fhzebulon

ComboFix 10-04-20.01 - Lou 21/04/2010 12:21:48.3.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.451 [GMT 2:00] Lancé depuis: d:\documents and settings\Lou\Bureau\ComboFix.exe Commutateurs utilisés :: d:\documents and settings\Lou\Bureau\CFscript.txt FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} file zipped: d:\documents and settings\Lou\Menu Démarrer\Programmes\Démarrage\monxga32.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . d:\documents and settings\Lou\Menu Démarrer\Programmes\Démarrage\monxga32.exe Une copie infectée de c:\windows\system32\drivers\ntfs.sys a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ERDNT\cache\ntfs.sys . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BDMUSICB -------\Legacy_YBEYO -------\Service_bDMusicb -------\Service_ybeyo ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-21 au 2010-04-21 )))))))))))))))))))))))))))))))))))) . 2010-04-20 21:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-20 13:20 . 2010-04-20 13:20 5918776 ----a-w- d:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-05 06:39 . 2010-04-05 06:41 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-05 06:39 . 2010-04-05 06:41 -------- d-----w- c:\program files\iTunes 2010-04-05 06:30 . 2010-04-05 06:30 -------- d-----w- c:\program files\Bonjour 2010-04-05 06:21 . 2010-04-05 06:21 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-21 10:53 . 2006-01-31 09:59 -------- d-----w- c:\program files\Lx_cats 2010-04-20 13:23 . 2009-12-27 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-19 09:25 . 2006-10-01 15:54 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-17 16:40 . 2010-04-17 16:40 12 ----a-w- d:\documents and settings\NetworkService\Application Data\kcmdte.dat 2010-04-13 06:17 . 2009-11-07 05:48 79488 ----a-w- d:\documents and settings\Lou\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-05 17:11 . 2006-02-14 17:21 -------- d-----w- c:\program files\Google 2010-04-05 06:39 . 2006-03-16 13:07 -------- d-----w- c:\program files\iPod 2010-04-05 06:39 . 2007-07-08 18:15 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-04-05 06:35 . 2006-05-04 10:09 -------- d-----w- c:\program files\QuickTime 2010-03-29 22:46 . 2009-12-27 17:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 22:45 . 2009-12-27 17:47 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-24 17:07 . 2006-01-05 05:02 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared 2010-03-10 06:16 . 2004-08-16 16:41 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-26 17:02 . 2010-02-26 17:02 -------- d-----w- d:\documents and settings\All Users\Application Data\Norton 2010-02-26 17:02 . 2009-06-18 07:23 -------- d-----w- c:\program files\Norton Security Scan 2010-02-26 17:01 . 2010-02-26 17:01 -------- d-----w- d:\documents and settings\All Users\Application Data\NortonInstaller 2010-02-26 17:01 . 2010-02-26 17:01 -------- d-----w- c:\program files\NortonInstaller 2010-02-25 06:17 . 2004-08-16 16:41 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-16 16:40 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 12:07 . 2004-08-16 16:40 2192000 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:07 . 2004-08-03 23:48 2068864 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-12 04:34 . 2004-08-16 16:39 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-16 16:41 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2009-05-06 17:30 . 2009-05-04 12:05 19165248 ----a-w- c:\program files\TomTomHOME2winlatest.exe 2009-01-06 09:33 . 2009-01-06 09:32 12814336 -c--a-w- c:\program files\mp10setup.exe 2008-10-19 15:09 . 2008-10-19 15:09 4865408 -c--a-w- c:\program files\Silverlight.2.0.exe 2008-10-19 15:07 . 