Ewee

L'affichage est tout aussi exécrable sous Ubuntu... Il faut donc que je change ma carte graphique si j'ai bien compris. J'ai une petite interrogation à ce sujet, le fait que ma carte graphique ait "grillé" me paraissait bizarre au départ puisque l'affichage se restaurait par moments, c'est tout de même possible? Autrement, est-ce sûr que le souci ne vient pas de la carte mère? Ou d'un souci de compatibilité entre ces deux?

D'accord, j'essaie ça dès demain et je poste le résultat à ce moment-là! Merci bien

J'avais bien "Code 43" noté en effet, mais pas de résolution recommandée. Et non je n'ai pas touché au Bios. J'ai déjà désinstallé et réinstallé la carte graphique avec les derniers pilotes Nvidia plusieurs fois, mais ça n'y fait rien. J'essaierais volontiers avec une autre carte graphique mais je n'en ai malheureusement pas à ma disposition... Il n'y a rien que je puisse faire afin de confirmer que le problème vient bien de la carte? Parce que je n'ai pas d'autre solution que d'en acheter une autre, et ça m'ennuierait si le souci ne vient pas d'elle... Merci

Bonsoir, Je possède un PC fixe, sous Windows 7 x64, connecté à un téléviseur LG. Mon PC a environ 3 ans, et est équipé d'une carte graphique Nvidia GeForce 8800 Ultra. Il y a quelques mois, l'affichage a commencé à poser des soucis, et Windows me disait que le pilote graphique avait cessé de fonctionner et été relancé. Puis celui-ci se rétablissait, pour quelques heures à quelques jours. A présent, le pilote graphique n'est tout bonnement plus reconnu, ainsi: le bureau dépasse de l'écran, en modifiant la résolution le bureau se décale du cadre de l'écran, et l'affichage présente globalement des lignes verticales de couleur bleue et rouge. Affichage à l'écran Voici le message d'erreur présenté dans le gestionnaire de périphériques: Gestionnaire de périphériques Ainsi que celui présenté dans le panneau Nvidia: Panneau Nividia Ne sachant pas d'où vient le problème, j'ai bien dépoussiéré la carte graphique et la carte mère, vérifié les connexion entre celles-ci, tenté de reconnecter le PC à l'écran initial, réinstallé une version antérieure de Windows (XP Pro SP3), mais en vain. Je souhaiterais donc savoir si mon problème est logiciel ou matériel, et comment le résoudre (à savoir réaliser de quelconques installations, changer la carte graphique ou la carte mère, etc.) Je vous remercie par avance pour votre aide.

Bon, tout mon petit bazar a fini par marcher, tout va bien, merci!

--- 18h49 --- Bonjour, Il y a quelques heures, ne surfant pas sur le web, toutes mes applications se sont fermées et est apparu un message de "internet security" Impossible de relancer quoi que ce soit, que ça soit firefox ou photoshop, même le gestionnaire de taches, l'outil de restauration systeme, spybot ou ad aware... Après plusieurs reboot arrivant au même resultat, j'ai tenté de lancer en mode sans échec, sans succès. Jusqu'a ce que le pc "crashe" et me demande si je souhaite le lancer en mode normal ou sans echec. Seulement, mon clavier et ma souris ne repondent plus, c'est probablement pour cela que je n'ai pas pu lancer le mode sans echec avant le crash. Je ne peux donc rien selectionner, et l'ordinateur se lance en mode sans echec, jusqu'a l'écran "réparation du démarrage" ou je dois cliquer pour continuer, impossible sans clavier ni souris. Et j'ai beau redémarrer, j'en reviens donc toujours à cet écran. La souris et le clavier ne sont pas en cause, ni les ports usb sur lesquels ils sont branchés, j'ai essayé plusieurs souris et ports... Bref, je suis completement coincé. Merci par avance pour votre aide --- 19h21 --- Evolution dans l'affaire: En débranchant SSD et DD et en rebootant avec uniquement la carte mere, souris et clavier son revenus. J'ai donc pu remettre le stockage et lancer un mode sans echec. Actuellement, je fais tourner des anti virus, spywares, malwares pour voir ce qu'ils trouvent... -édit- Dans cette section, il ne faut pas multiplier les messages dans ton sujet avant d'avoir été pris en charge : au vu de la présence d'une « réponse », les helpers ne s'y intéresseront pas, croyant le problème pris en mains par l'un des leurs. Utilise plutôt le bouton « Modifier » qui se trouve en bas de ton premier message…

Il s'agit d'un PC fixe, et ma version est la 64bits. J'avais déjà essayé d'installer des versions antérieures du pilote (qui étaient préalablement bien supportées par mon ordinateur) et ça n'avait rien changé. Hier l'affichage est redevenu normal, et j'ai pu installer le dernier pilote de ma carte. Je ne sais pas si cela va durer, mais depuis hier l'affichage est restauré et il n'y a eu aucun plantage. Je ne sais pas d'où vient le problème, mais il ne s'est pas représenté pour l'instant. J'ai également ouvert le PC, l'alimentation est bonne, j'ai dépoussiéré la carte mère, la carte graphique et les trois ventilateurs. Il ne semble y avoir aucun problème pour ce qui est de l'installation de ma carte graphique.

En mon absence, j'avais laissé mon PC allumé, suite à un échec lors de l'installation du pilote de la carte graphique que j'avais téléchargé (le même que celui que vous m'avez demandé d'installer). A mon retour l'affichage étant redevenu normal, j'ai pu correctement installer ma carte graphique, puis tout a de nouveau planté, et j'ai dû redémarrer. J'ai donc désinstallé le pilote actuel, puis réinstallé ce-dernier à partir de votre lien comme vous me l'avez demandé, l'affichage n'est toujours pas bon. Windows m'affiche toujours le même message d'erreur. Une autre idée?

Bonjour, Je dispose d'un PC sous Windows 7 branché via un câble VGA à un téléviseur LG. Cette configuration fonctionnait parfaitement bien jusqu'à début janvier, où j'ai commencé à avoir des soucis d'affichage. Le problème me semble venir de ma carte graphique Nvidia, modèle GEForce 8800 Ultra. En effet, j'ai commencé à avoir des arrêts de l'affichage alors que Team Fortress était lancé, me renvoyant au bureau Windows, mais celui-ci repartait peu après, avec un message me disant que le pilote d'affichage Nvidia avait été récupéré. Peu après, ces arrêts me faisaient planter le jeu, que je devais quitter depuis le gestionnaire des tâches, mais je pouvais alors reprendre mes activités. Puis ceux-ci me plantaient totalement le PC que je devais redémarrer. A la suite de cela, il arrivait que le PC ne démarre plus avec un affichage correct, m'obligeant à redémarrer une ou plusieurs fois. Mais le PC finissait par redémarrer avec un affichage correct. Ce n'est à présent plus la cas. J'ai totalement reformaté le PC, réinstallé Windows 7, réinstallé tous les pilotes depuis le site Ma-Config, et le gestionnaire de périphériques continue de me dire que le pilote est mal installé. L'affichage reste très mauvais la plupart du temps, mais redevient correct par moments, sans que le pilote de la carte graphique ne soit correctement installé pour autant. Voici 2 images vous permettant de visualiser le problème: - capture d'écran du gestionnaire de périphériques avec le message d'erreurs Windows http://img85.imageshack.us/img85/6172/58390335.jpg - photo de l'écran de ma télévision vous illustrant mon problème d'affichage http://img718.imageshack.us/img718/9734/12012012586.jpg J'ai tenté de réinstaller différents pilotes correspondant à ma carte graphique depuis le site Nvidia, en vain. Auriez-vous une idée concernant la source de mon problème et une éventuelle solution à me proposer? Merci par avance pour votre aide.

Bonjour, Je suis sur le point de faire l'acquisition d'un nouveau jouet. N'étant pas expert dans ce domaine, j'aurais voulu avoir vos conseils avisés quant à la configuration de ce dernier. A l'heure actuelle, j'en suis là: Top Achat: Configuration du 1 10 2011 16:21:10 Qu'en pensez-vous? Merci par avance pour vos réponses.

Bonjour Ok, alors que me conseilleriez-vous? Changer mon Windows peut-être? Le fait que ce Windows soit "exotique" peut être à l'origine de soucis de fonctionnement du PC? Merci.

Oh... Je n'ai que ça... Il va falloir que je change de système d'exploitation (avec formatage etc...) ??!

Bonsoir, Cela fait maintenant près d'une semaine que mon PC plante sans raison. Mon ordinateur se fige sans crier gare. Je dois totalement l'éteindre et le rallumer, parce qu'en redémarrant il re-plante pendant le redémarrage (Windows se fige de nouveau, ou les hauts-parleurs témoignent du démarrage de Windows mais l'image reste figée bien plus tôt...). Assez souvent aussi mon lecteur CD s'ouvre... J'ai supposé qu'il s'agissait probablement d'une infection... Je souhaiterais savoir d'où me vient ce problème, et comment le réparer. Il s'agit d'un PC de bureau qui tourne sous Windows XP SP3. Avira est installé et paramétré selon vos tutoriaux, ainsi que ZoneAlarm et Spybot. Les analyses anti-virus et anti-malwares ont donné des résultats, mais après "correction" des problèmes signalés grâce à ces mêmes logiciels, pas d'amélioration. Conformément à ce que j'ai lu dans la procédure, je vous joins un rapport HijackThis, en espérant que vous pourrez m'aider à trouver l'origine de ces soucis, s'ils viennent bien d'une infection tout au moins... Rapport HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:43:38, on 05/07/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21073) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Zonelabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - Q:\Jeux\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: Service Google Update (gupdate1ca407a69b35f52) (gupdate1ca407a69b35f52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\Zonelabs\vsmon.exe -- End of file - 5928 bytes Voilà, merci par avance pour votre attention et votre aide!

Merci beaucoup!!!! =D C'est génial!!

Ok, c'est fait. Eh bien vraiment très bien. Il n'y a pas l'air d'y avoir un quelconque souci!! Ah oui, j'aurais voulu savoir: sur le pc portable il n'y avait pas non plus d'anti-virus (je l'ai installé en même temps que sur le fixe donc...), les analyses de Antivir et ZoneAlarm suffisent-elles à éliminer les menaces qu'il a accumulé? Ou dois-je utiliser un autre logiciel? D'accord, je verrai ça. Merci beaucoup, c'est vraiment génial en tout cas, mon pc remarche parfaitement!! =D

