domich

Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2671 Windows 5.1.2600 Service Pack 3 21/08/2009 20:28:13 mbam-log-2009-08-21 (20-27-52).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 188032 Temps écoulé: 47 minute(s), 8 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\HPZipr1232.dll (Trojan.Tracur) -> No action taken. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c47e8bec651 (Trojan.Tracur) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorFrNE (Rogue.RegistryDokter) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> No action taken. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SudoPlanet (Adware.EGDAccess) -> No action taken. C:\WINDOWS\system32\SystemX86 (Worm.Archive) -> No action taken. Fichier(s) infecté(s): C:\WINDOWS\system32\HPZipr1232.dll (Trojan.Tracur) -> No action taken. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SudoPlanet\Désinstaller.lnk (Adware.EGDAccess) -> No action taken. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SudoPlanet\SudoPlanet.lnk (Adware.EGDAccess) -> No action taken. C:\WINDOWS\system32\SystemX86\BE.tmp (Worm.Archive) -> No action taken. C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> No action taken.

Citation (pear @ lundi 03 août 2009 à 16h52) Ecrit dans la procédure: * Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider. Bonjour Après un petit break.....A LA CAMPAGNE ! Voici le rapport après avoir suivi la procédure ! ComboFix 09-08-20.07 - HP_Propriétaire 21/08/2009 16:28.2.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.640 [GMT 2:00] Running from: c:\documents and settings\HP_Propriétaire\Bureau\35920-CF.exe Command switches used :: c:\documents and settings\HP_Propriétaire\Bureau\CFScript.txt.txt AV: avast! antivirus 4.8.1335 [VPS 090820-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} * Created a new restore point FILE :: "c:\windows\system32\1CB.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\EoRezo c:\program files\EoRezo\ConfMedia.cyp c:\program files\EoRezo\EoAdv\EoAdv.dll c:\program files\EoRezo\EoAdv\eoAdv.url c:\program files\EoRezo\EoAdv\EoRezoBHO.dll c:\program files\EoRezo\EoAdv\tmp\eoRezoBho.dll.1457 c:\program files\EoRezo\EoAdv\tmp\eoRezoBho.dll.3856 c:\program files\EoRezo\EoEngine.exe c:\program files\EoRezo\eoEngine.url c:\program files\EoRezo\EoMultiLanguage.dll c:\program files\EoRezo\EoRezoComm.dll c:\program files\EoRezo\EoRezoImg_17.dll c:\program files\EoRezo\EoRezoImg_19.dll c:\program files\EoRezo\EoRezoImg_20.dll c:\program files\EoRezo\EoRezoImg_21.dll c:\program files\EoRezo\EoRezoImg_22.dll c:\program files\EoRezo\EoRezoImg_23.dll c:\program files\EoRezo\EoRezoTools_16.dll c:\program files\EoRezo\EoRezoTools_17.dll c:\program files\EoRezo\EoRezoTools_18.dll c:\program files\EoRezo\EoRezoTools_20.dll c:\program files\EoRezo\EoRezoTools_21.dll c:\program files\EoRezo\EoRezoTools_25.dll c:\program files\EoRezo\EoRezoTools_26.dll c:\program files\EoRezo\EoRezoTools_27.dll c:\program files\EoRezo\FreeImage.dll c:\program files\EoRezo\Host.cyp c:\program files\EoRezo\icon_eo.st.ico c:\program files\EoRezo\lang\ihm_eoclock.xml c:\program files\EoRezo\lang\ihm_eoengine.xml c:\program files\EoRezo\lang\ihm_eonet.xml c:\program files\EoRezo\lang\ihm_eorezotools.xml c:\program files\EoRezo\lang\ihm_eosudoku.xml c:\program files\EoRezo\lang\ihm_eoweather.xml c:\program files\EoRezo\lang\lang_en.xml c:\program files\EoRezo\lang\lang_es.xml c:\program files\EoRezo\lang\lang_fr.xml c:\program files\EoRezo\lang\lang_it.xml c:\program files\EoRezo\MngInstaller.dll c:\program files\EoRezo\Thumbs.db c:\program files\EoRezo\unins000.dat c:\program files\EoRezo\unins000.exe c:\program files\EoRezo\user.cyp c:\windows\system32\1CB.tmp c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 ))))))))))))))))))))))))))))))) . 2009-08-16 18:51 . 2009-08-21 14:23 -------- d-sh--w- c:\windows\system32\SystemX86 2009-08-13 08:57 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-02 23:43 . 2009-08-02 23:43 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-31 11:58 . 2009-07-31 11:58 121856 ----a-w- c:\windows\system32\HPZipr1232.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-21 13:38 . 2009-04-03 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-08-07 11:00 . 2009-08-07 11:00 0 ----a-w- c:\windows\system32\6F.tmp 2009-08-05 09:00 . 2004-08-05 18:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-02 23:43 . 2005-01-02 22:50 -------- d-----w- c:\program files\Java 2009-08-02 13:33 . 2009-07-31 13:17 -------- d-----w- c:\program files\Trend Micro 2009-08-02 12:39 . 2009-03-22 23:25 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-02 10:36 . 2009-08-02 10:27 -------- d-----w- c:\program files\Navilog1 2009-08-02 00:34 . 2009-07-31 21:51 -------- d-----w- c:\program files\Mozilla Firefox(2) 2009-08-02 00:34 . 2009-03-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-02 00:34 . 2009-08-01 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-02 00:34 . 