2008-10-19 15:07 1837280 -c--a-w- c:\program files\snpvw.exe 2007-07-15 07:14 . 2007-07-15 06:51 49943864 -c--a-w- c:\program files\iTunesSetup.exe 2007-04-08 07:51 . 2007-04-08 07:38 7930697 -c--a-w- c:\program files\gimp-2.2.13-i586-setup-1.zip 2007-04-08 07:44 . 2007-04-08 07:44 5671965 -c--a-w- c:\program files\gtk+-2.10.6-1-setup.zip 2006-03-07 14:38 . 2006-03-07 14:37 8619112 -c--a-w- c:\program files\IncrediMailSetup_fr.exe 2006-02-14 17:21 . 2006-02-14 17:21 11817800 -c--a-w- c:\program files\GoogleEarth.exe . ((((((((((((((((((((((((((((( SnapShot_2010-04-21_08.40.29 ))))))))))))))))))))))))))))))))))))))))) . + 2010-04-21 10:47 . 2010-04-21 10:47 16384 c:\windows\temp\Perflib_Perfdata_6a8.dat + 2006-01-03 19:30 . 2010-04-21 10:48 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-01-03 19:30 . 2010-04-21 06:22 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-01-03 19:30 . 2010-04-21 10:48 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2006-01-03 19:30 . 2010-04-21 06:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2010-04-21 10:48 . 2010-04-21 10:48 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-12-27 18:05 . 2010-04-21 06:22 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016] "NECHotkey"="mHotkey.exe" [2005-10-12 548864] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888] "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272] "MM_MODULE"="c:\program files\MIC\HAWAII\Hawaii.exe" [2005-07-12 90112] "OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2005-08-12 1859584] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118] "LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728] "lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512] "HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2008-06-11 148784] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-27 67128] Microsoft Office.lnk - d:\office\OSA9.EXE [1999-1-20 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 2005-08-12 16:01 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\\AOL 9.0\\aol.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\APPS\\Inventime\\my.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\incredimail_install.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\APPS\\skype\\phone\\Skype.exe"= "c:\\Program Files\\Magentic\\bin\\MgImp.exe"= "c:\\Program Files\\Magentic\\bin\\Magentic.exe"= "c:\\Program Files\\Magentic\\bin\\MgApp.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13:31 92008] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/01/2006 21:07 799744] R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [01/01/1980 01:00 20736] S2 gupdate1c9aed76e7466f6;Google Update Service (gupdate1c9aed76e7466f6);c:\program files\Google\Update\GoogleUpdate.exe [27/03/2009 14:27 133104] S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [16/08/2004 18:41 12800] . Contenu du dossier 'Tâches planifiées' 2010-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34] 2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 12:27] 2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 12:27] 2010-04-11 c:\windows\Tasks\Norton Security Scan for Caro.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2010-02-26 15:45] 2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{560AF3C5-0A5E-43FE-A8BD-EED5401EDBB3}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://fr.weather.com/weather/10day-lisle-jourdain-frpc0411 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost;*.local IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxp://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-21 12:52 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(572) c:\apps\Softex\OmniPass\opxpgina.dll - - - - - - - > 'explorer.exe'(1836) c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll c:\apps\Softex\OmniPass\SCUREDLL.