Non pas de soucis, pour moi c'est parfait! Pour ComboFix ça semble pas mal aussi, il m'a dit "successfully restored!" avec un sourire Voilà son rapport: ComboFix 09-11-09.02 - Administrateur 11/11/2009 23:38.8.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2657 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\system32\dllcache\explorer.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-11 au 2009-11-11 )))))))))))))))))))))))))))))))))))) . 2009-11-11 22:35 . 2009-11-11 22:35 4224 ----a-w- c:\windows\system32\dllcache\beep.sys 2009-11-11 22:35 . 2009-11-11 22:35 59904 ----a-w- c:\windows\system32\dllcache\regsvc.dll 2009-11-11 22:34 . 2009-11-11 22:34 1037824 ------w- c:\windows\system32\dllcache\explorer.exe 2009-11-11 11:46 . 2009-11-11 22:42 729120 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-11 11:05 . 2009-11-11 11:05 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2009-11-11 11:04 . 2009-11-11 11:04 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2009-11-11 10:57 . 2009-11-11 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier 2009-11-11 10:57 . 2008-07-09 08:05 42384 ----a-w- c:\windows\zllsputility_loc040c.dll 2009-11-11 10:57 . 2008-07-09 08:05 21904 ----a-w- c:\windows\system32\imsinstall_loc040c.dll 2009-11-11 10:57 . 2008-07-09 08:05 17808 ----a-w- c:\windows\system32\imslsp_install_loc040c.dll 2009-11-11 10:57 . 2008-07-09 08:05 75248 ----a-w- c:\windows\zllsputility.exe 2009-11-11 10:57 . 2004-04-27 03:40 11264 ----a-w- c:\windows\system32\SpOrder.dll 2009-11-11 10:57 . 2008-07-09 08:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll 2009-11-11 10:36 . 2009-11-11 11:00 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-11-11 10:36 . 2009-11-11 10:36 -------- d-----w- c:\program files\Zone Labs 2009-11-11 10:35 . 2009-11-11 11:46 -------- d-----w- c:\windows\system32\Zonelabs 2009-11-11 10:33 . 2009-11-11 10:33 -------- d-----w- C:\_OTM 2009-11-11 09:53 . 2009-11-11 09:55 -------- d-----w- C:\FR-files 2009-11-11 09:49 . 2009-11-11 09:54 -------- d-----w- C:\WinFileReplace 2009-11-10 22:49 . 2008-07-09 08:05 54672 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2009-11-10 22:49 . 2008-07-09 08:05 83432 ----a-w- c:\windows\system32\zlcomm.dll 2009-11-10 22:49 . 2008-07-09 08:05 71144 ----a-w- c:\windows\system32\zlcommdb.dll 2009-11-10 18:20 . 2009-11-10 18:20 -------- d-----w- c:\windows\Nouveau dossier 2009-11-10 12:50 . 2009-11-11 17:39 -------- d-----w- c:\program files\trend micro 2009-11-10 12:50 . 2009-11-10 12:52 -------- d-----w- C:\rsit 2009-11-10 11:34 . 2009-11-10 11:34 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-11-10 11:32 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-10 11:32 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-10 11:32 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-10 11:32 . 2009-11-10 11:32 -------- d-----w- c:\program files\Avira 2009-11-10 11:32 . 2009-11-10 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-09 23:03 . 2009-11-10 12:20 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-09 21:54 . 2009-11-09 21:54 691712 ----a-w- c:\windows\is-RQG47.exe 2009-11-09 21:47 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-11-09 21:46 . 2009-08-24 13:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-11-09 21:46 . 2009-08-19 10:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-11-09 21:46 . 2009-11-09 21:47 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-11-09 21:46 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-11-09 21:46 . 2009-11-09 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-11-09 21:46 . 2009-11-09 21:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\PC Tools 2009-11-09 21:12 . 2009-11-09 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-11-09 21:07 . 2009-03-31 18:20 1221512 ----a-w- c:\windows\system32\zpeng25.dll 2009-11-09 21:03 . 2009-11-11 22:33 -------- d-----w- c:\windows\Internet Logs 2009-11-09 19:46 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-09 19:46 . 2009-11-09 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-09 19:46 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-09 19:46 . 2009-11-10 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-09 17:55 . 2009-11-09 17:55 -------- d-----w- c:\program files\Alwil Software 2009-11-09 16:58 . 2009-11-09 16:58 -------- d-----w- c:\program files\Enigma Software Group 2009-11-08 22:27 . 2009-11-08 22:27 442 ---ha-w- C:\aaw7boot.cmd 2009-11-08 22:03 . 2009-11-11 10:31 -------- d-----w- c:\documents and settings\LocalService\Bureau 2009-11-08 21:02 . 2009-11-08 21:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Lavasoft 2009-11-08 20:58 . 2009-11-08 20:58 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-08 20:57 . 2009-11-11 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-11-08 20:45 . 2009-11-09 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-08 20:21 . 2009-11-08 20:21 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2009-11-08 20:20 . 2009-11-08 20:20 -------- d-----r- c:\documents and settings\LocalService\Favoris 2009-11-08 20:11 . 2009-11-08 20:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-11-08 20:10 . 2009-11-08 20:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-08 19:53 . 2009-11-08 19:53 -------- d-----w- c:\windows\system32\LogFiles 2009-11-08 19:40 . 2009-11-08 19:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Broad Intelligence 2009-11-08 19:16 . 2009-11-08 19:50 -------- d-----w- c:\program files\Total Video Converter 2009-11-06 16:58 . 2009-11-06 16:58 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-02 17:40 . 2009-11-02 17:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp 2009-10-30 11:50 . 2009-10-30 11:50 -------- d-----w- c:\program files\iPod 2009-10-30 11:50 . 2009-10-30 11:50 -------- d-----w- c:\program files\iTunes 2009-10-30 11:47 . 2009-10-30 11:47 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-29 22:28 . 2009-10-30 10:45 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\CutePDF Writer 2009-10-29 22:18 . 2009-10-29 22:18 -------- d-----w- c:\program files\GPLGS 2009-10-29 22:18 . 2007-07-12 21:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2009-10-29 22:18 . 2009-10-29 22:18 -------- d-----w- c:\program files\Acro Software 2009-10-29 07:35 . 2009-10-29 07:35 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe 2009-10-27 20:44 . 2009-10-30 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\TmForever 2009-10-27 20:42 . 2009-10-27 20:43 -------- d-----w- c:\program files\TmNationsForever 2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Talkback 2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Thunderbird 2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Thunderbird 2009-10-18 17:27 . 2009-10-18 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-10-18 17:27 . 2009-10-18 17:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\AVS4YOU 2009-10-18 17:26 . 2009-10-18 18:03 -------- d-----w- c:\program files\Fichiers communs\AVSMedia 2009-10-18 17:26 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll 2009-10-18 17:26 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll 2009-10-18 17:26 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-10-18 17:26 . 2009-10-18 18:03 -------- d-----w- c:\program files\AVS4YOU 2009-10-18 17:26 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2009-10-18 17:26 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll 2009-10-18 17:18 . 2009-10-18 17:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\FreeVideoConverter 2009-10-18 10:47 . 2009-10-18 10:48 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GetRight 2009-10-16 15:33 . 2009-10-16 15:33 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DAEMON Tools Pro 2009-10-15 15:38 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll 2009-10-15 15:38 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2009-10-15 15:38 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2009-10-15 15:38 . 2009-10-13 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-10-15 15:38 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-10-15 15:38 . 2009-10-15 15:38 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-10-15 15:29 . 2009-11-11 12:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc 2009-10-15 15:28 . 2009-10-15 15:28 -------- d-----w- c:\program files\VideoLAN 2009-10-15 14:52 . 2009-10-15 14:52 -------- d-----w- c:\program files\Guitar Pro 5 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-11 22:42 . 2009-08-01 08:48 16608 ----a-w- c:\windows\gdrv.sys 2009-11-11 22:40 . 2009-11-11 11:46 9548 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-11-11 22:34 . 2008-05-02 22:57 1037824 ----a-w- c:\windows\explorer.exe 2009-11-11 19:08 . 2009-08-18 16:16 -------- d-----w- c:\program files\Free Video Converter 2009-11-11 11:55 . 2009-09-21 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-11 10:35 . 2009-11-11 10:35 75349 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_42_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75249 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_30_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75209 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_38_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 52401 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_27_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75119 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_24_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 74862 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_19_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 74752 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_09_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 73519 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_15_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 14903105 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_30_59_full.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75145 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_30_56_small.dmp.zip 2009-11-10 12:23 . 2009-07-31 17:12 -------- d-----w- c:\program files\TaskSwitchXP 2009-11-08 21:02 . 2009-07-31 17:11 -------- d-----w- c:\program files\Ad-Aware 2009-11-08 20:41 . 2009-08-09 15:03 95056 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-08 20:41 . 2009-11-08 20:41 -------- d-----w- c:\program files\microsoft frontpage 2009-11-08 16:11 . 2009-08-09 15:03 -------- d-----w- c:\program files\Messenger Plus! Live 2009-11-07 13:42 . 2009-08-09 18:29 -------- d-----w- c:\program files\BitComet 2009-11-06 16:58 . 2009-10-02 14:03 -------- d-----w- c:\program files\Java 2009-11-06 16:39 . 2009-08-11 08:56 -------- d-----w- c:\program files\Steam 2009-11-06 15:13 . 2009-09-23 18:52 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss 2009-11-01 16:19 . 2009-10-04 11:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Bioshock 2009-10-31 00:06 . 2009-09-23 17:44 921512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-30 11:49 . 2009-08-15 15:11 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-10-29 15:14 . 2009-08-09 16:05 -------- d-----w- c:\program files\Warcraft III 2009-10-25 12:27 . 2008-05-02 22:57 83948 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-25 12:27 . 2008-05-02 22:57 510632 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-23 20:27 . 2009-07-31 17:12 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-10-17 14:41 . 2009-08-24 13:38 -------- d-----w- c:\program files\abgx360 2009-10-11 21:29 . 2009-10-11 21:29 -------- d-----w- c:\program files\APCS4F 2009-10-11 03:17 . 2009-10-03 10:16 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-04 11:18 . 2009-10-04 11:18 108144 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-10-04 11:11 . 2009-08-01 08:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-03 10:16 . 2009-10-03 10:16 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-10-02 18:00 . 2009-10-02 18:00 -------- d-----w- c:\program files\Microsoft 2009-10-02 14:09 . 2009-10-02 14:09 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Graphisoft 2009-10-02 14:07 . 2009-10-02 14:07 -------- d-----w- c:\program files\WIBUKEY 2009-10-02 14:07 . 2009-10-02 14:07 -------- d-----w- c:\program files\WIBU-SYSTEMS 2009-10-02 14:04 . 2009-10-02 14:04 -------- d-----w- c:\program files\Graphisoft 2009-10-02 14:03 . 2009-10-02 14:03 -------- d-----w- c:\program files\Fichiers communs\Java 2009-09-28 20:30 . 2009-09-28 20:29 -------- d-----w- c:\program files\Google 2009-09-26 12:44 . 2009-09-23 17:47 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Autodesk 2009-09-26 12:05 . 2009-09-26 11:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\EPSON 2009-09-26 12:02 . 2009-08-24 13:00 -------- d-----w- c:\program files\EPSON 2009-09-24 10:44 . 2009-09-24 09:13 -------- d-----w- c:\program files\FairUse Wizard 2 2009-09-24 09:05 . 2009-09-24 09:05 -------- d-----w- c:\program files\IVCsoft 2009-09-24 08:54 . 2009-09-24 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-09-24 08:53 . 2009-09-24 08:53 -------- d-----w- c:\program files\DVD Shrink 2009-09-23 19:05 . 2009-09-23 19:05 -------- d-----w- c:\program files\VirtualDubMOD 2009-09-23 18:52 . 2009-09-23 18:52 -------- d-----w- c:\program files\Xilisoft 2009-09-23 18:12 . 2009-09-23 18:12 36864 ----a-w- c:\documents and settings\Administrateur\Application Data\Autodesk\AutoCAD 2010\R18.0\fra\ContextualTabSelectorRules.dll 2009-09-23 18:01 . 2009-09-23 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-09-23 17:49 . 2009-09-23 17:47 -------- d-----w- c:\program files\Fichiers communs\Autodesk Shared 2009-09-23 17:49 . 2009-09-23 17:47 -------- d-----w- c:\program files\AutoCAD 2010 2009-09-23 17:48 . 2009-09-23 17:48 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared 2009-09-23 17:47 . 2009-09-23 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-09-23 17:44 . 2009-09-23 17:44 -------- d-----w- c:\program files\Reference Assemblies 2009-09-23 08:53 . 2009-08-15 15:12 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer 2009-09-23 08:52 . 2009-09-23 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-23 08:52 . 2009-09-23 08:51 -------- d-----w- c:\program files\QuickTime 2009-09-23 08:51 . 2009-08-15 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-22 19:58 . 2009-09-22 19:58 -------- d-----w- c:\program files\AviSynth 2.5 2009-09-22 19:58 . 2009-09-22 19:58 -------- d-----w- c:\program files\eRightSoft 2009-09-21 21:03 . 2009-09-21 21:02 -------- d-----w- c:\program files\MediaCoder 2009-09-21 18:11 . 2009-09-21 18:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\STOIK 2009-09-16 14:57 . 2009-07-31 17:11 -------- d-----w- c:\program files\Cpu-z 2009-08-28 17:42 . 2009-08-15 15:11 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-28 17:42 . 2009-08-15 15:11 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-21 23:50 . 2009-08-21 23:50 1924440 ----a-w- c:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-08-21 00:06 . 2009-08-21 00:06 137 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat 2009-08-18 16:12 . 2009-08-18 16:12 81920 ----a-w- c:\documents and settings\Administrateur\Application Data\ezpinst.exe 2009-08-18 16:12 . 2009-08-18 16:12 81920 ----a-w- c:\documents and settings\Administrateur\Application Data\ezpinst.exe 2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\documents and settings\Administrateur\Application Data\pcouffin.sys 2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\documents and settings\Administrateur\Application Data\pcouffin.sys 2006-05-03 09:06 . 2009-09-22 19:58 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2009-09-22 19:58 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2009-09-22 19:58 216064 --sh--r- c:\windows\system32\nbDX.dll . ------- Sigcheck ------- [7] 2009-11-11 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2008-05-02 . A9658459BB4F4EE00FA117C9382C0D3A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [7] 2009-11-11 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll c:\windows\system32\drivers\beep.sys ... manque !! c:\windows\system32\regsvc.dll ... manque !! . ((((((((((((((((((((((((((((( SnapShot@2009-11-11_15.03.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-11 22:42 . 2009-11-11 22:42 16384 c:\windows\temp\Perflib_Perfdata_ac.dat + 2009-11-11 22:42 . 2009-11-11 22:42 16384 c:\windows\temp\Perflib_Perfdata_2f0.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LMDVox"="c:\program files\Micro Application\Votre PC prend la parole\LMDVox.exe" [2007-12-18 456704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "DNS7reminder"="c:\program files\Drangon Speaking\Ereg\Ereg.exe" [2007-03-19 259624] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-05-02 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-05-02 679936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "SerialNumber"="A109A-K13-3ZXD-BAP5-TE" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Electronic Arts\\L'Ave`nement du Roi-sorcier\\game.dat"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "24895:TCP"= 24895:TCP:BitComet 24895 TCP "24895:UDP"= 24895:UDP:BitComet 24895 UDP "60002:TCP"= 60002:TCP:BitComet 60002 TCP "60002:UDP"= 60002:UDP:BitComet 60002 UDP R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [02/05/2008 23:57 76208] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [02/05/2008 23:57 210224] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2009 12:32 108289] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [01/08/2009 09:49 80392] S2 57xx SteelVine Manager;57xx SteelVine;c:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [20/08/2007 10:42 1282048] S2 gupdate1ca407a69b35f52;Service Google Update (gupdate1ca407a69b35f52);c:\program files\Google\Update\GoogleUpdate.exe [28/09/2009 21:29 133104] S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [02/10/2009 15:07 16384] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mbr . Contenu du dossier 'Tâches planifiées' 2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 20:29] 2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 20:29] . . ------- Examen supplémentaire ------- . uStart Page = www.google.com uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-ITBar7Layout - (no file) Toolbar-ITBar7Position - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-11 23:42 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkt.sys >>UNKNOWN [0x8A8F9938]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB7DFAB40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,90,37,18,15,68,36,45,96,23,c9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,90,37,18,15,68,36,45,96,23,c9,\ [HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,84,1d,6c,71,42,23,44,89,60,c4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,84,1d,6c,71,42,23,44,89,60,c4,\ [HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:06,69,b0,20,2a,9c,a4,37,de,39,5c,c9,3b,3d,dc,99,c9,02,c2,fe,90,3e,2f, 54,5e,c2,b4,ca,72,ac,9d,d5,b3,ce,16,11,9c,23,cc,be,af,ad,bd,9f,b7,40,6b,f4,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 [HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\SecuROM\License information*] "datasecu"=hex:a9,1c,2f,c5,f0,44,3f,2e,47,3a,df,c0,56,83,05,ce,8e,2d,77,dd,d6, 8b,d0,ae,72,ba,85,d9,39,9b,20,32,07,ac,50,df,ce,37,cc,f3,15,f0,bb,4b,c4,49,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(920) c:\windows\system32\SETUPAPI.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(976) c:\windows\system32\setupapi.dll - - - - - - - > 'explorer.exe'(2716) c:\windows\system32\SHDOCVW.dll c:\windows\system32\COMRes.dll c:\program files\Windows Media Player\wmpband.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-11-11 23:48 - La machine a redémarré ComboFix-quarantined-files.txt 2009-11-11 22:48 ComboFix2.txt 2009-11-11 18:58 ComboFix3.txt 2009-11-11 17:38 ComboFix4.txt 2009-11-11 15:07 ComboFix5.txt 2009-11-11 22:37 Avant-CF: 112 951 525 376 octets libres Après-CF: 112 898 605 056 octets libres - - End Of File - - CCBDE9479F73F3065672D9E03F89A32D

Okay, c'est fait: SystemLook v1.0 by jpshortstuff (29.08.09) Log created at 22:19 on 11/11/2009 by Administrateur (Administrator - Elevation successful) Invalid Context: first ========== filefind ========== Searching for "explorer.exe" C:\WINDOWS\explorer.exe --a--- 2013696 bytes [22:57 02/05/2008] [22:57 02/05/2008] B274CD31CE272AE79CFDB34D19D6B33F Searching for "beep.sys" No files found. Searching for "regsvc.dll" No files found. -=End Of File=- Oui oui! Déjà j'arrive à bien me servir du pc, ce qui n'était pas du tout le cas! Donc ça semble déjà très bien tout ça!!