2009-07-31 22:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-01 22:20 . 2005-01-02 23:27 -------- d-----w- c:\program files\Google 2009-07-31 22:36 . 2009-07-31 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-31 21:51 . 2009-07-31 21:51 0 ----a-w- c:\windows\nsreg.dat 2009-07-17 19:03 . 2004-08-05 18:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-05 18:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-07 06:53 . 2009-07-07 06:53 0 ----a-w- c:\windows\system32\5.tmp 2009-07-04 07:55 . 2009-03-22 22:42 -------- d-----w- c:\program files\Lavasoft 2009-07-03 13:26 . 2007-05-14 18:35 -------- d-----w- c:\program files\Windows Media Connect 2 2009-07-03 13:26 . 2005-01-02 23:15 -------- d-----w- c:\program files\Microsoft Works 2009-07-03 13:26 . 2009-03-18 16:52 -------- d-----w- c:\program files\DivX 2009-07-03 13:26 . 2006-03-05 18:06 -------- d-----w- c:\program files\eMule 2009-06-29 15:57 . 2004-08-05 18:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 15:57 . 2004-08-05 18:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 15:57 . 2004-08-05 18:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:40 . 2004-08-05 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:44 . 2004-08-05 18:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:14 . 2004-08-05 18:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2004-08-05 18:00 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-08-05 18:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2004-08-05 18:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2008-11-15 22:12 . 2008-11-15 22:12 14618605 ----a-w- c:\program files\vlc-0.9.6-win32.exe 2007-05-14 20:00 . 2007-05-14 20:00 4477566 ----a-w- c:\program files\quickzip.exe 2007-05-14 19:31 . 2007-05-14 19:31 25839688 ----a-w- c:\program files\wmp11-windowsxp-x86-FR-FR.exe 2006-03-05 18:05 . 2006-03-05 18:04 4653917 ----a-w- c:\program files\eMule0.47a-Installer.exe 2004-02-02 07:15 . 2006-07-12 20:59 393351002 ----a-w- c:\program files\Adobe Photoshop CS v.8.01 (version originale française) - fonctionnel - 14 jan 2004.zip . ((((((((((((((((((((((((((((( SnapShot@2009-08-03_11.30.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-21 14:33 . 2009-08-21 14:33 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat + 2009-08-21 14:33 . 2009-08-21 14:33 16384 c:\windows\Temp\Perflib_Perfdata_574.dat - 2005-01-02 22:54 . 2008-07-09 07:40 26488 c:\windows\system32\spupdsvc.exe + 2005-01-02 22:54 . 2007-07-27 08:41 26488 c:\windows\system32\spupdsvc.exe + 2009-06-15 10:44 . 2009-06-15 10:44 78848 c:\windows\system32\dllcache\telnet.exe + 2009-06-10 14:14 . 2009-06-10 14:14 85504 c:\windows\system32\dllcache\avifil32.dll + 2009-07-17 19:03 . 2009-07-17 19:03 58880 c:\windows\system32\dllcache\atl.dll + 2004-08-05 18:00 . 2009-07-13 21:43 286208 c:\windows\system32\dllcache\wmpdxm.dll + 2009-06-10 06:15 . 2009-06-10 06:15 132096 c:\windows\system32\dllcache\wkssvc.dll + 2004-08-05 18:00 . 2009-06-10 07:21 2066432 c:\windows\system32\dllcache\mstscax.dll + 2004-08-05 18:00 . 2009-07-13 21:43 10841088 c:\windows\system32\wmp.dll + 2006-02-22 06:39 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe + 2004-08-05 18:00 . 2009-07-13 21:43 10841088 c:\windows\system32\dllcache\wmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-03-24 3587120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-04 7307264] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-03 155648] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-27 185896] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-02 122368] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-02 148888] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c47e8bec651] 2009-07-31 11:58 121856 ----a-w- c:\windows\system32\HPZipr1232.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/12/2008 11:43 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2009 12:43 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 12:43 55024] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/12/2008 11:43 20560] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/01/2005 00:58 2799488] R3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [27/06/2005 19:09 140800] S2 gupdate1c9c4d7faa2b630;Service Google Update (gupdate1c9c4d7faa2b630);c:\program files\Google\Update\GoogleUpdate.exe [24/04/2009 14:27 133104] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [07/05/2009 12:23 1527900] S3 Mnmwdflt;Mnmwdflt; [x] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 12:43 7408] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] . Contents of the 'Scheduled Tasks' folder 2009-08-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-29 06:49] 2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 12:27] 2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 12:27] 2009-08-16 c:\windows\Tasks\{649EC021-AA3D-4F85-B5EA-065830B3E173}_NOM-EB85C523610_HP_Propriétaire.job - c:\windows\system32\mobsync.exe [2004-08-05 02:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8 Trusted Zone: orange.fr\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-21 16:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(540) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\System32\HPZipr1232.dll - - - - - - - > 'explorer.exe'(1484) c:\windows\System32\HPZipr1232.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PAStiSvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-21 16:38 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-21 14:38 ComboFix2.txt 2009-08-03 11:32 Pre-Run: 181 034 971 136 octets libres Post-Run: 180 984 594 432 octets libres 257 --- E O F --- 2009-08-13 10:08