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\apps\HIDSERVICE\HIDSERVICE.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\apps\Softex\OmniPass\Omniserv.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\windows\system32\wbem\wmiapsrv.exe c:\apps\Softex\OmniPass\OPXPApp.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RUNDLL32.EXE c:\windows\mHotkey.exe c:\program files\Fingerprint Sensor\ATSwpNav.exe c:\windows\system32\lxcecoms.exe c:\progra~1\Magentic\bin\MgApp.exe c:\program files\SnapShot\SnapShot.exe c:\program files\HP\Digital Imaging\bin\hpqimzone.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Heure de fin: 2010-04-21 12:56:20 - La machine a redémarré ComboFix-quarantined-files.txt 2010-04-21 10:56 ComboFix2.txt 2010-04-21 08:47 ComboFix3.txt 2009-12-27 16:38 Avant-CF: 133 713 174 528 octets libres Après-CF: 133 555 646 464 octets libres - - End Of File - - EF125BBA4E468FDFA9D5CA6A1273B662

Je l'ai enregistré sur bureau mais il ne se lance pas quand je double clique Me dit que ce n'est pas une appli valide win 32

ComboFix 10-04-20.01 - Lou 21/04/2010 10:05:50.2.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.541 [GMT 2:00] Lancé depuis: d:\documents and settings\Lou\Bureau\tralala.exe FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\dllcache\mspmsnsv.dll c:\windows\system32\fjhdyfhsn.bat c:\windows\system32\Thumbs.db C:\zip.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-03-21 au 2010-04-21 )))))))))))))))))))))))))))))))))))) . 2010-04-20 21:56 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-04-20 13:20 . 2010-04-20 13:20 5918776 ----a-w- d:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-05 06:39 . 2010-04-05 06:41 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-05 06:39 . 2010-04-05 06:41 -------- d-----w- c:\program files\iTunes 2010-04-05 06:30 . 2010-04-05 06:30 -------- d-----w- c:\program files\Bonjour 2010-04-05 06:21 . 2010-04-05 06:21 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-21 07:49 . 2006-01-31 09:59 -------- d-----w- c:\program files\Lx_cats 2010-04-20 13:23 . 2009-12-27 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-19 09:25 . 2006-10-01 15:54 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-17 16:40 . 2010-04-17 16:40 12 ----a-w- d:\documents and settings\NetworkService\Application Data\kcmdte.dat 2010-04-13 06:17 . 2009-11-07 05:48 79488 ----a-w- d:\documents and settings\Lou\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-04-05 17:11 . 2006-02-14 17:21 -------- d-----w- c:\program files\Google 2010-04-05 06:39 . 2006-03-16 13:07 -------- d-----w- c:\program files\iPod 2010-04-05 06:39 . 2007-07-08 18:15 -------- d-----w- c:\program files\Fichiers communs\Apple 2010-04-05 06:35 . 2006-05-04 10:09 -------- d-----w- c:\program files\QuickTime 2010-03-29 22:46 . 2009-12-27 17:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-29 22:45 . 2009-12-27 17:47 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-24 17:07 . 2006-01-05 05:02 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared 2010-03-10 06:16 . 2004-08-16 16:41 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-26 17:02 . 2010-02-26 17:02 -------- d-----w- d:\documents and settings\All Users\Application Data\Norton 2010-02-26 17:02 . 2009-06-18 07:23 -------- d-----w- c:\program files\Norton Security Scan 2010-02-26 17:01 . 2010-02-26 17:01 -------- d-----w- d:\documents and settings\All Users\Application Data\NortonInstaller 2010-02-26 17:01 . 2010-02-26 17:01 -------- d-----w- c:\program files\NortonInstaller 2010-02-25 06:17 . 