Ok, voilà le dernier rapport ComboFix: ComboFix 09-11-09.02 - Administrateur 11/11/2009 19:50.7.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2675 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-11 au 2009-11-11 )))))))))))))))))))))))))))))))))))) . 2009-11-11 11:46 . 2009-11-11 18:54 632864 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-11 11:05 . 2009-11-11 11:05 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2009-11-11 11:04 . 2009-11-11 11:04 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2009-11-11 10:57 . 2009-11-11 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier 2009-11-11 10:57 . 2008-07-09 08:05 42384 ----a-w- c:\windows\zllsputility_loc040c.dll 2009-11-11 10:57 . 2008-07-09 08:05 21904 ----a-w- c:\windows\system32\imsinstall_loc040c.dll 2009-11-11 10:57 . 2008-07-09 08:05 17808 ----a-w- c:\windows\system32\imslsp_install_loc040c.dll 2009-11-11 10:57 . 2008-07-09 08:05 75248 ----a-w- c:\windows\zllsputility.exe 2009-11-11 10:57 . 2004-04-27 03:40 11264 ----a-w- c:\windows\system32\SpOrder.dll 2009-11-11 10:57 . 2008-07-09 08:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll 2009-11-11 10:36 . 2009-11-11 11:00 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-11-11 10:36 . 2009-11-11 10:36 -------- d-----w- c:\program files\Zone Labs 2009-11-11 10:35 . 2009-11-11 11:46 -------- d-----w- c:\windows\system32\Zonelabs 2009-11-11 10:33 . 2009-11-11 10:33 -------- d-----w- C:\_OTM 2009-11-11 09:53 . 2009-11-11 09:55 -------- d-----w- C:\FR-files 2009-11-11 09:49 . 2009-11-11 09:54 -------- d-----w- C:\WinFileReplace 2009-11-10 22:49 . 2008-07-09 08:05 54672 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2009-11-10 22:49 . 2008-07-09 08:05 83432 ----a-w- c:\windows\system32\zlcomm.dll 2009-11-10 22:49 . 2008-07-09 08:05 71144 ----a-w- c:\windows\system32\zlcommdb.dll 2009-11-10 18:20 . 2009-11-10 18:20 -------- d-----w- c:\windows\Nouveau dossier 2009-11-10 12:50 . 2009-11-11 17:39 -------- d-----w- c:\program files\trend micro 2009-11-10 12:50 . 2009-11-10 12:52 -------- d-----w- C:\rsit 2009-11-10 11:34 . 2009-11-10 11:34 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-11-10 11:32 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-10 11:32 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-10 11:32 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-10 11:32 . 2009-11-10 11:32 -------- d-----w- c:\program files\Avira 2009-11-10 11:32 . 2009-11-10 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-09 23:03 . 2009-11-10 12:20 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-09 21:54 . 2009-11-09 21:54 691712 ----a-w- c:\windows\is-RQG47.exe 2009-11-09 21:47 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-11-09 21:46 . 2009-08-24 13:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-11-09 21:46 . 2009-08-19 10:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-11-09 21:46 . 2009-11-09 21:47 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-11-09 21:46 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-11-09 21:46 . 2009-11-09 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-11-09 21:46 . 2009-11-09 21:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\PC Tools 2009-11-09 21:12 . 2009-11-09 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-11-09 21:07 . 2009-03-31 18:20 1221512 ----a-w- c:\windows\system32\zpeng25.dll 2009-11-09 21:03 . 2009-11-11 18:47 -------- d-----w- c:\windows\Internet Logs 2009-11-09 19:46 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-09 19:46 . 2009-11-09 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-09 19:46 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-09 19:46 . 2009-11-10 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-09 17:55 . 2009-11-09 17:55 -------- d-----w- c:\program files\Alwil Software 2009-11-09 16:58 . 2009-11-09 16:58 -------- d-----w- c:\program files\Enigma Software Group 2009-11-08 22:27 . 2009-11-08 22:27 442 ---ha-w- C:\aaw7boot.cmd 2009-11-08 22:03 . 2009-11-11 10:31 -------- d-----w- c:\documents and settings\LocalService\Bureau 2009-11-08 21:02 . 2009-11-08 21:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Lavasoft 2009-11-08 20:58 . 2009-11-08 20:58 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-08 20:57 . 2009-11-11 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-11-08 20:45 . 2009-11-09 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-08 20:21 . 2009-11-08 20:21 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2009-11-08 20:20 . 2009-11-08 20:20 -------- d-----r- c:\documents and settings\LocalService\Favoris 2009-11-08 20:11 . 2009-11-08 20:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-11-08 20:10 . 2009-11-08 20:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-08 19:53 . 2009-11-08 19:53 -------- d-----w- c:\windows\system32\LogFiles 2009-11-08 19:40 . 2009-11-08 19:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Broad Intelligence 2009-11-08 19:16 . 2009-11-08 19:50 -------- d-----w- c:\program files\Total Video Converter 2009-11-06 16:58 . 2009-11-06 16:58 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-02 17:40 . 2009-11-02 17:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp 2009-10-30 11:50 . 2009-10-30 11:50 -------- d-----w- c:\program files\iPod 2009-10-30 11:50 . 2009-10-30 11:50 -------- d-----w- c:\program files\iTunes 2009-10-30 11:47 . 2009-10-30 11:47 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-29 22:28 . 2009-10-30 10:45 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\CutePDF Writer 2009-10-29 22:18 . 2009-10-29 22:18 -------- d-----w- c:\program files\GPLGS 2009-10-29 22:18 . 2007-07-12 21:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2009-10-29 22:18 . 2009-10-29 22:18 -------- d-----w- c:\program files\Acro Software 2009-10-29 07:35 . 2009-10-29 07:35 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe 2009-10-27 20:44 . 2009-10-30 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\TmForever 2009-10-27 20:42 . 2009-10-27 20:43 -------- d-----w- c:\program files\TmNationsForever 2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Talkback 2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Thunderbird 2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Thunderbird 2009-10-18 17:27 . 2009-10-18 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-10-18 17:27 . 2009-10-18 17:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\AVS4YOU 2009-10-18 17:26 . 2009-10-18 18:03 -------- d-----w- c:\program files\Fichiers communs\AVSMedia 2009-10-18 17:26 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll 2009-10-18 17:26 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll 2009-10-18 17:26 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-10-18 17:26 . 2009-10-18 18:03 -------- d-----w- c:\program files\AVS4YOU 2009-10-18 17:26 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2009-10-18 17:26 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll 2009-10-18 17:18 . 2009-10-18 17:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\FreeVideoConverter 2009-10-18 10:47 . 2009-10-18 10:48 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GetRight 2009-10-16 15:33 . 2009-10-16 15:33 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DAEMON Tools Pro 2009-10-15 15:38 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll 2009-10-15 15:38 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2009-10-15 15:38 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2009-10-15 15:38 . 2009-10-13 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-10-15 15:38 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-10-15 15:38 . 2009-10-15 15:38 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-10-15 15:29 . 2009-11-11 12:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc 2009-10-15 15:28 . 2009-10-15 15:28 -------- d-----w- c:\program files\VideoLAN 2009-10-15 14:52 . 2009-10-15 14:52 -------- d-----w- c:\program files\Guitar Pro 5 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-11 18:54 . 2009-08-01 08:48 16608 ----a-w- c:\windows\gdrv.sys 2009-11-11 18:52 . 2009-11-11 11:46 8420 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-11-11 18:34 . 2009-08-18 16:16 -------- d-----w- c:\program files\Free Video Converter 2009-11-11 11:55 . 2009-09-21 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-11 10:35 . 2009-11-11 10:35 75349 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_42_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75249 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_30_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75209 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_38_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 52401 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_27_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75119 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_24_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 74862 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_19_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 74752 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_09_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 73519 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_15_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 14903105 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_30_59_full.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75145 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_30_56_small.dmp.zip 2009-11-10 12:23 . 2009-07-31 17:12 -------- d-----w- c:\program files\TaskSwitchXP 2009-11-08 21:02 . 2009-07-31 17:11 -------- d-----w- c:\program files\Ad-Aware 2009-11-08 20:41 . 2009-08-09 15:03 95056 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-08 20:41 . 2009-11-08 20:41 -------- d-----w- c:\program files\microsoft frontpage 2009-11-08 16:11 . 2009-08-09 15:03 -------- d-----w- c:\program files\Messenger Plus! Live 2009-11-07 13:42 . 2009-08-09 18:29 -------- d-----w- c:\program files\BitComet 2009-11-06 16:58 . 2009-10-02 14:03 -------- d-----w- c:\program files\Java 2009-11-06 16:39 . 2009-08-11 08:56 -------- d-----w- c:\program files\Steam 2009-11-06 15:13 . 2009-09-23 18:52 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss 2009-11-01 16:19 . 2009-10-04 11:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Bioshock 2009-10-31 00:06 . 2009-09-23 17:44 921512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-30 11:49 . 2009-08-15 15:11 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-10-29 15:14 . 2009-08-09 16:05 -------- d-----w- c:\program files\Warcraft III 2009-10-25 12:27 . 2008-05-02 22:57 83948 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-25 12:27 . 2008-05-02 22:57 510632 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-23 20:27 . 2009-07-31 17:12 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-10-17 14:41 . 2009-08-24 13:38 -------- d-----w- c:\program files\abgx360 2009-10-11 21:29 . 2009-10-11 21:29 -------- d-----w- c:\program files\APCS4F 2009-10-11 03:17 . 2009-10-03 10:16 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-04 11:18 . 2009-10-04 11:18 108144 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-10-04 11:11 . 2009-08-01 08:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-03 10:16 . 2009-10-03 10:16 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-10-02 18:00 . 2009-10-02 18:00 -------- d-----w- c:\program files\Microsoft 2009-10-02 14:09 . 2009-10-02 14:09 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Graphisoft 2009-10-02 14:07 . 2009-10-02 14:07 -------- d-----w- c:\program files\WIBUKEY 2009-10-02 14:07 . 2009-10-02 14:07 -------- d-----w- c:\program files\WIBU-SYSTEMS 2009-10-02 14:04 . 2009-10-02 14:04 -------- d-----w- c:\program files\Graphisoft 2009-10-02 14:03 . 2009-10-02 14:03 -------- d-----w- c:\program files\Fichiers communs\Java 2009-09-28 20:30 . 2009-09-28 20:29 -------- d-----w- c:\program files\Google 2009-09-26 12:44 . 2009-09-23 17:47 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Autodesk 2009-09-26 12:05 . 2009-09-26 11:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\EPSON 2009-09-26 12:02 . 2009-08-24 13:00 -------- d-----w- c:\program files\EPSON 2009-09-24 10:44 . 2009-09-24 09:13 -------- d-----w- c:\program files\FairUse Wizard 2 2009-09-24 09:05 . 2009-09-24 09:05 -------- d-----w- c:\program files\IVCsoft 2009-09-24 08:54 . 2009-09-24 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-09-24 08:53 . 2009-09-24 08:53 -------- d-----w- c:\program files\DVD Shrink 2009-09-23 19:05 . 2009-09-23 19:05 -------- d-----w- c:\program files\VirtualDubMOD 2009-09-23 18:52 . 2009-09-23 18:52 -------- d-----w- c:\program files\Xilisoft 2009-09-23 18:12 . 2009-09-23 18:12 36864 ----a-w- c:\documents and settings\Administrateur\Application Data\Autodesk\AutoCAD 2010\R18.0\fra\ContextualTabSelectorRules.dll 2009-09-23 18:01 . 2009-09-23 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-09-23 17:49 . 2009-09-23 17:47 -------- d-----w- c:\program files\Fichiers communs\Autodesk Shared 2009-09-23 17:49 . 2009-09-23 17:47 -------- d-----w- c:\program files\AutoCAD 2010 2009-09-23 17:48 . 2009-09-23 17:48 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared 2009-09-23 17:47 . 2009-09-23 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-09-23 17:44 . 2009-09-23 17:44 -------- d-----w- c:\program files\Reference Assemblies 2009-09-23 08:53 . 2009-08-15 15:12 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer 2009-09-23 08:52 . 2009-09-23 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-23 08:52 . 2009-09-23 08:51 -------- d-----w- c:\program files\QuickTime 2009-09-23 08:51 . 2009-08-15 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-22 19:58 . 2009-09-22 19:58 -------- d-----w- c:\program files\AviSynth 2.5 2009-09-22 19:58 . 2009-09-22 19:58 -------- d-----w- c:\program files\eRightSoft 2009-09-21 21:03 . 2009-09-21 21:02 -------- d-----w- c:\program files\MediaCoder 2009-09-21 18:11 . 2009-09-21 18:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\STOIK 2009-09-16 14:57 . 2009-07-31 17:11 -------- d-----w- c:\program files\Cpu-z 2009-08-28 17:42 . 2009-08-15 15:11 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-28 17:42 . 2009-08-15 15:11 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-21 23:50 . 2009-08-21 23:50 1924440 ----a-w- c:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-08-21 00:06 . 2009-08-21 00:06 137 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat 2009-08-18 16:12 . 2009-08-18 16:12 81920 ----a-w- c:\documents and settings\Administrateur\Application Data\ezpinst.exe 2009-08-18 16:12 . 2009-08-18 16:12 81920 ----a-w- c:\documents and settings\Administrateur\Application Data\ezpinst.exe 2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\documents and settings\Administrateur\Application Data\pcouffin.sys 2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\documents and settings\Administrateur\Application Data\pcouffin.sys 2006-05-03 09:06 . 2009-09-22 19:58 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2009-09-22 19:58 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2009-09-22 19:58 216064 --sh--r- c:\windows\system32\nbDX.dll . ------- Sigcheck ------- [-] 2008-05-02 . B274CD31CE272AE79CFDB34D19D6B33F . 2013696 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-05-02 . A9658459BB4F4EE00FA117C9382C0D3A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll c:\windows\system32\drivers\beep.sys ... manque !! c:\windows\system32\regsvc.dll ... manque !! . ((((((((((((((((((((((((((((( SnapShot@2009-11-11_15.03.59 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-11 18:54 . 2009-11-11 18:54 16384 c:\windows\temp\Perflib_Perfdata_318.dat + 2009-11-11 18:54 . 2009-11-11 18:54 16384 c:\windows\temp\Perflib_Perfdata_280.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LMDVox"="c:\program files\Micro Application\Votre PC prend la parole\LMDVox.exe" [2007-12-18 456704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "DNS7reminder"="c:\program files\Drangon Speaking\Ereg\Ereg.exe" [2007-03-19 259624] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-05-02 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-05-02 679936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "SerialNumber"="A109A-K13-3ZXD-BAP5-TE" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Electronic Arts\\L'Ave`nement du Roi-sorcier\\game.dat"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "24895:TCP"= 24895:TCP:BitComet 24895 TCP "24895:UDP"= 24895:UDP:BitComet 24895 UDP "60002:TCP"= 60002:TCP:BitComet 60002 TCP "60002:UDP"= 60002:UDP:BitComet 60002 UDP R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [02/05/2008 23:57 76208] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [02/05/2008 23:57 210224] R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [20/08/2007 10:42 1282048] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2009 12:32 108289] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [01/08/2009 09:49 80392] S2 gupdate1ca407a69b35f52;Service Google Update (gupdate1ca407a69b35f52);c:\program files\Google\Update\GoogleUpdate.exe [28/09/2009 21:29 133104] S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [02/10/2009 15:07 16384] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mbr . Contenu du dossier 'Tâches planifiées' 2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 20:29] 2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 20:29] . . ------- Examen supplémentaire ------- . uStart Page = www.google.com uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-ITBar7Layout - (no file) Toolbar-ITBar7Position - (no file) HKLM-Run-57xxSteelVine - c:\program files\Silicon Image\57xx SteelVine\SteelVineManager.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-11 19:54 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spga.sys >>UNKNOWN [0x8A905938]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB7DFAB40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,90,37,18,15,68,36,45,96,23,c9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,90,37,18,15,68,36,45,96,23,c9,\ [HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,84,1d,6c,71,42,23,44,89,60,c4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,84,1d,6c,71,42,23,44,89,60,c4,\ [HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:06,69,b0,20,2a,9c,a4,37,de,39,5c,c9,3b,3d,dc,99,c9,02,c2,fe,90,3e,2f, 54,5e,c2,b4,ca,72,ac,9d,d5,b3,ce,16,11,9c,23,cc,be,af,ad,bd,9f,b7,40,6b,f4,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 [HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\SecuROM\License information*] "datasecu"=hex:a9,1c,2f,c5,f0,44,3f,2e,47,3a,df,c0,56,83,05,ce,8e,2d,77,dd,d6, 8b,d0,ae,72,ba,85,d9,39,9b,20,32,07,ac,50,df,ce,37,cc,f3,15,f0,bb,4b,c4,49,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(924) c:\windows\system32\SETUPAPI.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1000) c:\windows\system32\SETUPAPI.dll - - - - - - - > 'explorer.exe'(2980) c:\windows\system32\SHDOCVW.dll c:\windows\system32\COMRes.dll c:\program files\Windows Media Player\wmpband.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\rundll32.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-11-11 19:58 - La machine a redémarré ComboFix-quarantined-files.txt 2009-11-11 18:58 ComboFix2.txt 2009-11-11 17:38 ComboFix3.txt 2009-11-11 15:07 ComboFix4.txt 2009-11-09 17:39 Avant-CF: 111 445 495 808 octets libres Après-CF: 111 401 410 560 octets libres - - End Of File - - 6F5FE8DCB293066FB15927BDAC8198EE