Bonjour Voici le rapport après avoir suivi la procédure ! ComboFix 09-08-20.07 - HP_Propriétaire 21/08/2009 16:28.2.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.640 [GMT 2:00] Running from: c:\documents and settings\HP_Propriétaire\Bureau\35920-CF.exe Command switches used :: c:\documents and settings\HP_Propriétaire\Bureau\CFScript.txt.txt AV: avast! antivirus 4.8.1335 [VPS 090820-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} * Created a new restore point FILE :: "c:\windows\system32\1CB.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\EoRezo c:\program files\EoRezo\ConfMedia.cyp c:\program files\EoRezo\EoAdv\EoAdv.dll c:\program files\EoRezo\EoAdv\eoAdv.url c:\program files\EoRezo\EoAdv\EoRezoBHO.dll c:\program files\EoRezo\EoAdv\tmp\eoRezoBho.dll.1457 c:\program files\EoRezo\EoAdv\tmp\eoRezoBho.dll.3856 c:\program files\EoRezo\EoEngine.exe c:\program files\EoRezo\eoEngine.url c:\program files\EoRezo\EoMultiLanguage.dll c:\program files\EoRezo\EoRezoComm.dll c:\program files\EoRezo\EoRezoImg_17.dll c:\program files\EoRezo\EoRezoImg_19.dll c:\program files\EoRezo\EoRezoImg_20.dll c:\program files\EoRezo\EoRezoImg_21.dll c:\program files\EoRezo\EoRezoImg_22.dll c:\program files\EoRezo\EoRezoImg_23.dll c:\program files\EoRezo\EoRezoTools_16.dll c:\program files\EoRezo\EoRezoTools_17.dll c:\program files\EoRezo\EoRezoTools_18.dll c:\program files\EoRezo\EoRezoTools_20.dll c:\program files\EoRezo\EoRezoTools_21.dll c:\program files\EoRezo\EoRezoTools_25.dll c:\program files\EoRezo\EoRezoTools_26.dll c:\program files\EoRezo\EoRezoTools_27.dll c:\program files\EoRezo\FreeImage.dll c:\program files\EoRezo\Host.cyp c:\program files\EoRezo\icon_eo.st.ico c:\program files\EoRezo\lang\ihm_eoclock.xml c:\program files\EoRezo\lang\ihm_eoengine.xml c:\program files\EoRezo\lang\ihm_eonet.xml c:\program files\EoRezo\lang\ihm_eorezotools.xml c:\program files\EoRezo\lang\ihm_eosudoku.xml c:\program files\EoRezo\lang\ihm_eoweather.xml c:\program files\EoRezo\lang\lang_en.xml c:\program files\EoRezo\lang\lang_es.xml c:\program files\EoRezo\lang\lang_fr.xml c:\program files\EoRezo\lang\lang_it.xml c:\program files\EoRezo\MngInstaller.dll c:\program files\EoRezo\Thumbs.db c:\program files\EoRezo\unins000.dat c:\program files\EoRezo\unins000.exe c:\program files\EoRezo\user.cyp c:\windows\system32\1CB.tmp c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 ))))))))))))))))))))))))))))))) . 2009-08-16 18:51 . 2009-08-21 14:23 -------- d-sh--w- c:\windows\system32\SystemX86 2009-08-13 08:57 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-02 23:43 . 2009-08-02 23:43 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-31 11:58 . 2009-07-31 11:58 121856 ----a-w- c:\windows\system32\HPZipr1232.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-21 13:38 . 2009-04-03 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-08-07 11:00 . 2009-08-07 11:00 0 ----a-w- c:\windows\system32\6F.tmp 2009-08-05 09:00 . 2004-08-05 18:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-02 23:43 . 2005-01-02 22:50 -------- d-----w- c:\program files\Java 2009-08-02 13:33 . 2009-07-31 13:17 -------- d-----w- c:\program files\Trend Micro 2009-08-02 12:39 . 2009-03-22 23:25 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-02 10:36 . 2009-08-02 10:27 -------- d-----w- c:\program files\Navilog1 2009-08-02 00:34 . 2009-07-31 21:51 -------- d-----w- c:\program files\Mozilla Firefox(2) 2009-08-02 00:34 . 2009-03-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-02 00:34 . 2009-08-01 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-02 00:34 . 2009-07-31 22:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-01 22:20 . 2005-01-02 23:27 -------- d-----w- c:\program files\Google 2009-07-31 22:36 . 2009-07-31 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-31 21:51 . 2009-07-31 21:51 0 ----a-w- c:\windows\nsreg.dat 2009-07-17 19:03 . 2004-08-05 18:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-05 18:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-07 06:53 . 2009-07-07 06:53 0 ----a-w- c:\windows\system32\5.tmp 2009-07-04 07:55 . 2009-03-22 22:42 -------- d-----w- c:\program files\Lavasoft 2009-07-03 13:26 . 2007-05-14 18:35 -------- d-----w- c:\program files\Windows Media Connect 2 2009-07-03 13:26 . 2005-01-02 23:15 -------- d-----w- c:\program files\Microsoft Works 2009-07-03 13:26 . 2009-03-18 16:52 -------- d-----w- c:\program files\DivX 2009-07-03 13:26 . 