.07 - Prevx1 V2 2009.02.07 - Rising 21.15.50.00 2009.02.07 - SecureWeb-Gateway 6.7.6 2009.02.07 - Sophos 4.38.0 2009.02.07 - Sunbelt 3.2.1847.2 2009.02.07 - Symantec 10 2009.02.07 - TheHacker 6.3.1.5.248 2009.02.07 - TrendMicro 8.700.0.1004 2009.02.06 - VBA32 3.12.8.12 2009.02.05 - ViRobot 2009.2.6.1594 2009.02.06 - VirusBuster 4.5.11.0 2009.02.07 - Information additionnelle File size: 10929 bytes MD5...: d624e5917fc7944e94c84c56a1e5f2dd SHA1..: a81b9c6b327effa545e28164ac42aace13bbc937 SHA256: b275908eacf901683495181dff6a97639c97989c7723b50918d238dc79d07820 SHA512: 8a65b956d85c976188e8ed39ec82e157832226a18c93b963f27c0f22cb282ac2 cc36c498373c3ecc43e9ebd004ed7018a51f019dd47937693ae9fe35da154c01 ssdeep: 96:FRrpmf8LmfT/eDPDaxDPDaFOgkHDPDab3vTDPDaxDPDaFOgkHDPDab3vND74O Dve:FqUSfT/Vo6opz+jaIhjK3XvmKFGn PEiD..: - TrID..: File type identification DER encoded X509 Certificate (66.6%) PKCS #7 Signature (33.3%) PEInfo: - TRoisième fichier Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.5.0 2008.12.04 - AntiVir 7.9.0.41 2008.12.04 - Authentium 5.1.0.4 2008.12.04 - Avast 4.8.1281.0 2008.12.03 - AVG 8.0.0.199 2008.12.04 - BitDefender 7.2 2008.12.04 - CAT-QuickHeal 10.00 2008.12.04 - ClamAV 0.94.1 2008.12.04 - DrWeb 4.44.0.09170 2008.12.04 - eSafe 7.0.17.0 2008.12.04 - eTrust-Vet 31.6.6243 2008.12.04 - Ewido 4.0 2008.12.04 - F-Prot 4.4.4.56 2008.12.04 - F-Secure 8.0.14332.0 2008.12.04 - Fortinet 3.117.0.0 2008.12.04 - GData 19 2008.12.04 - Ikarus T3.1.1.45.0 2008.12.04 - K7AntiVirus 7.10.543 2008.12.04 - Kaspersky 7.0.0.125 2008.12.04 - McAfee 5453 2008.12.03 - McAfee+Artemis 5453 2008.12.03 - Microsoft 1.4205 2008.12.04 - NOD32 3664 2008.12.04 - Norman 5.80.02 2008.12.04 - Panda 9.0.0.4 2008.12.04 - PCTools 4.4.2.0 2008.12.04 - Prevx1 V2 2008.12.04 - Rising 21.06.32.00 2008.12.04 - SecureWeb-Gateway 6.7.6 2008.12.04 - Sophos 4.36.0 2008.12.04 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.04 - TheHacker 6.3.1.2.174 2008.12.04 - TrendMicro 8.700.0.1004 2008.12.04 - VBA32 3.12.8.10 2008.12.03 - ViRobot 2008.12.4.1500 2008.12.04 - VirusBuster 4.5.11.0 2008.12.04 - Information additionnelle File size: 2204 bytes MD5...: ade5b9d0641c8bbfeb94d66d1dcb89c9 SHA1..: d45d41159ff13d06c67b3e81a33c003602f0b630 SHA256: a9832bfb29b6217b5e009e00345d33b39c16652021ffa4cd2040112eeca23db0 SHA512: c91bd2cb4f762378f9184e76ed6b9b0b6b5f7ca42d7f88c7296dfe5384358152 9221f40e64567c5351bdbfb266fdd1734a6b24abcb2bd05523b9c2239154b3ab ssdeep: 24:QkW1OHfHRHhMCuJXfkaVgjKJbAr9H9G8EroXHoafeWdeWheW1KDfcs8l9:Hph O+MgjKaBdj6oXHoafeqeee3Dfcs09 PEiD..: - TrID..: File type identification Text - UTF-16 (LE) encoded (64.4%) MP3 audio (32.2%) Lumena CEL bitmap (2.0%) Corel Photo Paint (1.3%) PEInfo: - packers (F-Prot): Unicode quatre fichier. Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.93 2009.02.09 - AhnLab-V3 5.0.0.2 2009.02.09 - AntiVir 7.9.0.76 2009.02.09 - Authentium 5.1.0.4 2009.02.09 - Avast 4.8.1335.0 2009.02.09 - AVG 8.0.0.229 2009.02.09 - BitDefender 7.2 2009.02.10 - CAT-QuickHeal 10.00 2009.02.09 - ClamAV 0.94.1 2009.02.09 - Comodo 972 2009.02.09 - DrWeb 4.44.0.09170 2009.02.10 - eSafe 7.0.17.0 2009.02.09 - eTrust-Vet 31.6.6347 2009.02.09 - F-Prot 4.4.4.56 2009.02.09 - F-Secure 8.0.14470.0 2009.02.09 - Fortinet 3.117.0.0 2009.02.09 - GData 19 2009.02.10 - Ikarus T3.1.1.45.0 2009.02.09 - K7AntiVirus 7.10.624 2009.02.09 - Kaspersky 7.0.0.125 2009.02.10 - McAfee 5520 2009.02.08 - McAfee+Artemis 5520 2009.02.08 - Microsoft 1.4306 2009.02.09 - NOD32 3840 2009.02.10 - Norman 6.00.02 2009.02.09 - nProtect 2009.1.8.0 2009.02.09 - Panda 9.5.1.2 2009.02.09 - PCTools 4.4.2.0 2009.02.09 - Prevx1 V2 2009.02.10 - Rising 21.15.50.00 2009.02.07 - SecureWeb-Gateway 6.7.6 2009.02.09 - Sophos 4.38.0 2009.02.09 - Sunbelt 3.2.1847.2 2009.02.07 - Symantec 10 2009.02.10 - TheHacker 6.3.1.5.250 2009.02.09 - TrendMicro 8.700.0.1004 2009.02.09 - VBA32 3.12.8.12 2009.02.08 - ViRobot 2009.2.9.1596 2009.02.09 - VirusBuster 4.5.11.0 2009.02.09 - Information additionnelle File size: 73 bytes MD5...: 811ffde93d1fdb8f3a91304422e941a9 SHA1..: 60a290e14e642c29ba34875fff15e9dced0bd1c4 SHA256: 0fd304ec34b15f43fae5d5008bb21412f9d9948b86b18457b6f92e5055ed3518 SHA512: 5b60ab5fe3f2717dadb0eb801af30c5b82d6c30a229138cb2e7d812252634c42 87574e7073cf6ff71be9ec4dc95a42388d6cc7580a3db86481516e97d998f4cf ssdeep: 3:NjKVGDeRG+jmKXVM8cvyP2gtIa:F+BXVcar1 PEiD..: - TrID..: File type identification Unknown! PEInfo: - cinquième fichier Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.73 2008.12.24 - AhnLab-V3 2008.12.22.0 2008.12.24 - AntiVir 7.9.0.45 2008.12.24 - Authentium 5.1.0.4 2008.12.24 - Avast 4.8.1281.0 2008.12.23 - AVG 8.0.0.199 2008.12.23 - BitDefender 7.2 2008.12.24 - CAT-QuickHeal 10.00 2008.12.24 - ClamAV 0.94.1 2008.12.24 - Comodo 804 2008.12.23 - DrWeb 4.44.0.09170 2008.12.24 - eSafe 7.0.17.0 2008.12.23 - eTrust-Vet 31.6.6276 2008.12.24 - Ewido 4.0 2008.12.24 - F-Prot 4.4.4.56 2008.12.24 - Fortinet 3.117.0.0 2008.12.24 - GData 19 2008.12.24 - Ikarus T3.1.1.45.0 2008.12.24 - K7AntiVirus 7.10.563 2008.12.23 - Kaspersky 7.0.0.125 2008.12.24 - McAfee 5473 2008.12.23 - McAfee+Artemis 5473 2008.12.23 - Microsoft 1.4205 2008.12.24 - NOD32 3715 2008.12.24 - Norman 5.80.02 2008.12.23 - Panda 9.0.0.4 2008.12.24 - PCTools 4.4.2.0 2008.12.23 - Prevx1 V2 2008.12.24 - Rising 21.09.22.00 2008.12.24 - SecureWeb-Gateway 6.7.6 2008.12.24 - Sophos 4.37.0 2008.12.24 - Sunbelt 3.2.1809.2 2008.12.22 - Symantec 10 2008.12.24 - TheHacker 6.3.1.4.199 2008.12.23 - TrendMicro 8.700.0.1004 2008.12.24 - VBA32 3.12.8.10 2008.12.23 - ViRobot 2008.12.24.1534 2008.12.24 - VirusBuster 4.5.11.0 2008.12.23 - Information additionnelle File size: 765440 bytes MD5...: 63b6e4c603fbde9299ba77b721265712 SHA1..: caf9532bc74b902b5d898d8f19926f82f8169bc9 SHA256: 26cfa2ba84873cf87ff41d815144e197ba40e5439e1bfce2741cbfbe4ee86c40 SHA512: 9a66673b5cc29856b64f9e76a342db21b3c96fd2c056ea823552bf2931b0f15d 95e1f9c5ac32d166f929df6f854af6295257f03f7c24b4146ecdcdecb47af418 ssdeep: 12288:akNrM4dWAU1Qp4BuU4NVgfRoi7utGaF/QRO+E0yuNC83WnJinn0BTFg5:a kNgCvp4BoQuzlQ3yuNC82JinwTF PEiD..: - TrID..: File type identification Win32 Executable MS Visual C++ (generic) (53.1%) Windows Screen Saver (18.4%) Win32 Executable Generic (12.0%) Win32 Dynamic Link Library (generic) (10.6%) Generic Win/DOS Executable (2.8%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x3f522bf5 timedatestamp.....: 0x4870b532 (Sun Jul 06 12:06:10 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xae1f8 0xae200 6.30 feb676d91566601bfdeba993e8e988c4 .data 0xb0000 0x5b20 0x3a00 5.02 c3a91882024b5d8b14209c5e801372bd .rsrc 0xb6000 0x408 0x600 2.53 9e4ab81a25cb340e815423cf8e550543 .reloc 0xb7000 0x8794 0x8800 5.74 efaa66eee82e5c1c26a4e3fe3cc83e41 ( 9 imports ) > ntdll.dll: VerSetConditionMask, RtlUnwind > WINSPOOL.DRV: DocumentPropertiesW, GetPrinterW, EnumFormsW, GetJobW, SetJobW, GetPrinterDriverW, AbortPrinter, StartPagePrinter, EndPagePrinter, WritePrinter > KERNEL32.dll: InterlockedDecrement, GetCurrentThreadId, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, HeapReAlloc, HeapSize, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, LeaveCriticalSection, EnterCriticalSection, GetCPInfo, GetACP, InterlockedIncrement, VirtualAlloc, WriteFile, LoadLibraryA, InitializeCriticalSection, GetModuleHandleW, Sleep, SetFilePointer, GetConsoleCP, GetConsoleMode, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, TlsFree, GetSystemInfo, VirtualQuery, CreateFileA, FlushFileBuffers, GetLocaleInfoW, TlsSetValue, TlsAlloc, TlsGetValue, ExitProcess, GetModuleHandleA, HeapAlloc, HeapFree, OutputDebugStringA, CreateThread, ExitThread, RaiseException, GetVersionExA, GetCommandLineA, InterlockedExchange, CloseHandle, GlobalLock, GlobalUnlock, CreateEventW, SetEvent, WaitForSingleObject, GetModuleFileNameW, FreeLibrary, GetSystemDirectoryW, LoadLibraryW, GetProcAddress, FormatMessageA, LocalFree, GetLastError, MulDiv, SetLastError, DisableThreadLibraryCalls, VerifyVersionInfoW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, FormatMessageW, GetOEMCP, LocalAlloc, CreateFileW, DeleteFileW, CreateHardLinkW, ReadFile, GetFileSize, GetTempFileNameW, GetTempPathW, RemoveDirectoryW, FindNextFileW, FindClose, FindFirstFileW, VirtualProtect > GDI32.dll: FONTOBJ_pifi, FONTOBJ_cGetGlyphs, FONTOBJ_pQueryGlyphAttrs, XFORMOBJ_bApplyXform, XFORMOBJ_iGetXform, STROBJ_bEnum, STROBJ_vEnumStart, PATHOBJ_bEnum, PATHOBJ_vEnumStart, EngDeletePath, CLIPOBJ_ppoGetPath, FONTOBJ_pvTrueTypeFontFile, BRUSHOBJ_pvGetRbrush, EngDeletePalette, EngCreatePalette, EngCreateBitmap, EngAlphaBlend, EngTransparentBlt, EngPlgBlt, EngStretchBltROP, EngBitBlt, EngEraseSurface, EngCopyBits, BRUSHOBJ_pvAllocRbrush, EngTextOut, EngGradientFill, EngStrokeAndFillPath, EngFillPath, EngStrokePath, XLATEOBJ_piVector, XLATEOBJ_cGetPalette, EngLockSurface, EngStretchBlt, EngUnlockSurface, EngDeleteSurface, EngCreateDeviceSurface, EngAssociateSurface, EngMarkBandingSurface, FONTOBJ_pxoGetXform > USER32.dll: SetRectEmpty, IntersectRect, IsRectEmpty, UnionRect, LoadStringW, OffsetRect, CopyRect > ole32.dll: CreateStreamOnHGlobal, StringFromGUID2, CoCreateGuid, GetHGlobalFromStream, CoTaskMemFree > OLEAUT32.dll: -, -, -, -, - > ADVAPI32.dll: RegQueryValueExW, RegOpenKeyExW, RegCloseKey > VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW ( 4 exports ) DllMain, DrvDisableDriver, DrvEnableDriver, DrvQueryDriverInfo

Voici le résultat de Combofix: On dirait qu'il y a qlq fichier supprimer, j'ai placer mes 4 clé usb aussi. ComboFix 09-02-08.02 - ibo 2009-02-10 12:58:52.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1015.266 [GMT 1:00] Lancé depuis: c:\documents and settings\Ibo\Bureau\ibeaux.exe AV: avast! antivirus 4.8.1335 [VPS 090209-0] *On-access scanning disabled* (Updated) AV: G DATA AntiVirus *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\1utbfd.bat C:\autorun.inf c:\windows\system32\nmdfgds0.dll c:\windows\system32\nmdfgds1.dll c:\windows\system32\olhrwef.exe D:\1utbfd.bat D:\Autorun.inf G:\autorun.inf g:\recycler\desktop.ini H:\autorun.inf I:\autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-10 au 2009-02-10 )))))))))))))))))))))))))))))))))))) . 2009-02-10 12:13 . 2009-02-10 12:12 109,006 -r-hs---- C:\2aaxaiy.exe 2009-02-10 11:59 . 2009-02-10 11:59 <REP> d-------- c:\windows\ERUNT 2009-02-10 11:55 . 2009-02-10 12:07 <REP> d-------- C:\SDFix 2009-02-09 14:48 . 2009-02-09 14:48 <REP> d-------- c:\windows\Sun 2009-02-09 14:47 . 2009-02-09 14:47 <REP> d-------- c:\program files\Java 2009-02-09 14:47 . 2009-02-09 14:47 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-09 14:47 . 2009-02-09 14:47 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-09 12:06 . 2009-02-09 13:04 68,424 --a------ c:\windows\system32\drivers\GRD.sys 2009-02-09 11:58 . 2009-02-09 12:54 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys 2009-02-09 11:57 . 2009-02-09 12:02 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA 2009-02-09 11:57 . 2009-02-09 12:54 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys 2009-02-09 11:57 . 