Voilà les deux rapports: - Combofix: ComboFix 09-11-09.02 - Administrateur 11/11/2009 18:33.6.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2702 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} FILE :: "C:\imt8.cmd" "c:\windows\tasks\At1.job" "c:\windows\tasks\At10.job" "c:\windows\tasks\At11.job" "c:\windows\tasks\At12.job" "c:\windows\tasks\At13.job" "c:\windows\tasks\At14.job" "c:\windows\tasks\At15.job" "c:\windows\tasks\At16.job" "c:\windows\tasks\At17.job" "c:\windows\tasks\At18.job" "c:\windows\tasks\At19.job" "c:\windows\tasks\At2.job" "c:\windows\tasks\At20.job" "c:\windows\tasks\At21.job" "c:\windows\tasks\At22.job" "c:\windows\tasks\At23.job" "c:\windows\tasks\At24.job" "c:\windows\tasks\At3.job" "c:\windows\tasks\At4.job" "c:\windows\tasks\At5.job" "c:\windows\tasks\At6.job" "c:\windows\tasks\At7.job" "c:\windows\tasks\At8.job" "c:\windows\tasks\At9.job" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\tasks\At1.job c:\windows\tasks\At10.job c:\windows\tasks\At11.job c:\windows\tasks\At12.job c:\windows\tasks\At13.job c:\windows\tasks\At14.job c:\windows\tasks\At15.job c:\windows\tasks\At16.job c:\windows\tasks\At17.job c:\windows\tasks\At18.job c:\windows\tasks\At19.job c:\windows\tasks\At2.job c:\windows\tasks\At20.job c:\windows\tasks\At21.job c:\windows\tasks\At22.job c:\windows\tasks\At23.job c:\windows\tasks\At24.job c:\windows\tasks\At3.job c:\windows\tasks\At4.job c:\windows\tasks\At5.job c:\windows\tasks\At6.job c:\windows\tasks\At7.job c:\windows\tasks\At8.job c:\windows\tasks\At9.job c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-11 au 2009-11-11 )))))))))))))))))))))))))))))))))))) . 2009-11-11 11:46 . 2009-11-11 17:36 555040 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-11 11:05 . 2009-11-11 11:05 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2009-11-11 11:04 . 2009-11-11 11:04 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2009-11-11 10:57 . 2009-11-11 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier 2009-11-11 10:57 . 2008-07-09 08:05 42384 ----a-w- c:\windows\zllsputility_loc040c.dll 2009-11-11 10:57 . 2008-07-09 08:05 21904 ----a-w- c:\windows\system32\imsinstall_loc040c.dll 2009-11-11 10:57 . 2008-07-09 08:05 17808 ----a-w- c:\windows\system32\imslsp_install_loc040c.dll 2009-11-11 10:57 . 2008-07-09 08:05 75248 ----a-w- c:\windows\zllsputility.exe 2009-11-11 10:57 . 2004-04-27 03:40 11264 ----a-w- c:\windows\system32\SpOrder.dll 2009-11-11 10:57 . 2008-07-09 08:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll 2009-11-11 10:36 . 2009-11-11 11:00 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-11-11 10:36 . 2009-11-11 10:36 -------- d-----w- c:\program files\Zone Labs 2009-11-11 10:35 . 2009-11-11 11:46 -------- d-----w- c:\windows\system32\Zonelabs 2009-11-11 10:33 . 2009-11-11 10:33 -------- d-----w- C:\_OTM 2009-11-11 09:53 . 2009-11-11 09:55 -------- d-----w- C:\FR-files 2009-11-11 09:49 . 2009-11-11 09:54 -------- d-----w- C:\WinFileReplace 2009-11-10 22:49 . 2008-07-09 08:05 54672 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2009-11-10 22:49 . 2008-07-09 08:05 83432 ----a-w- c:\windows\system32\zlcomm.dll 2009-11-10 22:49 . 2008-07-09 08:05 71144 ----a-w- c:\windows\system32\zlcommdb.dll 2009-11-10 18:20 . 2009-11-10 18:20 -------- d-----w- c:\windows\Nouveau dossier 2009-11-10 12:50 . 2009-11-11 11:57 -------- d-----w- c:\program files\trend micro 2009-11-10 12:50 . 2009-11-10 12:52 -------- d-----w- C:\rsit 2009-11-10 11:34 . 2009-11-10 11:34 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-11-10 11:32 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-10 11:32 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-10 11:32 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-10 11:32 . 2009-11-10 11:32 -------- d-----w- c:\program files\Avira 2009-11-10 11:32 . 2009-11-10 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-09 23:03 . 2009-11-10 12:20 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-09 21:54 . 2009-11-09 21:54 691712 ----a-w- c:\windows\is-RQG47.exe 2009-11-09 21:47 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-11-09 21:46 . 2009-08-24 13:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-11-09 21:46 . 2009-08-19 10:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-11-09 21:46 . 2009-11-09 21:47 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-11-09 21:46 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-11-09 21:46 . 2009-11-09 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-11-09 21:46 . 2009-11-09 21:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\PC Tools 2009-11-09 21:12 . 2009-11-09 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-11-09 21:07 . 2009-03-31 18:20 1221512 ----a-w- c:\windows\system32\zpeng25.dll 2009-11-09 21:03 . 2009-11-11 17:32 -------- d-----w- c:\windows\Internet Logs 2009-11-09 19:46 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-09 19:46 . 2009-11-09 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-09 19:46 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-09 19:46 . 2009-11-10 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-09 17:55 . 2009-11-09 17:55 -------- d-----w- c:\program files\Alwil Software 2009-11-09 16:58 . 2009-11-09 16:58 -------- d-----w- c:\program files\Enigma Software Group 2009-11-08 22:27 . 2009-11-08 22:27 442 ---ha-w- C:\aaw7boot.cmd 2009-11-08 22:03 . 2009-11-11 10:31 -------- d-----w- c:\documents and settings\LocalService\Bureau 2009-11-08 21:02 . 2009-11-08 21:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Lavasoft 2009-11-08 20:58 . 2009-11-08 20:58 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-08 20:57 . 2009-11-11 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-11-08 20:45 . 2009-11-09 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-08 20:21 . 2009-11-08 20:21 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2009-11-08 20:20 . 2009-11-08 20:20 -------- d-----r- c:\documents and settings\LocalService\Favoris 2009-11-08 20:11 . 2009-11-08 20:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-11-08 20:10 . 2009-11-08 20:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-08 19:53 . 2009-11-08 19:53 -------- d-----w- c:\windows\system32\LogFiles 2009-11-08 19:40 . 2009-11-08 19:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Broad Intelligence 2009-11-08 19:16 . 2009-11-08 19:50 -------- d-----w- c:\program files\Total Video Converter 2009-11-06 16:58 . 2009-11-06 16:58 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-02 17:40 . 2009-11-02 17:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp 2009-10-30 11:50 . 2009-10-30 11:50 -------- d-----w- c:\program files\iPod 2009-10-30 11:50 . 2009-10-30 11:50 -------- d-----w- c:\program files\iTunes 2009-10-30 11:47 . 2009-10-30 11:47 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-29 22:28 . 2009-10-30 10:45 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\CutePDF Writer 2009-10-29 22:18 . 2009-10-29 22:18 -------- d-----w- c:\program files\GPLGS 2009-10-29 22:18 . 2007-07-12 21:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2009-10-29 22:18 . 2009-10-29 22:18 -------- d-----w- c:\program files\Acro Software 2009-10-29 07:35 . 2009-10-29 07:35 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe 2009-10-27 20:44 . 2009-10-30 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\TmForever 2009-10-27 20:42 . 2009-10-27 20:43 -------- d-----w- c:\program files\TmNationsForever 2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Talkback 2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Thunderbird 2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Thunderbird 2009-10-18 17:27 . 2009-10-18 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-10-18 17:27 . 2009-10-18 17:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\AVS4YOU 2009-10-18 17:26 . 2009-10-18 18:03 -------- d-----w- c:\program files\Fichiers communs\AVSMedia 2009-10-18 17:26 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll 2009-10-18 17:26 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll 2009-10-18 17:26 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-10-18 17:26 . 2009-10-18 18:03 -------- d-----w- c:\program files\AVS4YOU 2009-10-18 17:26 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2009-10-18 17:26 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll 2009-10-18 17:18 . 2009-10-18 17:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\FreeVideoConverter 2009-10-18 10:47 . 2009-10-18 10:48 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GetRight 2009-10-16 15:33 . 2009-10-16 15:33 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DAEMON Tools Pro 2009-10-15 15:38 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll 2009-10-15 15:38 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2009-10-15 15:38 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2009-10-15 15:38 . 2009-10-13 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-10-15 15:38 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-10-15 15:38 . 2009-10-15 15:38 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-10-15 15:29 . 2009-11-11 12:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc 2009-10-15 15:28 . 2009-10-15 15:28 -------- d-----w- c:\program files\VideoLAN 2009-10-15 14:52 . 2009-10-15 14:52 -------- d-----w- c:\program files\Guitar Pro 5 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-11 15:03 . 2009-08-01 08:48 16608 ----a-w- c:\windows\gdrv.sys 2009-11-11 15:01 . 2009-11-11 11:46 6524 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-11-11 13:42 . 2009-08-18 16:16 -------- d-----w- c:\program files\Free Video Converter 2009-11-11 11:55 . 2009-09-21 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-11 10:35 . 2009-11-11 10:35 75349 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_42_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75249 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_30_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75209 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_38_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 52401 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_27_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75119 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_24_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 74862 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_19_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 74752 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_09_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 73519 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_15_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 14903105 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_30_59_full.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75145 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_30_56_small.dmp.zip 2009-11-10 12:23 . 2009-07-31 17:12 -------- d-----w- c:\program files\TaskSwitchXP 2009-11-08 21:02 . 2009-07-31 17:11 -------- d-----w- c:\program files\Ad-Aware 2009-11-08 20:41 . 2009-08-09 15:03 95056 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-08 20:41 . 2009-11-08 20:41 -------- d-----w- c:\program files\microsoft frontpage 2009-11-08 16:11 . 2009-08-09 15:03 -------- d-----w- c:\program files\Messenger Plus! Live 2009-11-07 13:42 . 2009-08-09 18:29 -------- d-----w- c:\program files\BitComet 2009-11-06 16:58 . 2009-10-02 14:03 -------- d-----w- c:\program files\Java 2009-11-06 16:39 . 2009-08-11 08:56 -------- d-----w- c:\program files\Steam 2009-11-06 15:13 . 2009-09-23 18:52 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss 2009-11-01 16:19 . 2009-10-04 11:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Bioshock 2009-10-31 00:06 . 2009-09-23 17:44 921512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-30 11:49 . 2009-08-15 15:11 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-10-29 15:14 . 2009-08-09 16:05 -------- d-----w- c:\program files\Warcraft III 2009-10-25 12:27 . 2008-05-02 22:57 83948 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-25 12:27 . 2008-05-02 22:57 510632 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-23 20:27 . 2009-07-31 17:12 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-10-17 14:41 . 2009-08-24 13:38 -------- d-----w- c:\program files\abgx360 2009-10-11 21:29 . 2009-10-11 21:29 -------- d-----w- c:\program files\APCS4F 2009-10-11 03:17 . 2009-10-03 10:16 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-04 11:18 . 2009-10-04 11:18 108144 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-10-04 11:11 . 2009-08-01 08:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-03 10:16 . 2009-10-03 10:16 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-10-02 18:00 . 2009-10-02 18:00 -------- d-----w- c:\program files\Microsoft 2009-10-02 14:09 . 2009-10-02 14:09 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Graphisoft 2009-10-02 14:07 . 2009-10-02 14:07 -------- d-----w- c:\program files\WIBUKEY 2009-10-02 14:07 . 2009-10-02 14:07 -------- d-----w- c:\program files\WIBU-SYSTEMS 2009-10-02 14:04 . 2009-10-02 14:04 -------- d-----w- c:\program files\Graphisoft 2009-10-02 14:03 . 2009-10-02 14:03 -------- d-----w- c:\program files\Fichiers communs\Java 2009-09-28 20:30 . 2009-09-28 20:29 -------- d-----w- c:\program files\Google 2009-09-26 12:44 . 2009-09-23 17:47 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Autodesk 2009-09-26 12:05 . 2009-09-26 11:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\EPSON 2009-09-26 12:02 . 2009-08-24 13:00 -------- d-----w- c:\program files\EPSON 2009-09-24 10:44 . 2009-09-24 09:13 -------- d-----w- c:\program files\FairUse Wizard 2 2009-09-24 09:05 . 2009-09-24 09:05 -------- d-----w- c:\program files\IVCsoft 2009-09-24 08:54 . 2009-09-24 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-09-24 08:53 . 2009-09-24 08:53 -------- d-----w- c:\program files\DVD Shrink 2009-09-23 19:05 . 2009-09-23 19:05 -------- d-----w- c:\program files\VirtualDubMOD 2009-09-23 18:52 . 2009-09-23 18:52 -------- d-----w- c:\program files\Xilisoft 2009-09-23 18:12 . 2009-09-23 18:12 36864 ----a-w- c:\documents and settings\Administrateur\Application Data\Autodesk\AutoCAD 2010\R18.0\fra\ContextualTabSelectorRules.dll 2009-09-23 18:01 . 2009-09-23 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-09-23 17:49 . 2009-09-23 17:47 -------- d-----w- c:\program files\Fichiers communs\Autodesk Shared 2009-09-23 17:49 . 2009-09-23 17:47 -------- d-----w- c:\program files\AutoCAD 2010 2009-09-23 17:48 . 2009-09-23 17:48 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared 2009-09-23 17:47 . 2009-09-23 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-09-23 17:44 . 2009-09-23 17:44 -------- d-----w- c:\program files\Reference Assemblies 2009-09-23 08:53 . 2009-08-15 15:12 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer 2009-09-23 08:52 . 2009-09-23 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-23 08:52 . 2009-09-23 08:51 -------- d-----w- c:\program files\QuickTime 2009-09-23 08:51 . 2009-08-15 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-22 19:58 . 2009-09-22 19:58 -------- d-----w- c:\program files\AviSynth 2.5 2009-09-22 19:58 . 2009-09-22 19:58 -------- d-----w- c:\program files\eRightSoft 2009-09-21 21:03 . 2009-09-21 21:02 -------- d-----w- c:\program files\MediaCoder 2009-09-21 18:11 . 2009-09-21 18:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\STOIK 2009-09-16 14:57 . 2009-07-31 17:11 -------- d-----w- c:\program files\Cpu-z 2009-08-28 17:42 . 2009-08-15 15:11 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-28 17:42 . 2009-08-15 15:11 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-21 23:50 . 2009-08-21 23:50 1924440 ----a-w- c:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-08-21 00:06 . 2009-08-21 00:06 137 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat 2009-08-18 16:12 . 2009-08-18 16:12 81920 ----a-w- c:\documents and settings\Administrateur\Application Data\ezpinst.exe 2009-08-18 16:12 . 2009-08-18 16:12 81920 ----a-w- c:\documents and settings\Administrateur\Application Data\ezpinst.exe 2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\documents and settings\Administrateur\Application Data\pcouffin.sys 2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\documents and settings\Administrateur\Application Data\pcouffin.sys 2006-05-03 09:06 . 2009-09-22 19:58 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2009-09-22 19:58 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2009-09-22 19:58 216064 --sh--r- c:\windows\system32\nbDX.dll . ------- Sigcheck ------- [-] 2008-05-02 . B274CD31CE272AE79CFDB34D19D6B33F . 2013696 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-05-02 . A9658459BB4F4EE00FA117C9382C0D3A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll c:\windows\system32\drivers\beep.sys ... manque !! c:\windows\system32\regsvc.dll ... manque !