2004-08-16 16:41 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-16 16:40 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-17 12:07 . 2004-08-16 16:40 2192000 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:07 . 2004-08-03 23:48 2068864 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-02-12 04:34 . 2004-08-16 16:39 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-08-16 16:41 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2009-05-06 17:30 . 2009-05-04 12:05 19165248 ----a-w- c:\program files\TomTomHOME2winlatest.exe 2009-01-06 09:33 . 2009-01-06 09:32 12814336 -c--a-w- c:\program files\mp10setup.exe 2008-10-19 15:09 . 2008-10-19 15:09 4865408 -c--a-w- c:\program files\Silverlight.2.0.exe 2008-10-19 15:07 . 2008-10-19 15:07 1837280 -c--a-w- c:\program files\snpvw.exe 2007-07-15 07:14 . 2007-07-15 06:51 49943864 -c--a-w- c:\program files\iTunesSetup.exe 2007-04-08 07:51 . 2007-04-08 07:38 7930697 -c--a-w- c:\program files\gimp-2.2.13-i586-setup-1.zip 2007-04-08 07:44 . 2007-04-08 07:44 5671965 -c--a-w- c:\program files\gtk+-2.10.6-1-setup.zip 2006-03-07 14:38 . 2006-03-07 14:37 8619112 -c--a-w- c:\program files\IncrediMailSetup_fr.exe 2006-02-14 17:21 . 2006-02-14 17:21 11817800 -c--a-w- c:\program files\GoogleEarth.exe . ((((((((((((((((((((((((((((( SnapShot@2009-12-27_16.36.40 ))))))))))))))))))))))))))))))))))))))))) . + 2010-04-11 15:51 . 2010-04-11 15:51 16384 c:\windows\Temp\Perflib_Perfdata_690.dat - 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe + 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe + 2004-08-16 16:41 . 2010-01-11 08:24 85114 c:\windows\system32\perfc00C.dat + 2004-08-16 16:40 . 2010-01-11 08:24 71510 c:\windows\system32\perfc009.dat + 2004-08-03 23:54 . 2009-11-27 17:13 17920 c:\windows\system32\msyuv.dll + 2004-08-16 16:40 . 2009-11-27 16:08 28672 c:\windows\system32\msvidc32.dll + 2004-08-16 16:40 . 2009-11-27 16:08 11264 c:\windows\system32\msrle32.dll - 2004-08-16 16:40 . 2008-04-14 02:33 11264 c:\windows\system32\msrle32.dll + 2006-11-07 20:03 . 2010-02-25 06:17 55296 c:\windows\system32\msfeedsbs.dll - 2006-11-07 20:03 . 2009-10-29 07:42 55296 c:\windows\system32\msfeedsbs.dll + 2009-10-04 07:32 . 2010-01-01 08:51 58688 c:\windows\system32\mlfcache.dat + 2010-01-12 05:54 . 2010-01-12 05:54 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll - 2009-03-23 10:30 . 2009-03-23 10:30 98304 c:\windows\system32\Macromed\Shockwave 10\SwOnce.dll + 2010-01-12 05:54 . 2010-01-12 05:54 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll - 2009-03-23 10:30 . 2009-03-23 10:30 86016 c:\windows\system32\Macromed\Shockwave 10\SwMenuX.dll + 2010-01-12 05:54 . 2010-01-12 05:54 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe - 2009-03-23 10:30 . 2009-03-23 10:30 77824 c:\windows\system32\Macromed\Shockwave 10\SwInit.exe + 2010-01-12 05:54 . 2010-01-12 05:54 79488 c:\windows\system32\Macromed\Shockwave 10\gtapi.dll + 2010-01-12 05:54 . 2010-01-12 05:54 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll - 2009-03-23 10:30 . 2009-03-23 10:30 24576 c:\windows\system32\Macromed\Shockwave 10\DynaPlayer.dll + 2007-05-08 11:11 . 2010-03-04 17:04 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe - 2004-08-16 16:40 . 2009-10-29 07:42 25600 c:\windows\system32\jsproxy.dll + 2004-08-16 16:40 . 2010-02-25 06:17 25600 c:\windows\system32\jsproxy.dll + 2004-08-03 23:54 . 2009-11-27 16:08 48128 c:\windows\system32\iyuv_32.dll - 2004-08-16 16:40 . 2009-06-16 14:40 81920 c:\windows\system32\fontsub.dll + 2004-08-16 16:40 . 2009-10-15 16:32 81920 c:\windows\system32\fontsub.dll + 2010-04-05 06:31 . 2009-10-16 00:33 41472 c:\windows\system32\DRVSTORE\usbaapl_E0F497D6C8B1C59AEB6422181BF0AFABD8356D47\usbaapl.sys + 2007-11-10 10:30 . 