2009-02-09 12:54 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys 2009-02-09 11:56 . 2009-02-09 11:56 <REP> d-------- c:\program files\G DATA 2009-02-09 11:56 . 2009-02-09 11:57 <REP> d-------- c:\program files\Fichiers communs\G DATA 2009-02-06 15:04 . 2009-02-06 15:38 <REP> d-------- c:\windows\BDOSCAN8 2009-02-05 16:23 . 2009-02-05 16:23 <REP> d-------- c:\program files\Trend Micro 2009-02-05 15:41 . 2009-02-05 15:41 <REP> d-------- c:\program files\Panda Security 2009-02-05 15:41 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2009-02-05 07:14 . 2009-02-05 07:14 <REP> d-------- C:\spoolerlogs 2009-02-04 10:39 . 2009-02-04 10:39 <REP> d-------- c:\documents and settings\Ibo\Application Data\McAfee 2009-02-04 10:09 . 2009-02-04 10:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-02-04 10:05 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2009-02-04 09:57 . 2009-02-04 09:57 <REP> d-------- c:\windows\system32\XPSViewer 2009-02-04 09:57 . 2009-02-04 09:57 <REP> d-------- c:\program files\Reference Assemblies 2009-02-04 09:57 . 2009-02-04 09:57 <REP> d-------- c:\program files\MSBuild 2009-02-04 09:56 . 2009-02-04 10:09 <REP> d-------- c:\windows\SxsCaPendDel 2009-02-04 09:56 . 2009-02-04 09:56 <REP> d-------- C:\273d0fdf73ed8139dd438565a6df583c 2009-02-04 09:56 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll 2009-02-04 09:56 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll 2009-02-04 09:56 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-02-04 09:56 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll 2009-02-04 09:56 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll 2009-02-04 09:56 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll 2009-02-04 09:56 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-02-02 15:33 . 2009-02-02 15:33 <REP> d-------- c:\program files\Spybot - Search & Destroy 2009-02-02 15:33 . 2009-02-03 07:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-02 15:06 . 2007-08-01 22:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-02-02 14:26 . 2009-02-09 14:48 <REP> d-------- c:\documents and settings\Ibo\.housecall6.6 2009-01-27 14:37 . 2009-01-27 14:37 <REP> d-------- c:\program files\SystemRequirementsLab 2009-01-27 11:53 . 2009-02-09 08:04 512 --a------ c:\windows\randseed.rnd 2009-01-27 11:48 . 2009-01-27 11:48 <REP> d-------- c:\program files\Fichiers communs\Cisco Systems 2009-01-23 12:49 . 2009-01-23 12:49 <REP> d-------- c:\program files\RealVNC 2009-01-23 12:49 . 2008-10-14 01:03 20,992 --a------ c:\windows\system32\vncmirror.dll 2009-01-23 12:49 . 2008-10-14 01:03 4,608 --a------ c:\windows\system32\drivers\vncmirror.sys 2009-01-20 12:16 . 2009-01-20 12:16 <REP> d-------- c:\program files\Webroot 2009-01-20 12:16 . 2009-01-20 12:16 <REP> d-------- c:\documents and settings\All Users\Application Data\Webroot 2009-01-20 12:15 . 2009-01-20 12:15 <REP> d--h----- c:\windows\PIF 2009-01-16 11:59 . 2009-01-16 11:59 <REP> d-------- c:\documents and settings\Ibo\Application Data\MyDataZone 2009-01-15 22:07 . 2009-01-15 22:07 <REP> d-------- c:\documents and settings\Ibo\Application Data\Windows Search 2009-01-12 16:21 . 2009-01-12 16:21 <REP> d-------- c:\program files\CDex_150 2009-01-12 13:07 . 2009-01-12 13:07 18,440 --a------ c:\documents and settings\Ibo\Application Data\GDIPFONTCACHEV1.DAT 2009-01-12 09:29 . 2001-08-23 17:04 12,288 --a------ c:\windows\system32\drivers\mouhid.sys 2009-01-12 09:29 . 2001-08-23 17:04 12,288 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2009-01-12 09:29 . 2008-04-13 19:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-01-12 09:29 . 