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LMDVox"="c:\program files\Micro Application\Votre PC prend la parole\LMDVox.exe" [2007-12-18 456704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080] "57xxSteelVine"="c:\program files\Silicon Image\57xx SteelVine\SteelVineManager.exe" [2009-11-11 37390] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "DNS7reminder"="c:\program files\Drangon Speaking\Ereg\Ereg.exe" [2007-03-19 259624] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-05-02 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-05-02 679936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "SerialNumber"="A109A-K13-3ZXD-BAP5-TE" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Electronic Arts\\L'Ave`nement du Roi-sorcier\\game.dat"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "24895:TCP"= 24895:TCP:BitComet 24895 TCP "24895:UDP"= 24895:UDP:BitComet 24895 UDP "60002:TCP"= 60002:TCP:BitComet 60002 TCP "60002:UDP"= 60002:UDP:BitComet 60002 UDP R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [02/05/2008 23:57 76208] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [02/05/2008 23:57 210224] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2009 12:32 108289] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [01/08/2009 09:49 80392] S2 57xx SteelVine Manager;57xx SteelVine;c:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [20/08/2007 10:42 1282048] S2 gupdate1ca407a69b35f52;Service Google Update (gupdate1ca407a69b35f52);c:\program files\Google\Update\GoogleUpdate.exe [28/09/2009 21:29 133104] S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [02/10/2009 15:07 16384] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contenu du dossier 'Tâches planifiées' 2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 20:29] 2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 20:29] . . ------- Examen supplémentaire ------- . uStart Page = www.google.com uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-ITBar7Layout - (no file) Toolbar-ITBar7Position - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-11 18:36 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcg.sys >>UNKNOWN [0x8A8F9938]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB7DFAB40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,90,37,18,15,68,36,45,96,23,c9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,90,37,18,15,68,36,45,96,23,c9,\ [HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,84,1d,6c,71,42,23,44,89,60,c4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,84,1d,6c,71,42,23,44,89,60,c4,\ [HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:06,69,b0,20,2a,9c,a4,37,de,39,5c,c9,3b,3d,dc,99,c9,02,c2,fe,90,3e,2f, 54,5e,c2,b4,ca,72,ac,9d,d5,b3,ce,16,11,9c,23,cc,be,af,ad,bd,9f,b7,40,6b,f4,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 [HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\SecuROM\License information*] "datasecu"=hex:a9,1c,2f,c5,f0,44,3f,2e,47,3a,df,c0,56,83,05,ce,8e,2d,77,dd,d6, 8b,d0,ae,72,ba,85,d9,39,9b,20,32,07,ac,50,df,ce,37,cc,f3,15,f0,bb,4b,c4,49,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1172) c:\windows\system32\SETUPAPI.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1228) c:\windows\system32\SETUPAPI.dll . Heure de fin: 2009-11-11 18:38 ComboFix-quarantined-files.txt 2009-11-11 17:38 ComboFix2.txt 2009-11-11 15:07 ComboFix3.txt 2009-11-09 17:39 Avant-CF: 112 142 823 424 octets libres Après-CF: 112 121 806 848 octets libres - - End Of File - - 576CF4B4942747EC6966268E2A7AB2CE - RSIT: Logfile of random's system information tool 1.06 (written by random/random) Run by Administrateur at 2009-11-11 18:39:04 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 107 GB (59%) free of 180 GB Total RAM: 3326 MB (81% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:39:48, on 11/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [57xxSteelVine] C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Drangon Speaking\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [LMDVox] C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe Lancement O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: Service Google Update (gupdate1ca407a69b35f52) (gupdate1ca407a69b35f52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\Zonelabs\vsmon.exe -- End of file - 8153 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-07 16862208] "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1966080] "57xxSteelVine"=C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe [2009-11-11 37390] "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-08 1657376] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248] "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920] "DNS7reminder"=C:\Program Files\Drangon Speaking\Ereg\Ereg.exe [2007-03-19 259624] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2008-05-02 679936] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LMDVox"=C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe [2007-12-18 456704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-05-02 200064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Electronic Arts\L'Ave`nement du Roi-sorcier\game.dat"="C:\Program Files\Electronic Arts\L'Ave`nement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Ave`nement du Roi-sorcier™" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======File associations====== .scr - open - C:\WINDOWS\system32\notepad.exe "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-11-11 18:38:25 ----A---- C:\ComboFix.txt 2009-11-11 18:32:57 ----D---- C:\ComboFix 2009-11-11 15:56:11 ----A---- C:\WINDOWS\zip.exe 2009-11-11 15:56:11 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-11-11 15:56:11 ----A---- C:\WINDOWS\SWSC.exe 2009-11-11 15:56:11 ----A---- C:\WINDOWS\SWREG.exe 2009-11-11 15:56:11 ----A---- C:\WINDOWS\sed.exe 2009-11-11 15:56:11 ----A---- C:\WINDOWS\PEV.exe 2009-11-11 15:56:11 ----A---- C:\WINDOWS\NIRCMD.exe 2009-11-11 15:56:11 ----A---- C:\WINDOWS\MBR.exe 2009-11-11 15:56:11 ----A---- C:\WINDOWS\grep.exe 2009-11-11 15:55:58 ----D---- C:\Qoobox 2009-11-11 12:04:43 ----A---- C:\WINDOWS\system32\rundll32.exe bthprops.cpl,,bluetoothauthenticationagent 2009-11-11 12:04:34 ----A---- C:\WINDOWS\system32\rthdcpl.exe3009 2009-11-11 11:57:59 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier 2009-11-11 11:57:51 ----A---- C:\WINDOWS\zllsputility_loc040c.dll 2009-11-11 11:57:51 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll 2009-11-11 11:57:51 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll 2009-11-11 11:57:47 ----A---- C:\WINDOWS\zllsputility.exe 2009-11-11 11:57:47 ----A---- C:\WINDOWS\system32\SpOrder.dll 2009-11-11 11:57:32 ----A---- C:\WINDOWS\system32\zpeng24.dll 2009-11-11 11:36:38 ----D---- C:\Program Files\Zone Labs 2009-11-11 11:36:38 ----A---- C:\WINDOWS\system32\vsxml.dll 2009-11-11 11:36:38 ----A---- C:\WINDOWS\system32\vswmi.dll 2009-11-11 11:36:38 ----A---- C:\WINDOWS\system32\vspubapi.dll 2009-11-11 11:36:38 ----A---- C:\WINDOWS\system32\vsmonapi.dll 2009-11-11 11:35:54 ----D---- C:\WINDOWS\system32\Zonelabs 2009-11-11 11:35:45 ----A---- C:\WINDOWS\system32\vsutil.dll 2009-11-11 11:35:45 ----A---- C:\WINDOWS\system32\vsinit.dll 2009-11-11 11:35:45 ----A---- C:\WINDOWS\system32\vsdata.dll 2009-11-11 11:33:43 ----D---- C:\_OTM 2009-11-11 10:54:11 ----A---- C:\WINDOWS\ReplacerUndo.txt 2009-11-11 10:53:57 ----D---- C:\FR-files 2009-11-11 10:53:57 ----A---- C:\rapport-WFR.txt 2009-11-11 10:49:22 ----D---- C:\WinFileReplace 2009-11-10 23:49:25 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll 2009-11-10 23:49:24 ----A---- C:\WINDOWS\system32\vsregexp.dll 2009-11-10 23:49:24 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll 2009-11-10 23:49:23 ----A---- C:\WINDOWS\system32\zlcommdb.dll 2009-11-10 23:49:23 ----A---- C:\WINDOWS\system32\zlcomm.dll 2009-11-10 19:20:39 ----D---- C:\WINDOWS\Nouveau dossier 2009-11-10 13:50:55 ----D---- C:\Program Files\trend micro 2009-11-10 13:50:40 ----D---- C:\rsit 2009-11-10 12:34:52 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2009-11-10 12:32:38 ----D---- C:\Program Files\Avira 2009-11-10 12:32:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-11-10 01:27:30 ----D---- C:\Program Files\HijackThis 2009-11-09 23:56:34 ----A---- C:\WINDOWS\ntbtlog.txt 2009-11-09 22:54:06 ----A---- C:\WINDOWS\is-RQG47.exe 2009-11-09 22:46:48 ----D---- C:\Program Files\Fichiers communs\PC Tools 2009-11-09 22:46:44 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools 2009-11-09 22:46:44 ----D---- C:\Documents and Settings\Administrateur\Application Data\PC Tools 2009-11-09 22:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-11-09 22:07:06 ----A---- C:\WINDOWS\system32\zpeng25.dll 2009-11-09 22:03:28 ----D---- C:\WINDOWS\Internet Logs 2009-11-09 21:56:39 ----A---- C:\rapport.txt 2009-11-09 21:50:56 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-09 20:46:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-11-09 20:46:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-09 18:55:02 ----D---- C:\Program Files\Alwil Software 2009-11-09 17:58:53 ----D---- C:\Program Files\Enigma Software Group 2009-11-08 23:27:02 ----AH---- C:\aaw7boot.cmd 2009-11-08 22:02:19 ----D---- C:\Documents and Settings\Administrateur\Application Data\Lavasoft 2009-11-08 21:57:36 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-11-08 21:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\xircom 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\oobe 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\npp 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\ime 2009-11-08 21:41:04 ----D---- C:\WINDOWS\msagent 2009-11-08 21:41:04 ----D---- C:\Program Files\xerox 2009-11-08 21:41:04 ----D---- C:\Program Files\windows nt 2009-11-08 21:41:04 ----D---- C:\Program Files\netmeeting 2009-11-08 21:41:04 ----D---- C:\Program Files\msn gaming zone 2009-11-08 21:41:04 ----D---- C:\Program Files\movie maker 2009-11-08 21:41:04 ----D---- C:\Program Files\microsoft frontpage 2009-11-08 21:41:04 ----D---- C:\Program Files\Fichiers communs\speechengines 2009-11-08 21:32:10 ----A---- C:\Boot.bak 2009-11-08 21:32:03 ----RASHD---- C:\cmdcons 2009-11-08 21:31:18 ----D---- C:\WINDOWS\ERDNT 2009-11-08 20:53:49 ----D---- C:\WINDOWS\system32\LogFiles 2009-11-08 20:53:34 ----D---- C:\Program Files\Adobe 2009-11-08 20:40:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\Broad Intelligence 2009-11-08 20:16:45 ----D---- C:\Program Files\Total Video Converter 2009-11-08 20:05:25 ----A---- C:\WINDOWS\#1 Video Converter.INI 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\javaws.exe 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\javaw.exe 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\java.exe 2009-10-30 12:50:04 ----D---- C:\Program Files\iPod 2009-10-30 12:50:02 ----D---- C:\Program Files\iTunes 2009-10-29 23:18:40 ----D---- C:\Program Files\GPLGS 2009-10-29 23:18:07 ----A---- C:\WINDOWS\system32\cpwmon2k.dll 2009-10-29 23:18:01 ----D---- C:\Program Files\Acro Software 2009-10-27 21:44:52 ----D---- C:\Documents and Settings\All Users\Application Data\TmForever 2009-10-27 21:42:47 ----D---- C:\Program Files\TmNationsForever 2009-10-23 21:27:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Talkback 2009-10-23 21:27:17 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird 2009-10-18 18:27:01 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2009-10-18 18:27:01 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU 2009-10-18 18:26:35 ----D---- C:\Program Files\Fichiers communs\AVSMedia 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\msvcr70.dll 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\msvcp70.dll 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\mfc70.dll 2009-10-18 18:26:34 ----D---- C:\Program Files\AVS4YOU 2009-10-18 18:26:34 ----A---- C:\WINDOWS\system32\msxml3a.dll 2009-10-18 18:26:34 ----A---- C:\WINDOWS\system32\GdiPlus.dll 2009-10-18 18:18:12 ----D---- C:\Documents and Settings\Administrateur\Application Data\FreeVideoConverter 2009-10-18 11:47:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\GetRight 2009-10-16 16:33:57 ----D---- C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools Pro 2009-10-15 16:38:19 ----A---- C:\WINDOWS\system32\unrar.dll 2009-10-15 16:38:19 ----A---- C:\WINDOWS\avisplitter.ini 2009-10-15 16:38:18 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2009-10-15 16:38:18 ----A---- C:\WINDOWS\system32\xvidcore.dll 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-10-15 16:38:15 ----D---- C:\Program Files\K-Lite Codec Pack 2009-10-15 16:29:30 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc 2009-10-15 16:28:47 ----D---- C:\Program Files\VideoLAN 2009-10-15 15:52:43 ----D---- C:\Program Files\Guitar Pro 5 2009-10-13 18:23:07 ----D---- C:\WINDOWS\RegisteredPackages 2009-10-13 18:22:49 ----A---- C:\WINDOWS\system32\dxdllreg.exe ======List of files/folders modified in the last 1 months====== 2009-11-11 18:38:51 ----D---- C:\Program Files\Mozilla Firefox 2009-11-11 18:36:56 ----D---- C:\WINDOWS 2009-11-11 18:36:56 ----A---- C:\WINDOWS\system.ini 2009-11-11 18:36:55 ----D---- C:\WINDOWS\system32\drivers 2009-11-11 18:36:44 ----SD---- C:\WINDOWS\Tasks 2009-11-11 18:35:16 ----D---- C:\WINDOWS\system32 2009-11-11 18:35:16 ----D---- C:\WINDOWS\AppPatch 2009-11-11 18:35:13 ----D---- C:\Program Files\Fichiers communs 2009-11-11 18:33:27 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-11 18:32:16 ----D---- C:\WINDOWS\Temp 2009-11-11 14:42:40 ----D---- C:\Program Files\Free Video Converter 2009-11-11 14:42:38 ----A---- C:\WINDOWS\win.ini 2009-11-11 12:56:04 ----D---- C:\Program Files 2009-11-11 12:55:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-11-11 12:52:21 ----SHD---- C:\WINDOWS\Installer 2009-11-11 12:52:11 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-11-11 11:57:43 ----D---- C:\WINDOWS\inf 2009-11-10 17:38:31 ----D---- C:\WINDOWS\RaidTool 2009-11-10 13:23:03 ----D---- C:\Program Files\TaskSwitchXP 2009-11-10 12:32:18 ----D---- C:\WINDOWS\WinSxS 2009-11-09 21:48:22 ----D---- C:\WINDOWS\Debug 2009-11-09 19:12:44 ----D---- C:\WINDOWS\system32\config 2009-11-08 22:02:49 ----D---- C:\Program Files\Ad-Aware 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\wbem 2009-11-08 21:41:04 ----D---- C:\WINDOWS\pchealth 2009-11-08 21:41:04 ----D---- C:\WINDOWS\ime 2009-11-08 21:41:04 ----D---- C:\WINDOWS\Help 2009-11-08 21:41:04 ----D---- C:\Program Files\Internet Explorer 2009-11-08 21:41:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-11-08 21:32:10 ----RASH---- C:\boot.ini 2009-11-08 20:53:15 ----D---- C:\WINDOWS\system32\dllcache 2009-11-08 20:16:47 ----RSD---- C:\WINDOWS\Fonts 2009-11-08 17:11:21 ----D---- C:\Program Files\Messenger Plus! Live 2009-11-07 14:42:29 ----D---- C:\Program Files\BitComet 2009-11-07 14:42:23 ----D---- C:\Downloads 2009-11-06 17:58:45 ----D---- C:\Program Files\Java 2009-11-06 17:39:32 ----D---- C:\Program Files\Steam 2009-11-06 16:13:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2009-11-01 17:19:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\Bioshock 2009-10-30 12:49:59 ----D---- C:\Program Files\Fichiers communs\Apple 2009-10-29 16:14:59 ----D---- C:\Program Files\Warcraft III 2009-10-27 21:44:21 ----RSD---- C:\WINDOWS\assembly 2009-10-27 21:44:02 ----D---- C:\WINDOWS\system32\DirectX 2009-10-25 13:27:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-23 22:32:28 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-10-23 21:27:28 ----D---- C:\Program Files\Mozilla Thunderbird 2009-10-23 21:27:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2009-10-18 11:43:42 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-10-17 15:41:53 ----D---- C:\Program Files\abgx360 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-11-10 28520] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-05-02 12032] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-10 55656] R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2008-07-01 72704] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-02 60800] R3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-02 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-02 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-18 47360] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 a40hzvxn;a40hzvxn; C:\WINDOWS\system32\drivers\a40hzvxn.sys [] S3 atapi_2;atapi_2; \??\C:\WINDOWS\system32\drivers\atapi_2.sys [] S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-05-02 71552] S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-05-02 71552] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-05-02 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [] S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys [2008-07-01 16384] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-10 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-10 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568] S2 57xx SteelVine Manager;57xx SteelVine; C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe [2007-08-20 1282048] S2 gupdate1ca407a69b35f52;Service Google Update (gupdate1ca407a69b35f52); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-28 133104] S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\Zonelabs\vsmon.exe [2008-07-09 75304] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-23 651720] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