2009-10-16 00:33 41472 c:\windows\system32\drivers\usbaapl.sys - 2009-12-27 08:16 . 2009-10-29 07:42 12800 c:\windows\system32\dllcache\xpshims.dll + 2009-12-27 08:16 . 2010-02-25 06:17 12800 c:\windows\system32\dllcache\xpshims.dll + 2009-11-27 17:13 . 2009-11-27 17:13 17920 c:\windows\system32\dllcache\msyuv.dll + 2009-11-27 16:08 . 2009-11-27 16:08 28672 c:\windows\system32\dllcache\msvidc32.dll + 2009-11-27 16:08 . 2009-11-27 16:08 11264 c:\windows\system32\dllcache\msrle32.dll + 2007-04-25 07:39 . 2010-02-25 06:17 55296 c:\windows\system32\dllcache\msfeedsbs.dll - 2007-04-25 07:39 . 2009-10-29 07:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll - 2004-08-16 16:40 . 2009-10-29 07:42 25600 c:\windows\system32\dllcache\jsproxy.dll + 2004-08-16 16:40 . 2010-02-25 06:17 25600 c:\windows\system32\dllcache\jsproxy.dll + 2009-11-27 16:08 . 2009-11-27 16:08 48128 c:\windows\system32\dllcache\iyuv_32.dll - 2009-06-16 14:40 . 2009-06-16 14:40 81920 c:\windows\system32\dllcache\fontsub.dll + 2009-06-16 14:40 . 2009-10-15 16:32 81920 c:\windows\system32\dllcache\fontsub.dll + 2009-12-14 07:09 . 2009-12-14 07:09 33280 c:\windows\system32\dllcache\csrsrv.dll + 2010-01-13 14:01 . 2010-01-13 14:01 87040 c:\windows\system32\dllcache\cabview.dll + 2009-06-10 14:14 . 2009-11-27 16:08 85504 c:\windows\system32\dllcache\avifil32.dll - 2009-06-10 14:14 . 2009-06-10 14:14 85504 c:\windows\system32\dllcache\avifil32.dll + 2004-08-16 16:40 . 2009-12-14 07:09 33280 c:\windows\system32\csrsrv.dll - 2006-01-03 19:30 . 2009-12-27 11:23 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-01-03 19:30 . 2010-04-21 06:22 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-01-03 19:30 . 2009-12-27 11:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2006-01-03 19:30 . 2010-04-21 06:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat + 2009-12-27 18:05 . 2010-04-21 06:22 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2006-01-03 19:30 . 2009-12-27 11:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2004-08-16 16:39 . 2010-01-13 14:01 87040 c:\windows\system32\cabview.dll - 2004-08-16 16:39 . 2009-06-10 14:14 85504 c:\windows\system32\avifil32.dll + 2004-08-16 16:39 . 2009-11-27 16:08 85504 c:\windows\system32\avifil32.dll + 2009-06-15 16:46 . 2010-01-24 16:15 87716 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe + 2010-01-18 07:10 . 2010-01-18 07:10 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll - 2009-04-28 10:23 . 2009-04-28 10:23 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll + 2010-01-18 06:38 . 2010-01-18 06:38 79488 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll + 2010-01-18 07:25 . 2010-01-18 07:25 65816 c:\windows\system32\Adobe\Director\SWDNLD.EXE + 2010-03-18 06:37 . 2010-03-18 06:37 22528 c:\windows\Installer\298ccc.msi + 2010-04-05 17:11 . 2010-04-05 17:11 25214 c:\windows\Installer\{656C0E21-331E-11DF-81CE-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2010-04-05 17:11 . 2010-04-05 17:11 25214 c:\windows\Installer\{656C0E21-331E-11DF-81CE-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-04-05 17:11 . 2010-04-05 17:11 25214 c:\windows\Installer\{656C0E21-331E-11DF-81CE-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2010-04-05 17:11 . 2010-04-05 17:11 25214 c:\windows\Installer\{656C0E21-331E-11DF-81CE-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2010-04-05 17:11 . 2010-04-05 17:11 25214 c:\windows\Installer\{656C0E21-331E-11DF-81CE-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-04-05 17:11 . 2010-04-05 17:11 25214 c:\windows\Installer\{656C0E21-331E-11DF-81CE-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2010-04-05 17:11 . 2010-04-05 17:11 25214 c:\windows\Installer\{656C0E21-331E-11DF-81CE-005056806466}\ARPPRODUCTICON.exe + 2010-02-12 12:37 . 