2008-04-13 19:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-10 11:55 --------- d-----w c:\documents and settings\Ibo\Application Data\U3 2009-01-20 11:16 --------- d-----w c:\program files\Fichiers communs\Webroot Shared 2009-01-20 11:16 --------- d-----w c:\documents and settings\Ibo\Application Data\Webroot 2009-01-19 08:56 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-01-15 11:38 --------- d-----w c:\documents and settings\Ibo\Application Data\Wireshark 2009-01-09 18:07 --------- d-----w c:\documents and settings\Ibo\Application Data\dvdcss 2009-01-09 11:45 --------- d-----w c:\program files\Real 2009-01-09 11:45 --------- d-----w c:\program files\Fichiers communs\xing shared 2009-01-09 11:45 --------- d-----w c:\program files\Fichiers communs\Real 2009-01-09 09:41 --------- d-----w c:\program files\Audacity 2009-01-06 10:59 --------- d-----w c:\program files\SeaStorm 3D Screensaver 2009-01-06 07:50 --------- d-----w c:\program files\Dream Aquarium 2009-01-01 13:52 --------- d-----w c:\program files\Weight Watchers 2008-12-31 13:07 --------- d-----w c:\program files\Panicware 2008-12-31 12:14 --------- d-----w c:\program files\Wireshark 2008-12-31 12:12 --------- d-----w c:\program files\WinPcap 2008-12-26 12:03 --------- d-----w c:\program files\Microsoft Silverlight 2008-12-26 10:58 --------- d-----w c:\program files\Microsoft ActiveSync 2008-12-26 09:23 --------- d-----w c:\program files\Hide Folders XP 2 2008-12-23 14:28 --------- d-----w c:\documents and settings\Ibrahim_Demirel\Application Data\vlc 2008-12-23 11:33 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-23 11:33 --------- d-----w c:\program files\Windows Live 2008-12-23 11:33 --------- d-----w c:\program files\Microsoft 2008-12-23 11:27 --------- d-----w c:\program files\Fichiers communs\Windows Live 2008-12-22 10:35 --------- d-----w c:\documents and settings\Ibo\Application Data\Ahead 2008-12-22 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead 2008-12-22 10:29 --------- d-----w c:\program files\Fichiers communs\Ahead 2008-12-22 10:27 --------- d-----w c:\program files\Windows Sidebar 2008-12-22 10:27 --------- d-----w c:\program files\Nero 2008-12-22 10:27 --------- d-----w c:\documents and settings\All Users\Application Data\Nero 2008-12-22 08:53 --------- d-----w c:\program files\Hewlett-Packard 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-27 39408] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-09 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-09 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-09 150040] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328] "Don't Panic!"="c:\program files\PANICWARE\DON'T_PANIC_FR!\DP.EXE" [2001-06-16 1384448] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-01-09 185872] "G DATA AntiVirus Trayapplication"="c:\program files\G DATA\AntiVirus\AVKTray\AVKTray.exe" [2008-11-24 958024] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-09 136600] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 561213] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2008-05-13 15:39 85504 c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2007-06-08 09:04 49152 c:\windows\system32\DeviceNP.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Panicware\\Don't_Panic_FR!