2006-03-05 18:06 -------- d-----w- c:\program files\eMule 2009-06-29 15:57 . 2004-08-05 18:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 15:57 . 2004-08-05 18:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 15:57 . 2004-08-05 18:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:40 . 2004-08-05 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 10:44 . 2004-08-05 18:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:14 . 2004-08-05 18:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2004-08-05 18:00 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-08-05 18:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2004-08-05 18:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2008-11-15 22:12 . 2008-11-15 22:12 14618605 ----a-w- c:\program files\vlc-0.9.6-win32.exe 2007-05-14 20:00 . 2007-05-14 20:00 4477566 ----a-w- c:\program files\quickzip.exe 2007-05-14 19:31 . 2007-05-14 19:31 25839688 ----a-w- c:\program files\wmp11-windowsxp-x86-FR-FR.exe 2006-03-05 18:05 . 2006-03-05 18:04 4653917 ----a-w- c:\program files\eMule0.47a-Installer.exe 2004-02-02 07:15 . 2006-07-12 20:59 393351002 ----a-w- c:\program files\Adobe Photoshop CS v.8.01 (version originale française) - fonctionnel - 14 jan 2004.zip . ((((((((((((((((((((((((((((( SnapShot@2009-08-03_11.30.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-21 14:33 . 2009-08-21 14:33 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat + 2009-08-21 14:33 . 2009-08-21 14:33 16384 c:\windows\Temp\Perflib_Perfdata_574.dat - 2005-01-02 22:54 . 2008-07-09 07:40 26488 c:\windows\system32\spupdsvc.exe + 2005-01-02 22:54 . 2007-07-27 08:41 26488 c:\windows\system32\spupdsvc.exe + 2009-06-15 10:44 . 2009-06-15 10:44 78848 c:\windows\system32\dllcache\telnet.exe + 2009-06-10 14:14 . 2009-06-10 14:14 85504 c:\windows\system32\dllcache\avifil32.dll + 2009-07-17 19:03 . 2009-07-17 19:03 58880 c:\windows\system32\dllcache\atl.dll + 2004-08-05 18:00 . 2009-07-13 21:43 286208 c:\windows\system32\dllcache\wmpdxm.dll + 2009-06-10 06:15 . 2009-06-10 06:15 132096 c:\windows\system32\dllcache\wkssvc.dll + 2004-08-05 18:00 . 2009-06-10 07:21 2066432 c:\windows\system32\dllcache\mstscax.dll + 2004-08-05 18:00 . 2009-07-13 21:43 10841088 c:\windows\system32\wmp.dll + 2006-02-22 06:39 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe + 2004-08-05 18:00 . 2009-07-13 21:43 10841088 c:\windows\system32\dllcache\wmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-03-24 3587120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-04 7307264] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-03 155648] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-27 185896] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-02 122368] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-02 148888] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c47e8bec651] 2009-07-31 11:58 121856 ----a-w- c:\windows\system32\HPZipr1232.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/12/2008 11:43 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2009 12:43 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 12:43 55024] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/12/2008 11:43 20560] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/01/2005 00:58 2799488] R3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [27/06/2005 19:09 140800] S2 gupdate1c9c4d7faa2b630;Service Google Update (gupdate1c9c4d7faa2b630);c:\program files\Google\Update\GoogleUpdate.exe [24/04/2009 14:27 133104] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [07/05/2009 12:23 1527900] S3 Mnmwdflt;Mnmwdflt; [x] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 12:43 7408] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] . Contents of the 'Scheduled Tasks' folder 2009-08-21 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-29 06:49] 2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 12:27] 2009-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 12:27] 2009-08-16 c:\windows\Tasks\{649EC021-AA3D-4F85-B5EA-065830B3E173}_NOM-EB85C523610_HP_Propriétaire.job - c:\windows\system32\mobsync.exe [2004-08-05 02:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8 Trusted Zone: orange.fr\www . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-21 16:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(540) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\System32\HPZipr1232.dll - - - - - - - > 'explorer.exe'(1484) c:\windows\System32\HPZipr1232.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PAStiSvc.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-21 16:38 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-21 14:38 ComboFix2.txt 2009-08-03 11:32 Pre-Run: 181 034 971 136 octets libres Post-Run: 180 984 594 432 octets libres 257 --- E O F --- 2009-08-13 10:08

Ok je fais comme sur l animation mais je n ai pas les petites barres vertes qui se mettent en route, juste la fenetre de l application combofix qui me propose d executer ou d annuler . Que dois je faire , svp ?