Voilà le rapport combofix: ComboFix 09-11-09.02 - Administrateur 11/11/2009 15:57.5.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2595 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrateur\rthdcpl .exe c:\documents and settings\Administrateur\rthdcpl.exe c:\documents and settings\Administrateur\rundll32.exe bthprops .exe c:\windows\system32\ctfmon .exe c:\windows\system32\rthdcpl .exe c:\windows\system32\rthdcpl.exe c:\windows\system32\rundll32.exe bthprops .exe c:\windows\system32\xraidsetup .exe Une copie infectée de c:\windows\system32\spoolsv.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\system volume information\_restore{F4F476CD-6FD1-4EA7-B93A-0A19F4BAB4BD}\RP367\A0020274.exe c:\windows\explorer.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2009-10-11 au 2009-11-11 )))))))))))))))))))))))))))))))))))) . 2009-11-11 11:46 . 2009-11-11 15:04 471072 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-11-11 11:05 . 2009-11-11 11:05 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2009-11-11 11:04 . 2009-11-11 11:04 -------- d-----r- c:\documents and settings\NetworkService\Favoris 2009-11-11 10:57 . 2009-11-11 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier 2009-11-11 10:57 . 2008-07-09 08:05 42384 ----a-w- c:\windows\zllsputility_loc040c.dll 2009-11-11 10:57 . 2008-07-09 08:05 21904 ----a-w- c:\windows\system32\imsinstall_loc040c.dll 2009-11-11 10:57 . 2008-07-09 08:05 17808 ----a-w- c:\windows\system32\imslsp_install_loc040c.dll 2009-11-11 10:57 . 2008-07-09 08:05 75248 ----a-w- c:\windows\zllsputility.exe 2009-11-11 10:57 . 2004-04-27 03:40 11264 ----a-w- c:\windows\system32\SpOrder.dll 2009-11-11 10:57 . 2008-07-09 08:05 1086952 ----a-w- c:\windows\system32\zpeng24.dll 2009-11-11 10:36 . 2009-11-11 11:00 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-11-11 10:36 . 2009-11-11 10:36 -------- d-----w- c:\program files\Zone Labs 2009-11-11 10:35 . 2009-11-11 11:46 -------- d-----w- c:\windows\system32\Zonelabs 2009-11-11 10:33 . 2009-11-11 10:33 -------- d-----w- C:\_OTM 2009-11-11 09:53 . 2009-11-11 09:55 -------- d-----w- C:\FR-files 2009-11-11 09:49 . 2009-11-11 09:54 -------- d-----w- C:\WinFileReplace 2009-11-10 22:49 . 2008-07-09 08:05 54672 ----a-w- c:\windows\system32\vsutil_loc040c.dll 2009-11-10 22:49 . 2008-07-09 08:05 83432 ----a-w- c:\windows\system32\zlcomm.dll 2009-11-10 22:49 . 2008-07-09 08:05 71144 ----a-w- c:\windows\system32\zlcommdb.dll 2009-11-10 18:20 . 2009-11-10 18:20 -------- d-----w- c:\windows\Nouveau dossier 2009-11-10 12:50 . 2009-11-11 11:57 -------- d-----w- c:\program files\trend micro 2009-11-10 12:50 . 2009-11-10 12:52 -------- d-----w- C:\rsit 2009-11-10 11:34 . 2009-11-10 11:34 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-11-10 11:32 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-10 11:32 . 2009-02-13 11:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-10 11:32 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-10 11:32 . 2009-11-10 11:32 -------- d-----w- c:\program files\Avira 2009-11-10 11:32 . 2009-11-10 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-09 23:03 . 2009-11-10 12:20 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-09 21:54 . 2009-11-09 21:54 691712 ----a-w- c:\windows\is-RQG47.exe 2009-11-09 21:47 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-11-09 21:46 . 2009-08-24 13:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-11-09 21:46 . 2009-08-19 10:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-11-09 21:46 . 2009-11-09 21:47 -------- d-----w- c:\program files\Fichiers communs\PC Tools 2009-11-09 21:46 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-11-09 21:46 . 2009-11-09 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-11-09 21:46 . 2009-11-09 21:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\PC Tools 2009-11-09 21:12 . 2009-11-09 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-11-09 21:07 . 2009-03-31 18:20 1221512 ----a-w- c:\windows\system32\zpeng25.dll 2009-11-09 21:03 . 2009-11-11 14:50 -------- d-----w- c:\windows\Internet Logs 2009-11-09 19:46 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-09 19:46 . 2009-11-09 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-09 19:46 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-09 19:46 . 2009-11-10 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-09 17:55 . 2009-11-09 17:55 -------- d-----w- c:\program files\Alwil Software 2009-11-09 16:58 . 2009-11-09 16:58 -------- d-----w- c:\program files\Enigma Software Group 2009-11-08 22:27 . 2009-11-08 22:27 442 ---ha-w- C:\aaw7boot.cmd 2009-11-08 22:03 . 2009-11-11 10:31 -------- d-----w- c:\documents and settings\LocalService\Bureau 2009-11-08 21:02 . 2009-11-08 21:02 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Lavasoft 2009-11-08 20:58 . 2009-11-08 20:58 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-08 20:57 . 2009-11-11 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-11-08 20:45 . 2009-11-09 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-08 20:21 . 2009-11-08 20:21 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE 2009-11-08 20:20 . 2009-11-08 20:20 -------- d-----r- c:\documents and settings\LocalService\Favoris 2009-11-08 20:11 . 2009-11-08 20:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-11-08 20:10 . 2009-11-08 20:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-11-08 19:53 . 2009-11-08 19:53 -------- d-----w- c:\windows\system32\LogFiles 2009-11-08 19:40 . 2009-11-08 19:40 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Broad Intelligence 2009-11-08 19:16 . 2009-11-08 19:50 -------- d-----w- c:\program files\Total Video Converter 2009-11-06 16:58 . 2009-11-06 16:58 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-02 17:40 . 2009-11-02 17:40 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp 2009-10-30 11:50 . 2009-10-30 11:50 -------- d-----w- c:\program files\iPod 2009-10-30 11:50 . 2009-10-30 11:50 -------- d-----w- c:\program files\iTunes 2009-10-30 11:47 . 2009-10-30 11:47 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-29 22:28 . 2009-10-30 10:45 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\CutePDF Writer 2009-10-29 22:18 . 2009-10-29 22:18 -------- d-----w- c:\program files\GPLGS 2009-10-29 22:18 . 2007-07-12 21:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2009-10-29 22:18 . 2009-10-29 22:18 -------- d-----w- c:\program files\Acro Software 2009-10-29 07:35 . 2009-10-29 07:35 64072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\French\setup.exe 2009-10-27 20:44 . 2009-10-30 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\TmForever 2009-10-27 20:42 . 2009-10-27 20:43 -------- d-----w- c:\program files\TmNationsForever 2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Talkback 2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Thunderbird 2009-10-23 20:27 . 2009-10-23 20:27 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Thunderbird 2009-10-18 17:27 . 2009-10-18 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-10-18 17:27 . 2009-10-18 17:27 -------- d-----w- c:\documents and settings\Administrateur\Application Data\AVS4YOU 2009-10-18 17:26 . 2009-10-18 18:03 -------- d-----w- c:\program files\Fichiers communs\AVSMedia 2009-10-18 17:26 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll 2009-10-18 17:26 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll 2009-10-18 17:26 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll 2009-10-18 17:26 . 2009-10-18 18:03 -------- d-----w- c:\program files\AVS4YOU 2009-10-18 17:26 . 2008-08-13 09:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2009-10-18 17:26 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll 2009-10-18 17:18 . 2009-10-18 17:18 -------- d-----w- c:\documents and settings\Administrateur\Application Data\FreeVideoConverter 2009-10-18 10:47 . 2009-10-18 10:48 -------- d-----w- c:\documents and settings\Administrateur\Application Data\GetRight 2009-10-16 15:33 . 2009-10-16 15:33 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DAEMON Tools Pro 2009-10-15 15:38 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll 2009-10-15 15:38 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2009-10-15 15:38 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2009-10-15 15:38 . 2009-10-13 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-10-15 15:38 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-10-15 15:38 . 2009-10-15 15:38 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-10-15 15:29 . 2009-11-11 12:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc 2009-10-15 15:28 . 2009-10-15 15:28 -------- d-----w- c:\program files\VideoLAN 2009-10-15 14:52 . 2009-10-15 14:52 -------- d-----w- c:\program files\Guitar Pro 5 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-11 15:03 . 2009-08-01 08:48 16608 ----a-w- c:\windows\gdrv.sys 2009-11-11 15:01 . 2009-11-11 11:46 6524 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-11-11 13:42 . 2009-08-18 16:16 -------- d-----w- c:\program files\Free Video Converter 2009-11-11 11:55 . 2009-09-21 18:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-11 10:35 . 2009-11-11 10:35 75349 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_42_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75249 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_30_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75209 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_38_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 52401 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_33_27_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75119 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_24_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 74862 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_19_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 74752 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_09_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 73519 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_31_15_small.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 14903105 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_30_59_full.dmp.zip 2009-11-11 10:35 . 2009-11-11 10:35 75145 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_11_11_11_30_56_small.dmp.zip 2009-11-10 12:23 . 2009-07-31 17:12 -------- d-----w- c:\program files\TaskSwitchXP 2009-11-08 21:02 . 2009-07-31 17:11 -------- d-----w- c:\program files\Ad-Aware 2009-11-08 20:41 . 2009-08-09 15:03 95056 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-08 20:41 . 2009-11-08 20:41 -------- d-----w- c:\program files\microsoft frontpage 2009-11-08 16:11 . 2009-08-09 15:03 -------- d-----w- c:\program files\Messenger Plus! Live 2009-11-07 13:42 . 2009-08-09 18:29 -------- d-----w- c:\program files\BitComet 2009-11-06 16:58 . 2009-10-02 14:03 -------- d-----w- c:\program files\Java 2009-11-06 16:39 . 2009-08-11 08:56 -------- d-----w- c:\program files\Steam 2009-11-06 15:13 . 2009-09-23 18:52 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss 2009-11-01 16:19 . 2009-10-04 11:21 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Bioshock 2009-10-31 00:06 . 2009-09-23 17:44 921512 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-30 11:49 . 2009-08-15 15:11 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-10-29 15:14 . 2009-08-09 16:05 -------- d-----w- c:\program files\Warcraft III 2009-10-25 12:27 . 2008-05-02 22:57 83948 ----a-w- c:\windows\system32\perfc00C.dat 2009-10-25 12:27 . 2008-05-02 22:57 510632 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-23 20:27 . 2009-07-31 17:12 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-10-17 14:41 . 2009-08-24 13:38 -------- d-----w- c:\program files\abgx360 2009-10-11 21:29 . 2009-10-11 21:29 -------- d-----w- c:\program files\APCS4F 2009-10-11 03:17 . 2009-10-03 10:16 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-04 11:18 . 2009-10-04 11:18 108144 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-10-04 11:11 . 2009-08-01 08:49 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-03 10:16 . 2009-10-03 10:16 152576 ----a-w- c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-10-02 18:00 . 2009-10-02 18:00 -------- d-----w- c:\program files\Microsoft 2009-10-02 14:09 . 2009-10-02 14:09 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Graphisoft 2009-10-02 14:07 . 2009-10-02 14:07 -------- d-----w- c:\program files\WIBUKEY 2009-10-02 14:07 . 2009-10-02 14:07 -------- d-----w- c:\program files\WIBU-SYSTEMS 2009-10-02 14:04 . 2009-10-02 14:04 -------- d-----w- c:\program files\Graphisoft 2009-10-02 14:03 . 2009-10-02 14:03 -------- d-----w- c:\program files\Fichiers communs\Java 2009-09-28 20:30 . 2009-09-28 20:29 -------- d-----w- c:\program files\Google 2009-09-26 12:44 . 2009-09-23 17:47 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Autodesk 2009-09-26 12:05 . 2009-09-26 11:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\EPSON 2009-09-26 12:02 . 2009-08-24 13:00 -------- d-----w- c:\program files\EPSON 2009-09-24 10:44 . 2009-09-24 09:13 -------- d-----w- c:\program files\FairUse Wizard 2 2009-09-24 09:05 . 2009-09-24 09:05 -------- d-----w- c:\program files\IVCsoft 2009-09-24 08:54 . 2009-09-24 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-09-24 08:53 . 2009-09-24 08:53 -------- d-----w- c:\program files\DVD Shrink 2009-09-23 19:05 . 2009-09-23 19:05 -------- d-----w- c:\program files\VirtualDubMOD 2009-09-23 18:52 . 2009-09-23 18:52 -------- d-----w- c:\program files\Xilisoft 2009-09-23 18:12 . 2009-09-23 18:12 36864 ----a-w- c:\documents and settings\Administrateur\Application Data\Autodesk\AutoCAD 2010\R18.0\fra\ContextualTabSelectorRules.dll 2009-09-23 18:01 . 2009-09-23 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-09-23 17:49 . 2009-09-23 17:47 -------- d-----w- c:\program files\Fichiers communs\Autodesk Shared 2009-09-23 17:49 . 2009-09-23 17:47 -------- d-----w- c:\program files\AutoCAD 2010 2009-09-23 17:48 . 2009-09-23 17:48 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared 2009-09-23 17:47 . 2009-09-23 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2009-09-23 17:44 . 2009-09-23 17:44 -------- d-----w- c:\program files\Reference Assemblies 2009-09-23 08:53 . 2009-08-15 15:12 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer 2009-09-23 08:52 . 2009-09-23 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-23 08:52 . 2009-09-23 08:51 -------- d-----w- c:\program files\QuickTime 2009-09-23 08:51 . 2009-08-15 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-22 19:58 . 2009-09-22 19:58 -------- d-----w- c:\program files\AviSynth 2.5 2009-09-22 19:58 . 2009-09-22 19:58 -------- d-----w- c:\program files\eRightSoft 2009-09-21 21:03 . 2009-09-21 21:02 -------- d-----w- c:\program files\MediaCoder 2009-09-21 18:11 . 2009-09-21 18:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\STOIK 2009-09-16 14:57 . 2009-07-31 17:11 -------- d-----w- c:\program files\Cpu-z 2009-08-28 17:42 . 2009-08-15 15:11 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-28 17:42 . 2009-08-15 15:11 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-21 23:50 . 2009-08-21 23:50 1924440 ----a-w- c:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2009-08-21 00:06 . 2009-08-21 00:06 137 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat 2009-08-18 16:12 . 2009-08-18 16:12 81920 ----a-w- c:\documents and settings\Administrateur\Application Data\ezpinst.exe 2009-08-18 16:12 . 2009-08-18 16:12 81920 ----a-w- c:\documents and settings\Administrateur\Application Data\ezpinst.exe 2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\documents and settings\Administrateur\Application Data\pcouffin.sys 2009-08-18 16:12 . 2009-08-18 16:12 47360 ----a-w- c:\documents and settings\Administrateur\Application Data\pcouffin.sys 2006-05-03 09:06 . 2009-09-22 19:58 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2009-09-22 19:58 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2009-09-22 19:58 216064 --sh--r- c:\windows\system32\nbDX.dll . ------- Sigcheck ------- [-] 2008-05-02 . B274CD31CE272AE79CFDB34D19D6B33F . 2013696 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-05-02 . A9658459BB4F4EE00FA117C9382C0D3A . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll c:\windows\system32\drivers\beep.sys ... manque !! c:\windows\system32\regsvc.dll ... manque !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LMDVox"="c:\program files\Micro Application\Votre PC prend la parole\LMDVox.exe" [2007-12-18 456704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080] "57xxSteelVine"="c:\program files\Silicon Image\57xx SteelVine\SteelVineManager.exe" [2009-11-11 37390] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248] "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "DNS7reminder"="c:\program files\Drangon Speaking\Ereg\Ereg.exe" [2007-03-19 259624] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-05-02 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2008-05-02 679936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "SerialNumber"="A109A-K13-3ZXD-BAP5-TE" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Electronic Arts\\L'Ave`nement du Roi-sorcier\\game.dat"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "24895:TCP"= 24895:TCP:BitComet 24895 TCP "24895:UDP"= 24895:UDP:BitComet 24895 UDP "60002:TCP"= 60002:TCP:BitComet 60002 TCP "60002:UDP"= 60002:UDP:BitComet 60002 UDP R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [02/05/2008 23:57 76208] R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [02/05/2008 23:57 210224] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2009 12:32 108289] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [01/08/2009 09:49 80392] S2 57xx SteelVine Manager;57xx SteelVine;c:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [20/08/2007 10:42 1282048] S2 gupdate1ca407a69b35f52;Service Google Update (gupdate1ca407a69b35f52);c:\program files\Google\Update\GoogleUpdate.exe [28/09/2009 21:29 133104] S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [02/10/2009 15:07 16384] --- Autres Services/Pilotes en mémoire --- *Deregistered* - mbr . Contenu du dossier 'Tâches planifiées' 2009-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-11-11 c:\windows\Tasks\At1.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At10.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At11.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At12.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At13.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At14.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At15.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At16.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At17.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At18.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At19.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At2.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At20.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At21.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At22.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At23.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At24.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At3.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At4.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At5.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At6.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At7.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At8.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\At9.job - c:\program files\adobe\acrotray.exe [2009-11-11 14:48] 2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 20:29] 2009-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 20:29] . . ------- Examen supplémentaire ------- . uStart Page = www.google.com uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\ FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-ITBar7Layout - (no file) Toolbar-ITBar7Position - (no file) HKLM-Run-JMB36X IDE Setup - c:\windows\RaidTool\xInsIDE.exe HKU-Default-Run-TaskSwitchXP - c:\program files\TaskSwitchXP\TaskSwitchXP.exe AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe AddRemove-DVD Decrypter - c:\program files\DVD Decrypter\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-11 16:03 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spcg.sys >>UNKNOWN [0x8A8F9938]<< kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0x0 0x0 bytes \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB7DFAB40 atapi.sys \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB7DFAB40 atapi.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,90,37,18,15,68,36,45,96,23,c9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,90,37,18,15,68,36,45,96,23,c9,\ [HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,84,1d,6c,71,42,23,44,89,60,c4,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ab,84,1d,6c,71,42,23,44,89,60,c4,\ [HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:06,69,b0,20,2a,9c,a4,37,de,39,5c,c9,3b,3d,dc,99,c9,02,c2,fe,90,3e,2f, 54,5e,c2,b4,ca,72,ac,9d,d5,b3,ce,16,11,9c,23,cc,be,af,ad,bd,9f,b7,40,6b,f4,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 [HKEY_USERS\S-1-5-21-1292428093-1677128483-682003330-500\Software\SecuROM\License information*] "datasecu"=hex:a9,1c,2f,c5,f0,44,3f,2e,47,3a,df,c0,56,83,05,ce,8e,2d,77,dd,d6, 8b,d0,ae,72,ba,85,d9,39,9b,20,32,07,ac,50,df,ce,37,cc,f3,15,f0,bb,4b,c4,49,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(1172) c:\windows\system32\SETUPAPI.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(1228) c:\windows\system32\SETUPAPI.dll - - - - - - - > 'explorer.exe'(3204) c:\windows\system32\SHDOCVW.dll c:\windows\system32\COMRes.dll c:\program files\Windows Media Player\wmpband.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\eappprxy.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\webcheck.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\rundll32.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2009-11-11 16:07 - La machine a redémarré ComboFix-quarantined-files.txt 2009-11-11 15:06 ComboFix2.txt 2009-11-09 17:39 Avant-CF: 112 222 818 304 octets libres Après-CF: 112 175 714 304 octets libres - - End Of File - - FD34F46677B50FD15270C332D8807D1C