\\dp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [2008-12-26 17264] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-02-05 28544] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-09 114768] R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2009-02-09 68424] R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [2004-08-05 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-09 20560] R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904] R2 AVKService;Planificateur G DATA;c:\program files\G DATA\AntiVirus\AVK\AVKService.exe [2008-09-08 386120] R2 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\AntiVirus\AVK\AVKWCtl.exe [2008-08-14 1185496] R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2009-02-09 51016] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2009-01-20 598856] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-25 193840] R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2009-02-09 48712] R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2009-02-09 32328] R3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2007-07-17 35072] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-07-24 41216] S2 ASBroker;Courtier de session de connexion;c:\windows\System32\svchost.exe -k Cognizance [2004-08-05 14336] S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2008-11-27 30008] S3 FLCDLOCK;Verrouillage des périphériques / Audition HP ProtectTools;c:\windows\system32\flcdlock.exe [2007-06-08 172131] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - C:\1utbfd.bat \Shell\open\Command - C:\1utbfd.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\1utbfd.bat \Shell\open\Command - D:\1utbfd.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{509da3e4-f449-11dd-b5bc-001a4b7267b1}] \Shell\AutoRun\command - F:\a2h2.com \Shell\open\Command - F:\a2h2.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9e75285-d57a-11dd-b546-001a4b7267b1}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d734d29a-cfff-11dd-b52f-001a4b7267b1}] \Shell\AutoRun\command - iqe68o.bat \Shell\explore\Command - iqe68o.bat \Shell\open\Command - iqe68o.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dba4b0ac-ce7e-11dd-b52e-0013e8ebd309}] \Shell\AutoRun\command - gncoefqe.exe \Shell\explore\Command - gncoefqe.exe \Shell\open\Command - gncoefqe.exe . Contenu du dossier 'Tâches planifiées' 2009-02-10 c:\windows\Tasks\OGADaily.job - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04] 2009-02-10 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAVerify.exe [2008-12-31 17:04] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe HKCU-Run-cdoosoft - c:\windows\system32\olhrwef.exe HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.be/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: internet Trusted Zone: mcafee.com DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-10 13:04:33 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(980) c:\program files\Hewlett-Packard\IAM\bin\ocgina.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\ocgina.dll c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\HPBrand.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\ItMsg.dll c:\program files\Hewlett-Packard\IAM\bin\ItTal.dll c:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\AuthWiz.dll c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\TpmAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL c:\program files\Hewlett-Packard\IAM\bin\FRA\ittalsnap.DLL c:\program files\Hewlett-Packard\IAM\bin\FRA\TokenAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll c:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\BioAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll c:\windows\system32\xenroll.dll c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll c:\program files\Hewlett-Packard\IAM\bin\FRA\NetAdmin.dll c:\windows\system32\DeviceNP.dll - - - - - - - > 'lsass.exe'(1036) c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\system32\scardsvr.exe c:\windows\system32\agrsmsvc.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\searchindexer.exe c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\igfxsrvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\progra~1\MICROS~3\rapimgr.exe . ************************************************************************** . Heure de fin: 2009-02-10 13:07:01 - La machine a redémarré ComboFix-quarantined-files.txt 2009-02-10 12:06:58 Avant-CF: 20.415.291.392 octets libres Après-CF: 20,330,340,352 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 311 --- E O F --- 2009-01-14 13:16:55