milles excuses mais je suis indécis ! Ou se trouve le fichier ComboFix.exe exactement ? Je le met directement sur le racourci combofix ou bien je clique sur executer et je le depose après ? Peur de faire une bourde !

Bonjour ! voici le rapport combofix . ComboFix 09-08-01.09 - HP_Propriétaire 03/08/2009 13:26.1.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1022.650 [GMT 2:00] Running from: c:\documents and settings\HP_Propriétaire\Bureau\35920-CF.exe AV: avast! antivirus 4.8.1335 [VPS 090802-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG c:\windows\system32\GroupPolicy000.dat c:\windows\system32\K0Sel.vbs c:\windows\system32\tmp.reg D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 ))))))))))))))))))))))))))))))) . 2009-08-02 23:43 . 2009-08-02 23:43 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-08-02 23:16 . 2009-08-03 10:31 -------- d-sh--w- c:\windows\system32\SystemX86 2009-08-02 13:33 . 2009-08-02 13:33 -------- d-----w- C:\rsit 2009-08-02 11:15 . 2009-08-02 11:15 -------- d-----w- c:\documents and settings\All Users\AVP 2009 2009-08-02 10:44 . 2009-08-02 10:44 -------- d-----w- C:\VundoFix Backups 2009-08-02 10:27 . 2009-08-02 10:36 -------- d-----w- c:\program files\Navilog1 2009-08-02 00:34 . 2009-08-02 10:09 -------- d-----w- c:\program files\LimeWire 2009-08-02 00:23 . 2009-08-02 00:23 -------- d-----w- c:\windows\system32\wbem\Repository 2009-08-01 23:09 . 2009-08-01 23:42 -------- d-sh--w- c:\windows\system32\SystemX86(2) 2009-08-01 21:07 . 2009-08-02 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-07-31 22:36 . 2009-08-02 00:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-31 22:36 . 2009-07-31 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-31 21:51 . 2009-07-31 21:51 0 ----a-w- c:\windows\nsreg.dat 2009-07-31 21:51 . 2009-08-02 00:34 -------- d-----w- c:\program files\Mozilla Firefox(2) 2009-07-31 13:17 . 2009-08-02 13:33 -------- d-----w- c:\program files\Trend Micro 2009-07-31 11:58 . 2009-07-31 11:58 121856 ----a-w- c:\windows\system32\HPZipr1232.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-03 10:31 . 2009-04-03 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-08-02 23:43 . 2005-01-02 22:50 -------- d-----w- c:\program files\Java 2009-08-02 23:15 . 2006-03-05 18:06 -------- d-----w- c:\program files\eMule 2009-08-02 12:39 . 2009-03-22 23:25 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-02 10:57 . 2009-03-22 22:42 -------- d-----w- c:\program files\Lavasoft 2009-08-02 00:34 . 2009-03-22 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-02 00:33 . 2008-07-27 21:13 -------- d-----w- c:\program files\EoRezo 2009-08-01 22:20 . 2005-01-02 23:27 -------- d-----w- c:\program files\Google 2009-07-31 11:58 . 2009-07-31 11:58 0 ----a-w- c:\windows\system32\1CB.tmp 2009-06-29 15:57 . 2004-08-05 18:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 15:57 . 2004-08-05 18:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 15:57 . 2004-08-05 18:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:40 . 2004-08-05 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2004-08-05 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-03 19:10 . 2004-08-05 18:00 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-05-15 11:56 . 2004-11-23 21:26 64724 ----a-w- c:\windows\system32\perfc00C.dat 2009-05-15 11:56 . 2004-11-23 21:26 446984 ----a-w- c:\windows\system32\perfh00C.dat 2009-05-07 15:33 . 2004-08-05 18:00 348672 ----a-w- c:\windows\system32\localspl.dll 2008-11-15 22:12 . 2008-11-15 22:12 14618605 ----a-w- c:\program files\vlc-0.9.6-win32.exe 2007-05-14 20:00 . 2007-05-14 20:00 4477566 ----a-w- c:\program files\quickzip.exe 2007-05-14 19:31 . 2007-05-14 19:31 25839688 ----a-w- c:\program files\wmp11-windowsxp-x86-FR-FR.exe 2006-03-05 18:05 . 2006-03-05 18:04 4653917 ----a-w- c:\program files\eMule0.47a-Installer.exe 2004-02-02 07:15 . 2006-07-12 20:59 393351002 ----a-w- c:\program files\Adobe Photoshop CS v.8.01 (version originale française) - fonctionnel - 14 jan 2004.zip . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-03-24 3587120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-04 7307264] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-03 155648] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-07-27 185896] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-02 122368] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-02 148888] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c47e8bec651] 2009-07-31 11:58 121856 ----a-w- c:\windows\system32\HPZipr1232.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/12/2008 11:43 114768] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2009 12:43 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 12:43 55024] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/12/2008 11:43 20560] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/01/2005 00:58 2799488] R3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [27/06/2005 19:09 140800] S2 gupdate1c9c4d7faa2b630;Service Google Update (gupdate1c9c4d7faa2b630);c:\program files\Google\Update\GoogleUpdate.exe [24/04/2009 14:27 133104] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [07/05/2009 12:23 1527900] S3 Mnmwdflt;Mnmwdflt; [x] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 12:43 7408] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - SASDIFSV . Contents of the 'Scheduled Tasks' folder 2009-08-03 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-29 06:49] 2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 12:27] 2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 12:27] 2009-08-02 c:\windows\Tasks\{649EC021-AA3D-4F85-B5EA-065830B3E173}_NOM-EB85C523610_HP_Propriétaire.job - c:\windows\system32\mobsync.exe [2004-08-05 02:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-RegistryDoktorFrNET - c:\program files\Registry_Doktor 4.1\RegistryDoktor.