Je suppose que ce n'est pas tellement grave, mais je commence à me méfier d'un peu tout donc bon: j'ai une fenêtre IE qui s'ouvre fréquemment en me disant erreur 404 page non trouvée, alors que je ne cherche rien et que mon navigateur par défaut est Mozilla Firefox... Je laisse courir ou il y a quelque chose à faire?

Ok, voilà le rapport hijackthis: Logfile of random's system information tool 1.06 (written by random/random) Run by Administrateur at 2009-11-11 12:57:31 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 106 GB (59%) free of 180 GB Total RAM: 3326 MB (73% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:58:16, on 11/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Zonelabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\RTHDCPL.EXE C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Silicon Image\57xx SteelVine\steelvinemanager.exe C:\Program Files\Silicon Image\57xx SteelVine\steelvinemanager .exe C:\WINDOWS\system32\rthdcpl.exe C:\WINDOWS\system32\rthdcpl .exe C:\WINDOWS\system32\rthdcpl .exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\msiexec.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\Program Files\trend micro\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [57xxSteelVine] C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Drangon Speaking\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking9\Ereg.ini O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [LMDVox] C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe Lancement O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab O23 - Service: 57xx SteelVine (57xx SteelVine Manager) - Unknown owner - C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: Service Google Update (gupdate1ca407a69b35f52) (gupdate1ca407a69b35f52) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\Zonelabs\vsmon.exe -- End of file - 9092 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\system32\RTHDCPL.EXE [2009-11-11 37390] "JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [] "36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1966080] "57xxSteelVine"=C:\Program Files\Silicon Image\57xx SteelVine\SteelVineManager.exe [2009-11-11 37390] "nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-08 1657376] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-07-14 86016] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-07-14 13877248] "SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472] "ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184] "ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920] "DNS7reminder"=C:\Program Files\Drangon Speaking\Ereg\Ereg.exe [2007-03-19 259624] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2008-05-02 679936] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LMDVox"=C:\Program Files\Micro Application\Votre PC prend la parole\LMDVox.exe [2007-12-18 456704] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-02 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-05-02 200064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat"="C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II" "C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat"="C:\Program Files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Avènement du Roi-sorcier™" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Electronic Arts\L'Ave`nement du Roi-sorcier\game.dat"="C:\Program Files\Electronic Arts\L'Ave`nement du Roi-sorcier\game.dat:*:Enabled:LSDA, L'Ave`nement du Roi-sorcier™" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf1368ba-a43b-11de-ab58-001fd02192d2}] shell\AutoRun\command - imt8.cmd shell\explore\command - imt8.cmd shell\open\command - imt8.cmd ======File associations====== .scr - open - C:\WINDOWS\system32\notepad.exe "%1" .scr - install - .scr - config - ======List of files/folders created in the last 1 months====== 2009-11-11 12:04:43 ----A---- C:\WINDOWS\system32\rundll32.exe bthprops.cpl,,bluetoothauthenticationagent 2009-11-11 12:04:43 ----A---- C:\WINDOWS\system32\rundll32.exe bthprops .exe 2009-11-11 12:04:34 ----A---- C:\WINDOWS\system32\rthdcpl.exe 2009-11-11 12:04:34 ----A---- C:\WINDOWS\system32\rthdcpl .exe 2009-11-11 11:57:59 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier 2009-11-11 11:57:51 ----A---- C:\WINDOWS\zllsputility_loc040c.dll 2009-11-11 11:57:51 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll 2009-11-11 11:57:51 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll 2009-11-11 11:57:47 ----A---- C:\WINDOWS\zllsputility.exe 2009-11-11 11:57:47 ----A---- C:\WINDOWS\system32\SpOrder.dll 2009-11-11 11:57:32 ----A---- C:\WINDOWS\system32\zpeng24.dll 2009-11-11 11:36:38 ----D---- C:\Program Files\Zone Labs 2009-11-11 11:36:38 ----A---- C:\WINDOWS\system32\vsxml.dll 2009-11-11 11:36:38 ----A---- C:\WINDOWS\system32\vswmi.dll 2009-11-11 11:36:38 ----A---- C:\WINDOWS\system32\vspubapi.dll 2009-11-11 11:36:38 ----A---- C:\WINDOWS\system32\vsmonapi.dll 2009-11-11 11:35:54 ----D---- C:\WINDOWS\system32\Zonelabs 2009-11-11 11:35:45 ----A---- C:\WINDOWS\system32\vsutil.dll 2009-11-11 11:35:45 ----A---- C:\WINDOWS\system32\vsinit.dll 2009-11-11 11:35:45 ----A---- C:\WINDOWS\system32\vsdata.dll 2009-11-11 11:33:43 ----D---- C:\_OTM 2009-11-11 10:54:11 ----A---- C:\WINDOWS\ReplacerUndo.txt 2009-11-11 10:53:57 ----D---- C:\FR-files 2009-11-11 10:53:57 ----A---- C:\rapport-WFR.txt 2009-11-11 10:49:22 ----D---- C:\WinFileReplace 2009-11-10 23:49:25 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll 2009-11-10 23:49:24 ----A---- C:\WINDOWS\system32\vsregexp.dll 2009-11-10 23:49:24 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll 2009-11-10 23:49:23 ----A---- C:\WINDOWS\system32\zlcommdb.dll 2009-11-10 23:49:23 ----A---- C:\WINDOWS\system32\zlcomm.dll 2009-11-10 19:20:39 ----D---- C:\WINDOWS\Nouveau dossier 2009-11-10 19:00:41 ----A---- C:\WINDOWS\system32\xraidsetup .exe 2009-11-10 13:50:55 ----D---- C:\Program Files\trend micro 2009-11-10 13:50:40 ----D---- C:\rsit 2009-11-10 12:34:52 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2009-11-10 12:32:38 ----D---- C:\Program Files\Avira 2009-11-10 12:32:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-11-10 01:27:30 ----D---- C:\Program Files\HijackThis 2009-11-09 23:56:34 ----A---- C:\WINDOWS\ntbtlog.txt 2009-11-09 22:54:06 ----A---- C:\WINDOWS\is-RQG47.exe 2009-11-09 22:46:48 ----D---- C:\Program Files\Fichiers communs\PC Tools 2009-11-09 22:46:44 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools 2009-11-09 22:46:44 ----D---- C:\Documents and Settings\Administrateur\Application Data\PC Tools 2009-11-09 22:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-11-09 22:07:06 ----A---- C:\WINDOWS\system32\zpeng25.dll 2009-11-09 22:03:28 ----D---- C:\WINDOWS\Internet Logs 2009-11-09 21:56:39 ----A---- C:\rapport.txt 2009-11-09 21:50:56 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-09 20:46:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-11-09 20:46:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-09 18:55:02 ----D---- C:\Program Files\Alwil Software 2009-11-09 18:39:11 ----A---- C:\ComboFix.txt 2009-11-09 17:58:53 ----D---- C:\Program Files\Enigma Software Group 2009-11-08 23:27:02 ----AH---- C:\aaw7boot.cmd 2009-11-08 22:02:19 ----D---- C:\Documents and Settings\Administrateur\Application Data\Lavasoft 2009-11-08 21:57:44 ----HDC---- C:\Documents and Settings\All Users\Application Data\~0 2009-11-08 21:57:36 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-11-08 21:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\xircom 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\oobe 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\npp 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\ime 2009-11-08 21:41:04 ----D---- C:\WINDOWS\msagent 2009-11-08 21:41:04 ----D---- C:\Program Files\xerox 2009-11-08 21:41:04 ----D---- C:\Program Files\windows nt 2009-11-08 21:41:04 ----D---- C:\Program Files\netmeeting 2009-11-08 21:41:04 ----D---- C:\Program Files\msn gaming zone 2009-11-08 21:41:04 ----D---- C:\Program Files\movie maker 2009-11-08 21:41:04 ----D---- C:\Program Files\microsoft frontpage 2009-11-08 21:41:04 ----D---- C:\Program Files\Fichiers communs\speechengines 2009-11-08 21:32:10 ----A---- C:\Boot.bak 2009-11-08 21:32:03 ----RASHD---- C:\cmdcons 2009-11-08 21:31:18 ----D---- C:\WINDOWS\ERDNT 2009-11-08 20:53:49 ----D---- C:\WINDOWS\system32\LogFiles 2009-11-08 20:53:34 ----D---- C:\Program Files\Adobe 2009-11-08 20:40:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\Broad Intelligence 2009-11-08 20:16:45 ----D---- C:\Program Files\Total Video Converter 2009-11-08 20:05:25 ----A---- C:\WINDOWS\#1 Video Converter.INI 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\javaws.exe 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\javaw.exe 2009-11-06 17:58:48 ----A---- C:\WINDOWS\system32\java.exe 2009-10-30 12:50:04 ----D---- C:\Program Files\iPod 2009-10-30 12:50:02 ----D---- C:\Program Files\iTunes 2009-10-29 23:18:40 ----D---- C:\Program Files\GPLGS 2009-10-29 23:18:07 ----A---- C:\WINDOWS\system32\cpwmon2k.dll 2009-10-29 23:18:01 ----D---- C:\Program Files\Acro Software 2009-10-27 21:44:52 ----D---- C:\Documents and Settings\All Users\Application Data\TmForever 2009-10-27 21:42:47 ----D---- C:\Program Files\TmNationsForever 2009-10-23 21:27:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\Talkback 2009-10-23 21:27:17 ----D---- C:\Documents and Settings\Administrateur\Application Data\Thunderbird 2009-10-18 18:27:01 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2009-10-18 18:27:01 ----D---- C:\Documents and Settings\Administrateur\Application Data\AVS4YOU 2009-10-18 18:26:35 ----D---- C:\Program Files\Fichiers communs\AVSMedia 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\msvcr70.dll 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\msvcp70.dll 2009-10-18 18:26:35 ----A---- C:\WINDOWS\system32\mfc70.dll 2009-10-18 18:26:34 ----D---- C:\Program Files\AVS4YOU 2009-10-18 18:26:34 ----A---- C:\WINDOWS\system32\msxml3a.dll 2009-10-18 18:26:34 ----A---- C:\WINDOWS\system32\GdiPlus.dll 2009-10-18 18:18:12 ----D---- C:\Documents and Settings\Administrateur\Application Data\FreeVideoConverter 2009-10-18 11:47:38 ----D---- C:\Documents and Settings\Administrateur\Application Data\GetRight 2009-10-16 16:33:57 ----D---- C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools Pro 2009-10-15 16:38:19 ----A---- C:\WINDOWS\system32\unrar.dll 2009-10-15 16:38:19 ----A---- C:\WINDOWS\avisplitter.ini 2009-10-15 16:38:18 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2009-10-15 16:38:18 ----A---- C:\WINDOWS\system32\xvidcore.dll 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-10-15 16:38:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-10-15 16:38:15 ----D---- C:\Program Files\K-Lite Codec Pack 2009-10-15 16:29:30 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc 2009-10-15 16:28:47 ----D---- C:\Program Files\VideoLAN 2009-10-15 15:52:43 ----D---- C:\Program Files\Guitar Pro 5 2009-10-13 18:23:07 ----D---- C:\WINDOWS\RegisteredPackages 2009-10-13 18:22:49 ----A---- C:\WINDOWS\system32\dxdllreg.exe ======List of files/folders modified in the last 1 months====== 2009-11-11 12:56:04 ----D---- C:\Program Files 2009-11-11 12:55:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-11-11 12:52:21 ----SHD---- C:\WINDOWS\Installer 2009-11-11 12:52:11 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-11-11 12:52:11 ----D---- C:\WINDOWS\system32\drivers 2009-11-11 12:52:09 ----D---- C:\WINDOWS\system32 2009-11-11 12:47:48 ----SD---- C:\WINDOWS\Tasks 2009-11-11 12:47:18 ----D---- C:\WINDOWS\Temp 2009-11-11 12:47:14 ----D---- C:\Program Files\Mozilla Firefox 2009-11-11 12:47:02 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-11 12:46:55 ----D---- C:\WINDOWS 2009-11-11 12:15:21 ----D---- C:\Program Files\Free Video Converter 2009-11-11 12:15:18 ----A---- C:\WINDOWS\win.ini 2009-11-11 11:57:43 ----D---- C:\WINDOWS\inf 2009-11-10 17:38:31 ----D---- C:\WINDOWS\RaidTool 2009-11-10 13:23:03 ----D---- C:\Program Files\TaskSwitchXP 2009-11-10 12:32:18 ----D---- C:\WINDOWS\WinSxS 2009-11-09 22:46:48 ----D---- C:\Program Files\Fichiers communs 2009-11-09 21:48:22 ----D---- C:\WINDOWS\Debug 2009-11-09 19:12:44 ----D---- C:\WINDOWS\system32\config 2009-11-09 18:37:04 ----A---- C:\WINDOWS\system.ini 2009-11-09 18:33:20 ----D---- C:\WINDOWS\AppPatch 2009-11-08 22:02:49 ----D---- C:\Program Files\Ad-Aware 2009-11-08 21:41:04 ----D---- C:\WINDOWS\system32\wbem 2009-11-08 21:41:04 ----D---- C:\WINDOWS\pchealth 2009-11-08 21:41:04 ----D---- C:\WINDOWS\ime 2009-11-08 21:41:04 ----D---- C:\WINDOWS\Help 2009-11-08 21:41:04 ----D---- C:\Program Files\Internet Explorer 2009-11-08 21:41:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-11-08 21:32:10 ----RASH---- C:\boot.ini 2009-11-08 20:53:15 ----D---- C:\WINDOWS\system32\dllcache 2009-11-08 20:16:47 ----RSD---- C:\WINDOWS\Fonts 2009-11-08 17:11:21 ----D---- C:\Program Files\Messenger Plus! Live 2009-11-07 14:42:29 ----D---- C:\Program Files\BitComet 2009-11-07 14:42:23 ----D---- C:\Downloads 2009-11-06 17:58:45 ----D---- C:\Program Files\Java 2009-11-06 17:39:32 ----D---- C:\Program Files\Steam 2009-11-06 16:13:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2009-11-01 17:19:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\Bioshock 2009-10-30 12:49:59 ----D---- C:\Program Files\Fichiers communs\Apple 2009-10-29 16:14:59 ----D---- C:\Program Files\Warcraft III 2009-10-27 21:44:21 ----RSD---- C:\WINDOWS\assembly 2009-10-27 21:44:02 ----D---- C:\WINDOWS\system32\DirectX 2009-10-25 13:27:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-23 22:32:28 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-10-23 21:27:28 ----D---- C:\Program Files\Mozilla Thunderbird 2009-10-23 21:27:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla 2009-10-18 11:43:42 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-10-17 15:41:53 ----D---- C:\Program Files\abgx360 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-11-10 28520] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-05-02 12032] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-10 55656] R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2008-07-01 72704] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-02 60800] R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-02 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-07 4739072] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-02 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-07-14 7741664] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-18 47360] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 a7z637l9;a7z637l9; C:\WINDOWS\system32\drivers\a7z637l9.sys [] S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-05-02 71552] S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-05-02 71552] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-05-02 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys [2008-07-01 16384] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 57xx SteelVine Manager;57xx SteelVine; C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe [2007-08-20 1282048] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-10 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-10 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-05-13 80392] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-07-14 168004] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\Zonelabs\vsmon.exe [2008-07-09 75304] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568] S2 gupdate1ca407a69b35f52;Service Google Update (gupdate1ca407a69b35f52); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-28 133104] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-23 651720] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Autre detail, je suis allée faire un peu de vide dans mes appz et j'ai trouvé deux logiciel: spydoctor et spyhunter qui etaient dans le menu demarrer et dans programfiles mais pas dans ajout/suppression de programmes et les uninstall dans demarrer: l'un ne marhcait pas (spydoctor) l'autre lancait une installation (spyhunter). J'ai donc supprimé les dossiers dans demarrer et programfiles, mais est-ce suffisant pour les supprimer vraiment? Merci!