2010-02-12 12:37 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2010-04-01 21:41 . 2009-12-21 19:07 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll + 2010-04-01 21:41 . 2009-12-21 19:06 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll + 2010-04-01 21:41 . 2009-12-21 19:06 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll + 2010-01-21 22:27 . 2009-10-29 07:42 12800 c:\windows\ie8updates\KB978207-IE8\xpshims.dll + 2010-01-21 22:27 . 2009-10-29 07:42 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll + 2010-01-21 22:27 . 2009-10-29 07:42 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll + 2009-11-27 17:13 . 2009-11-27 17:13 17920 c:\windows\Driver Cache\i386\msyuv.dll + 2009-11-27 16:08 . 2009-11-27 16:08 48128 c:\windows\Driver Cache\i386\iyuv_32.dll + 2010-02-24 22:08 . 2009-10-28 15:07 46080 c:\windows\$NtUninstallKB979306$\tzchange.exe + 2010-02-24 22:08 . 2010-01-23 10:42 16896 c:\windows\$NtUninstallKB979306$\spuninst\tzchange.dll + 2010-02-10 23:34 . 2008-04-14 02:33 32256 c:\windows\$NtUninstallKB978037$\csrsrv.dll + 2010-02-10 23:33 . 2004-08-05 13:00 25600 c:\windows\$NtUninstallKB977914$\msvidc32.dll + 2010-02-10 23:33 . 2008-04-14 02:33 11264 c:\windows\$NtUninstallKB977914$\msrle32.dll + 2010-02-10 23:33 . 2008-04-14 02:33 47616 c:\windows\$NtUninstallKB977914$\iyuv_32.dll + 2010-02-10 23:33 . 2009-06-10 14:14 85504 c:\windows\$NtUninstallKB977914$\avifil32.dll + 2010-02-10 23:34 . 2008-04-14 02:33 16896 c:\windows\$NtUninstallKB975560$\msyuv.dll + 2010-01-12 23:33 . 2009-06-16 14:40 81920 c:\windows\$NtUninstallKB972270$\fontsub.dll + 2010-02-10 23:33 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978706\update\spcustom.dll + 2010-02-10 23:33 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB978706\spmsg.dll + 2010-02-10 23:37 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978262\update\spcustom.dll + 2010-02-10 23:37 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB978262\spmsg.dll + 2010-02-10 23:34 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978251\update\spcustom.dll + 2010-02-10 23:34 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB978251\spmsg.dll + 2010-01-21 22:27 . 2008-07-08 13:03 26488 c:\windows\$hf_mig$\KB978207-IE8\update\spcustom.dll + 2010-01-21 22:27 . 2008-07-08 13:03 18296 c:\windows\$hf_mig$\KB978207-IE8\spmsg.dll + 2010-01-21 19:05 . 2009-12-21 19:01 12800 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\xpshims.dll + 2010-01-21 19:05 . 2009-12-21 19:01 55296 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\msfeedsbs.dll + 2010-01-21 19:05 . 2009-12-21 19:01 25600 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\jsproxy.dll + 2010-02-10 23:34 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB978037\update\spcustom.dll + 2010-02-10 23:34 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB978037\spmsg.dll + 2009-12-14 07:11 . 2009-12-14 07:11 33280 c:\windows\$hf_mig$\KB978037\SP3QFE\csrsrv.dll + 2010-02-10 23:33 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977914\update\spcustom.dll + 2010-02-10 23:33 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB977914\spmsg.dll + 2009-11-27 16:29 . 2009-11-27 16:29 28672 c:\windows\$hf_mig$\KB977914\SP3QFE\msvidc32.dll + 2009-11-27 16:29 . 2009-11-27 16:29 11264 c:\windows\$hf_mig$\KB977914\SP3QFE\msrle32.dll + 2009-11-27 16:29 . 2009-11-27 16:29 48128 c:\windows\$hf_mig$\KB977914\SP3QFE\iyuv_32.dll + 2009-11-27 16:29 . 2009-11-27 16:29 85504 c:\windows\$hf_mig$\KB977914\SP3QFE\avifil32.dll + 2010-02-20 09:19 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB977165\update\spcustom.dll + 2010-02-20 09:19 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB977165\spmsg.dll + 2010-02-24 22:09 . 