Merci de l'intérêt que vous portez à mon problème, voici le rapport de SDFIX et mon antivirus n'arrête pas d'afficher le message suivant: Virus: Trojan.AutorunINF.Gen (Moteur A) Fichier: autorun.inf Dossier: C: Processus: ashServ.exe Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-10 12:04:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter" "C:\\Documents and Settings\\Ibo\\Local Settings\\Temp\\OnlineUpdate8\\SetupXu.exe"="C:\\Documents and Settings\\Ibo\\Local Settings\\Temp\\OnlineUpdate8\\SetupXu.exe:*:Enabled:Nero ControlCenter" "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Panicware\\Don't_Panic_FR!\\dp.exe"="C:\\Program Files\\Panicware\\Don't_Panic_FR!\\dp.exe:*:Enabled:Don't Panic!" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:VNC Server" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" Remaining Files : Files with Hidden Attributes : Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 26 Jan 2009 2,144,088 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Tue 10 Feb 2009 95,744 ..SHR --- "C:\WINDOWS\system32\nmdfgds0.dll" Tue 10 Feb 2009 95,744 ..SHR --- "C:\WINDOWS\system32\nmdfgds1.dll" Mon 9 Feb 2009 107,874 ..SHR --- "C:\WINDOWS\system32\olhrwef.exe" Thu 27 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Ibo\Application Data\U3\temp\Launchpad Removal.exe" Finished!

Bonjour, Je suis un peu désespéré avec mon pc portable, je n'arrive pas à me débarasser d'un virus ou trojan. J'ai essayé quasi tout les antivirus online et aucun ne le trouve, malgré que j'ai un antivirus Mcfee version professionel. Voici le rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:55:28, on 10/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\AntiVirus\Webfilter\AVKWebIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\AntiVirus\Webfilter\AVKWebIE.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [Don't Panic!] "C:\PROGRAM FILES\PANICWARE\DON'T_PANIC_FR!\DP.EXE" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Verrouillage des périphériques / Audition HP ProtectTools (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 13776 bytes Voici ce que met l'antivirus Panda online: Common name: Lineage.KMY Technical name: W32/Lineage.KMY.worm Threat level: Medium Type: Worm Effects: It spreads and affects other computers. It does not spread automatically using its own means. Affected platforms: Windows 2003/XP/2000/NT/ME/98/95 First detected on: Feb. 6, 2009 Detection updated on: Feb. 6, 2009 Statistics Yes Proactive protection: Yes, using TruPrevent Technologies Brief Description Lineage.KMY is a worm that spreads by copying itself, without infecting other files. Lineage.KMY does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc. Exporter vers : Menaces avec désinfection gratuite (2) Niveau de risque faible (2) W32/Lineage.KM... Virus Latent(e) Masquer +Infos 1. C:\WINDOWS\system32\nmdfgds0.dll W32/Lineage.KM... Virus Latent(e) Masquer +Infos 1. C:\m0vnonh.bat 2. D:\m0vnonh.bat Fichiers suspects (1) D:\Programmes\Storm 3D ScreenSaver\SeaStorm_3...Seastorm\seastorm3d.exe][setup.exe] Un grand merci à ceux qui pourrais m'aider, je me débrouille bien en informatique mais là je suis un peu dépassé. Bonne journée