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-03 13:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(568) c:\windows\System32\HPZipr1232.dll c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'lsass.exe'(628) c:\windows\System32\HPZipr1232.dll . Completion time: 2009-08-03 13:31 ComboFix-quarantined-files.txt 2009-08-03 11:31 Pre-Run: 181 139 320 832 octets libres Post-Run: 181 155 577 856 octets libres 168 --- E O F --- 2009-07-29 11:30

Voilà les deux rapports RSIT demandés. Diagnostique?!!!!!!!!!

Logfile of random's system information tool 1.06 (written by random/random) Run by HP_Propriétaire at 2009-08-02 15:33:10 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 173 GB (74%) free of 232 GB Total RAM: 1022 MB (44% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:33:19, on 02/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Orange\systray\systrayapp.exe C:\Program Files\Orange\connectivity\connectivitymanager.exe C:\Program Files\Orange\browser\browser.exe C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\2HS20BNN\RSIT[1].exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\HP_Propriétaire.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navcli...fr&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [RegistryDoktorFrNET] C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.orange.fr O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - AppInit_DLLs: C:\WINDOWS\System32\HPZipr1232.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: c47e8bec651 - C:\WINDOWS\System32\HPZipr1232.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Service Google Update (gupdate1c9c4d7faa2b630) (gupdate1c9c4d7faa2b630) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 9777 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\{649EC021-AA3D-4F85-B5EA-065830B3E173}_NOM-EB85C523610_HP_Propriétaire.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-27 308856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}] EoBho Class - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL [2008-09-24 114688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-02 256112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-08-02 761840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-08-02 458736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-04-03 429816] {52836EB0-631A-47B1-94A6-61F9D9112DAE} - Veoh Video Compass - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll [2009-02-14 404216] {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-03-24 352256] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-08-02 256112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-04 7307264] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-11-03 155648] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-07-27 185896] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-08-02 122368] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-29 39408] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-04-03 3558648] "Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-03-24 3587120] ""= [] "RegistryDoktorFrNET"=C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-02 1830128] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\System32\HPZipr1232.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c47e8bec651] C:\WINDOWS\System32\HPZipr1232.dll [2009-07-31 121856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=FF000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player " "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3ec9dfd-579e-11de-866f-0013d3d4578d}] shell\Auto\command - AdobeR.exe e shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ======List of files/folders created in the last 1 months====== 2009-08-02 15:33:10 ----D---- C:\rsit 2009-08-02 12:57:17 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Lavasoft 2009-08-02 12:44:35 ----D---- C:\VundoFix Backups 2009-08-02 12:44:35 ----A---- C:\VundoFix.txt 2009-08-02 12:29:10 ----SHD---- C:\WINDOWS\system32\SystemX86 2009-08-02 12:28:10 ----A---- C:\cleannavi.txt 2009-08-02 12:27:36 ----D---- C:\Program Files\Navilog1 2009-08-02 02:34:28 ----D---- C:\Program Files\LimeWire 2009-08-02 01:09:14 ----SHD---- C:\WINDOWS\system32\SystemX86(2) 2009-08-01 23:07:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-01 00:36:34 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes 2009-08-01 00:36:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-08-01 00:36:28 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-07-31 23:51:41 ----D---- C:\Program Files\Mozilla Firefox(2) 2009-07-31 23:22:19 ----A---- C:\WINDOWS\system32\tmp.txt 2009-07-31 23:21:28 ----A---- C:\rapport.txt 2009-07-31 15:17:11 ----D---- C:\Program Files\Trend