Ok, je poste ça dans un moment alors, merci beaucoup!!

Alors tout d'abord les rapports: Antivir: Avira AntiVir Personal Date de création du fichier de rapport : mercredi 11 novembre 2009 11:05 La recherche porte sur 1879367 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : R2D2 Informations de version : BUILD.DAT : 9.0.0.70 18071 Bytes 25/09/2009 12:03:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 10/11/2009 12:20:58 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 10:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 11:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 10:21:31 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 12:20:58 ANTIVIR2.VDF : 7.1.6.160 5413376 Bytes 28/10/2009 12:20:58 ANTIVIR3.VDF : 7.1.6.212 440320 Bytes 10/11/2009 12:20:58 Version du moteur : 8.2.1.61 AEVDF.DLL : 8.1.1.2 106867 Bytes 10/11/2009 12:20:58 AESCRIPT.DLL : 8.1.2.44 586107 Bytes 10/11/2009 12:20:58 AESCN.DLL : 8.1.2.5 127346 Bytes 10/11/2009 12:20:58 AERDL.DLL : 8.1.3.2 479604 Bytes 10/11/2009 12:20:58 AEPACK.DLL : 8.2.0.3 422261 Bytes 10/11/2009 12:20:58 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 10/11/2009 12:20:58 AEHEUR.DLL : 8.1.0.180 2093432 Bytes 10/11/2009 12:20:58 AEHELP.DLL : 8.1.7.0 237940 Bytes 10/11/2009 12:20:58 AEGEN.DLL : 8.1.1.71 364916 Bytes 10/11/2009 12:20:58 AEEMU.DLL : 8.1.1.0 393587 Bytes 10/11/2009 12:20:58 AECORE.DLL : 8.1.8.2 184694 Bytes 10/11/2009 12:20:58 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 14:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 08:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 10/11/2009 12:20:58 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 14:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 15:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 15:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 10:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 15:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 08:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 15:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 10/11/2009 12:20:57 RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 10:07:05 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Q:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Recherche optimisée...........................: marche Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Début de la recherche : mercredi 11 novembre 2009 11:05 La recherche d'objets cachés commence. '40517' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'vsmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'acrotray .exe' - '1' module(s) sont contrôlés Processus de recherche 'acrotray .exe' - '1' module(s) sont contrôlés Processus de recherche 'acrotray.exe' - '1' module(s) sont contrôlés Processus de recherche 'acrotray.exe' - '1' module(s) sont contrôlés Processus de recherche 'wscntfy.exe' - '1' module(s) sont contrôlés Processus de recherche 'AAWTray.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'GSvr.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'SteelVine.exe' - '1' module(s) sont contrôlés Processus de recherche 'steelvinemanager .exe' - '1' module(s) sont contrôlés Processus de recherche 'steelvinemanager.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'zlclient.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'issch.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'steelvinemanager.exe' - '1' module(s) sont contrôlés Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'AAWService.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '47' processus ont été contrôlés avec '47' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'Q:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '50' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\WINDOWS\system32\drivers\sptd.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'Q:\' Fin de la recherche : mercredi 11 novembre 2009 11:28 Temps nécessaire: 22:57 Minute(s) La recherche a été effectuée intégralement 10662 Les répertoires ont été contrôlés 315207 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 2 Impossible de contrôler des fichiers 315205 Fichiers non infectés 6617 Les archives ont été contrôlées 2 Avertissements 1 Consignes 40517 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés Et OTM: All processes killed Error: Unable to interpret <:first> in the current context! ========== FILES ========== C:\WINDOWS\system32\xraidsetup.exe boot moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\vswmi.dll C:\WINDOWS\system32\vswmi.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\vsmonapi.dll C:\WINDOWS\system32\vsmonapi.dll moved successfully. C:\WINDOWS\system32\ZoneLabs\Updates folder moved successfully. C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker folder moved successfully. C:\WINDOWS\system32\ZoneLabs\streamapi folder moved successfully. C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin folder moved successfully. C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server folder moved successfully. C:\WINDOWS\system32\ZoneLabs\plugins folder moved successfully. Folder move failed. C:\WINDOWS\system32\ZoneLabs\lib\pyd scheduled to be moved on reboot. Folder move failed. C:\WINDOWS\system32\ZoneLabs\lib scheduled to be moved on reboot. Folder move failed. C:\WINDOWS\system32\ZoneLabs scheduled to be moved on reboot. C:\Program Files\Zone Labs\ZoneAlarm\repair folder moved successfully. C:\Program Files\Zone Labs\ZoneAlarm\images folder moved successfully. C:\Program Files\Zone Labs\ZoneAlarm\Aide folder moved successfully. C:\Program Files\Zone Labs\ZoneAlarm folder moved successfully. C:\Program Files\Zone Labs folder moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\vsxml.dll C:\WINDOWS\system32\vsxml.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\vspubapi.dll C:\WINDOWS\system32\vspubapi.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\vsutil.dll C:\WINDOWS\system32\vsutil.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\vsinit.dll C:\WINDOWS\system32\vsinit.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\vsdata.dll C:\WINDOWS\system32\vsdata.dll moved successfully. File/Folder C:\WINDOWS\Start Menu\Programs\ZoneLabs not found. File/Folder C:\WINDOWS\SYSTEM32\Vsdata95.vxd not found. C:\WINDOWS\SYSTEM32\vsdatant.sys moved successfully. C:\WINDOWS\SYSTEM32\zllictbl.dat moved successfully. File/Folder C:\WINDOWS\SYSTEM32\zlparser.dll not found. File/Folder C:\WINDOWS\SYSTEM32\ZoneLabs\Migrate.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur C:\Documents and Settings\Administrateur\Local Settings\Temp\nro.log\log\ShellManager_Log.txt deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Arabic.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Czech.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Danish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Dutch.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\English.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\fbl.dll deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\featuremap.dll deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Finnish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\French.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\German.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\GLB4E.tmp deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\GLC4F.tmp deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\GLF53.tmp deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\GLF54.tmp deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\GLF54.xml deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\GLF55.tmp deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\GLF56.tmp deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\GLF57.tmp deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\GLF5B.tmp deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\GLG52.tmp deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\GLH50.tmp deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Greek.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Hebrew.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Hungarian.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Italian.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Japanese.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\jusched.log deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Korean.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Norwegian.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Polish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Portuguese(Brazil).bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Portuguese.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Russian.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\SimChin.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Spanish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\SWEDISH.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Thai.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\TradChin.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\Turkish.bin deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\vsavpro.dll deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\vsdata.dll deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\vsdb.dll deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\vsinit.dll deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Temp\vsutil.dll deleted successfully. File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temp\ZLT06759.TMP scheduled to be deleted on reboot. ->Temp folder emptied: 1984952 bytes ->Java cache emptied: 0 bytes C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\13E5CA86d01 deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\19AB4D01d01 deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\74DB6901d01 deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\752CB1B2d01 deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\9F3FB578d01 deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\C421CEBBd01 deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\D472E3D5d01 deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\E0F53A38d01 deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\EFA5961Dd01 deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\_CACHE_001_ deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\_CACHE_002_ deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\_CACHE_003_ deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\Cache\_CACHE_MAP_ deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\urlclassifier3.sqlite deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\XPC.mfl deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\qju8a6gm.default\XUL.mfl deleted successfully. ->FireFox cache emptied: 39207246 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes C:\WINDOWS\temp\History\History.IE5\desktop.ini deleted successfully. C:\WINDOWS\temp\History\History.IE5\index.dat deleted successfully. C:\WINDOWS\temp\Fichiers Internet temporaires\Content.IE5\W283S8IF\desktop.ini deleted successfully. C:\WINDOWS\temp\Fichiers Internet temporaires\Content.IE5\VKBLXVD5\desktop.ini deleted successfully. C:\WINDOWS\temp\Fichiers Internet temporaires\Content.IE5\K6H5SOJM\desktop.ini deleted successfully. C:\WINDOWS\temp\Fichiers Internet temporaires\Content.IE5\BAQD3XJ9\desktop.ini deleted successfully. C:\WINDOWS\temp\Fichiers Internet temporaires\Content.IE5\desktop.ini deleted successfully. C:\WINDOWS\temp\Fichiers Internet temporaires\Content.IE5\index.dat deleted successfully. C:\WINDOWS\temp\Cookies\index.dat deleted successfully. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5ec.dat scheduled to be deleted on reboot. C:\WINDOWS\temp\WGAErrLog.txt deleted successfully. Windows Temp folder emptied: 99039 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 39,38 mb OTM by OldTimer - Version 3.1.0.1 log created on 11112009_113343 Files moved on Reboot... C:\WINDOWS\system32\ZoneLabs\lib\pyd folder moved successfully. C:\WINDOWS\system32\ZoneLabs\lib folder moved successfully. C:\WINDOWS\system32\ZoneLabs folder moved successfully. File C:\Documents and Settings\Administrateur\Local Settings\Temp\ZLT06759.TMP not found! File C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat not found! File C:\WINDOWS\temp\Perflib_Perfdata_5ec.dat not found! Registry entries deleted on Reboot... Pour ce qui est du message récurrent il ne s'affiche plus, et zone alarm est bien installé. Merci beaucoup! =D

Je lance ca quand antivir a fini (21%...) et je poste les deux rapports! Merci!