Micro 2009-07-31 13:58:47 ----A---- C:\WINDOWS\system32\1CB.tmp 2009-07-31 13:58:46 ----A---- C:\WINDOWS\system32\HPZipr1232.dll 2009-07-31 13:58:45 ----A---- C:\WINDOWS\system32\K0Sel.vbs 2009-07-20 23:27:26 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Icones 2009-07-16 08:06:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-16 08:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-16 08:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ ======List of files/folders modified in the last 1 months====== 2009-08-02 14:44:32 ----D---- C:\WINDOWS\Temp 2009-08-02 14:41:01 ----D---- C:\WINDOWS\system32\CatRoot2 2009-08-02 14:39:45 ----D---- C:\Program Files\SUPERAntiSpyware 2009-08-02 14:38:12 ----D---- C:\WINDOWS\Tasks 2009-08-02 14:36:47 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-08-02 13:30:33 ----D---- C:\WINDOWS\system32 2009-08-02 13:30:33 ----D---- C:\Program Files 2009-08-02 12:57:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-08-02 12:57:03 ----D---- C:\Program Files\Lavasoft 2009-08-02 12:50:14 ----D---- C:\WINDOWS 2009-08-02 11:44:05 ----SHD---- C:\WINDOWS\Installer 2009-08-02 11:39:09 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\EoRezo 2009-08-02 02:34:32 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-08-02 02:34:32 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-08-02 02:34:30 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2009-08-02 02:34:28 ----SHD---- C:\Config.Msi 2009-08-02 02:34:19 ----D---- C:\WINDOWS\system32\drivers 2009-08-02 02:33:47 ----D---- C:\Program Files\EoRezo 2009-08-02 02:33:45 ----HD---- C:\WINDOWS\inf 2009-08-02 02:24:50 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-08-02 02:23:19 ----D---- C:\WINDOWS\system32\config 2009-08-02 02:23:03 ----D---- C:\WINDOWS\system32\wbem 2009-08-02 02:23:03 ----D---- C:\WINDOWS\Registration 2009-08-02 02:05:15 ----D---- C:\WINDOWS\Prefetch 2009-08-02 00:20:38 ----D---- C:\Program Files\Google 2009-08-02 00:04:04 ----D---- C:\WINDOWS\system32\FxsTmp 2009-07-31 23:51:49 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\Mozilla 2009-07-31 14:22:09 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\LimeWire 2009-07-31 14:00:16 ----A---- C:\Documents and Settings\HP_Propriétaire\Application Data\QuickZip45.ini 2009-07-29 13:30:03 ----D---- C:\WINDOWS\system32\dllcache 2009-07-29 13:30:00 ----D---- C:\WINDOWS\system32\fr-fr 2009-07-29 13:30:00 ----D---- C:\Program Files\Internet Explorer 2009-07-29 13:29:52 ----D---- C:\WINDOWS\ie7updates 2009-07-29 12:14:03 ----HD---- C:\WINDOWS\$hf_mig$ 2009-07-21 21:36:39 ----D---- C:\Documents and Settings\HP_Propriétaire\Application Data\dvdcss 2009-07-19 15:29:21 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-07-19 15:29:19 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-07-16 14:27:49 ----D---- C:\WINDOWS\Debug 2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe 2009-07-03 23:24:29 ----D---- C:\Program Files\eMule ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] R1 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-04 3532544] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-03 2799488] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-30 3644928] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 PAC7311;VGA SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-06-27 140800] R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496] R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys [] S3 catchme;catchme; \??\C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452] S3 Mnmwdflt;Mnmwdflt; C:\WINDOWS\system32\drivers\Mnmwdflt.sys [] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800] S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\system32\ZDCndis5.SYS [] S4 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-04 131139] R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] S2 gupdate1c9c4d7faa2b630;Service Google Update (gupdate1c9c4d7faa2b630); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-24 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-03 183280] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-08-02 15:33:22 ======Uninstall list====== -->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.exe" REMOVEALL -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.exe" REMOVEALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000} ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{230CCBE9-14B0-4008-97AF-30C10F99E42C}\setup.exe" -l0x40c Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Décompression des fichiers-->C:\UNWISE.EXE C:\INSTALL.LOG DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN eMule-->"C:\Program Files\eMule\Uninstall.exe" Encyclopaedia Britannica 2007 Ultimate Reference Suite-->"C:\Program Files\Britannica 7.0\Ultimate Reference Suite DVD\UninstallerData\Uninstall Encyclopaedia Britannica 2007 Ultimate Reference Suite.exe" eoEngine 7.0-->"C:\Program Files\EoRezo\unins000.exe" Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466} High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC} HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4} InterVideo Home Theater-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.exe" REMOVEALL InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL Jack L'Eventreur-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAABC101-66C3-4708-A793-3EC0025EF348}\Setup.exe" Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Keyboard Driver-->C:\Program Files\InstallShield Installation Information\{BE91D678-5A3F-4912-BDF7-22F5236A34FA}\setup.exe -runfromtemp -l0x0409 K-Lite Codec Pack 4.6.2 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Le Louvre-->C:\WINDOWS\unvise32.exe C:\Program Files\Montparnasse multimedia - RMN\Le Louvre, Collections & palais\uninstal.log Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2000 Small Business-->MsiExec.exe /I{0003040C-78E1-11D2-B60F-006097C998E7} Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} muvee autoProducer 4.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7137AFD-4E43-47A6-BDC7-533808F72B36}\setup.exe" -l0x40c Navigateur Orange-->C:\Program Files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} Orange - Logiciels Internet-->C:\Program Files\Orange\installation\core\Installgui.exe -u Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall PC VGA Camera-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{E2A36CC2-531D-4BD7-BB75-69F51CB31305} /l1036 Pixia 3.3b-->"C:\Program Files\Seagrand\Pixia\unins000.exe" PS2-->C:\WINDOWS\system32\ps2.exe uninstall Quick Zip 4.60.017b-->"C:\Program Files\QuickZip4\unins000.exe" QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1036 Ramdam Classique-->"C:\WINDOWS\gotouninstall.exe" "C:\Program Files\GOTO.games\Ramdam Classique\GOTOUNINSTALL.INI" RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} TerraExplorer-->C:\Program Files\Skyline\TerraExplorer\Setup.exe [OP]/U Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2} Theme Hospital-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Bullfrog\Hospital\DeIsL1.isu" Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Veoh Video Compass-->C:\Program Files\Veoh Networks\Veoh Video Compass\uninst.exe Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe" VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Norton Internet Security AV: avast! antivirus 4.8.1335 [VPS 090801-0] ======System event log====== Computer Name: NOM-EB85C523610 Event Code: 7036 Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution. Record Number: 84198 Source Name: Service Control Manager Time Written: 20090704124146.000000+120 Event Type: Informations User: Computer Name: NOM-EB85C523610 Event Code: 7036 Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution. Record Number: 84197 Source Name: Service Control Manager Time Written: 20090704124146.000000+120 Event Type: Informations User: Computer Name: NOM-EB85C523610 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application. Record Number: 84196 Source Name: Service Control Manager Time Written: 20090704124146.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: NOM-EB85C523610 Event Code: 7036 Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution. Record Number: 84195 Source Name: Service Control Manager Time Written: 20090704124145.000000+120 Event Type: Informations User: Computer Name: NOM-EB85C523610 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI. Record Number: 84194 Source Name: Service Control Manager Time Written: 20090704124145.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: NOM-EB85C523610 Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur NOM-EB85C523610\HP_Propriétaire alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 5 Source Name: Userenv Time Written: 20090604151351.000000+120 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: NOM-EB85C523610 Event Code: 0 Message: Record Number: 4 Source Name: gusvc Time Written: 20090604133600.000000+120 Event Type: Informations User: Computer Name: NOM-EB85C523610 Event Code: 0 Message: Record Number: 3 Source Name: gusvc Time Written: 20090604133500.000000+120 Event Type: Informations User: Computer Name: NOM-EB85C523610 Event Code: 1000 Message: Application défaillante launcher.exe, version 1.0.128.739, module défaillant mfc71.dll, version 7.10.3077.0, adresse de défaillance 0x000291eb. Record Number: 2 Source Name: Application Error Time Written: 20090604095101.000000+120 Event Type: erreur User: Computer Name: NOM-EB85C523610 Event Code: 1002 Message: Application bloquée iexplore.exe, version 7.0.6000.16827, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Record Number: 1 Source Name: Application Hang Time Written: 20090604094731.000000+120 Event Type: erreur User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Fichiers communs\DivX Shared\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\ "CLASSPATH"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip -----------------EOF-----------------

Bonjour ! Gros soucis avec mon navigateur ie . En effet , quand je lance une recherche sur google les resultats sont long a s' afficher et je suis souvent redirigé vers d 'autres sites tels que urtbk.com ou bien yoteamo ou bien encore une adresse IP inconnue ..... A noter que celles- ci déclenchent systématiquement une alerte du bouclier réseau Avast (Connexion au site malveillant .... bloquée). J'ai remarqué que cela se produit nettement moins si j 'utilise le navigateur orange . J ' ai essayé superantispyware, adawre ,spybot ,le scan d' avast mais rien n y fait ! Le problème demeure. Please help me ?