2008-07-08 13:03 26488 c:\windows\$hf_mig$\KB976662-IE8\update\spcustom.dll + 2010-02-24 22:09 . 2008-07-08 13:03 18296 c:\windows\$hf_mig$\KB976662-IE8\spmsg.dll + 2010-02-10 23:34 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975713\update\spcustom.dll + 2010-02-10 23:34 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB975713\spmsg.dll + 2010-03-10 23:17 . 2008-07-08 13:03 26488 c:\windows\$hf_mig$\KB975561\update\spcustom.dll + 2010-03-10 23:17 . 2008-07-08 13:03 18296 c:\windows\$hf_mig$\KB975561\spmsg.dll + 2010-02-10 23:34 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB975560\update\spcustom.dll + 2010-02-10 23:34 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB975560\spmsg.dll + 2009-11-27 17:25 . 2009-11-27 17:25 17920 c:\windows\$hf_mig$\KB975560\SP3QFE\msyuv.dll + 2010-01-12 23:33 . 2008-07-08 13:03 26488 c:\windows\$hf_mig$\KB972270\update\spcustom.dll + 2010-01-12 23:33 . 2008-07-08 13:03 18296 c:\windows\$hf_mig$\KB972270\spmsg.dll + 2010-01-12 22:51 . 2009-10-15 16:39 81920 c:\windows\$hf_mig$\KB972270\SP3QFE\fontsub.dll + 2009-12-28 11:57 . 2008-07-08 13:03 26488 c:\windows\$hf_mig$\KB971961-IE8\update\spcustom.dll + 2009-12-28 11:57 . 2008-07-08 13:03 18296 c:\windows\$hf_mig$\KB971961-IE8\spmsg.dll + 2010-02-10 23:37 . 2008-07-08 13:03 26488 c:\windows\$hf_mig$\KB971468\update\spcustom.dll + 2010-02-10 23:37 . 2008-07-08 13:03 18296 c:\windows\$hf_mig$\KB971468\spmsg.dll + 2010-01-12 23:33 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll + 2010-01-12 23:33 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB955759\spmsg.dll + 2001-08-23 16:47 . 2009-11-27 16:08 8704 c:\windows\system32\tsbyuv.dll + 2009-11-27 16:08 . 2009-11-27 16:08 8704 c:\windows\system32\dllcache\tsbyuv.dll + 2010-01-18 07:12 . 2010-01-18 07:12 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll - 2009-04-28 10:26 . 2009-04-28 10:26 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll + 2009-11-27 16:08 . 2009-11-27 16:08 8704 c:\windows\Driver Cache\i386\tsbyuv.dll + 2010-02-10 23:33 . 2004-08-05 13:00 8192 c:\windows\$NtUninstallKB977914$\tsbyuv.dll + 2009-11-27 16:29 . 2009-11-27 16:29 8704 c:\windows\$hf_mig$\KB977914\SP3QFE\tsbyuv.dll + 2004-08-16 16:41 . 2009-12-24 07:00 177664 c:\windows\system32\wintrust.dll + 2004-08-16 16:41 . 2009-10-15 16:32 119808 c:\windows\system32\t2embed.dll - 2004-08-16 16:41 . 2009-06-16 14:40 119808 c:\windows\system32\t2embed.dll - 2004-08-16 16:41 . 2008-04-14 02:33 474624 c:\windows\system32\shlwapi.dll + 2004-08-16 16:41 . 2009-12-08 09:24 474624 c:\windows\system32\shlwapi.dll + 2004-08-16 16:41 . 2010-01-11 08:24 511074 c:\windows\system32\perfh00C.dat + 2004-08-16 16:40 . 2010-01-11 08:24 441574 c:\windows\system32\perfh009.dat - 2004-08-16 16:40 . 2009-10-29 07:42 206848 c:\windows\system32\occache.dll + 2004-08-16 16:40 . 2010-02-25 06:17 206848 c:\windows\system32\occache.dll + 2004-08-16 16:40 . 2010-02-25 06:17 611840 c:\windows\system32\mstime.dll - 2004-08-16 16:40 . 2009-03-08 03:32 611840 c:\windows\system32\mstime.dll - 2004-08-16 17:03 . 2008-04-14 02:34 347648 c:\windows\system32\mspaint.exe + 2004-08-16 17:03 . 2009-12-17 07:41 347648 c:\windows\system32\mspaint.exe + 2006-11-07 20:03 . 2010-02-25 06:17 594432 c:\windows\system32\msfeeds.dll - 2006-11-07 20:03 . 2009-10-29 07:42 594432 c:\windows\system32\msfeeds.dll + 2010-01-12 05:54 . 2010-01-12 05:54 136568 c:\windows\system32\Macromed\Shockwave 10\SYMCCHECKER.DLL - 2009-03-23 10:30 . 2009-03-23 10:30 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll + 2010-01-12 05:54 . 2010-01-12 05:54 180224 c:\windows\system32\Macromed\Shockwave 10\Proj.dll - 2009-03-23 10:30 . 2009-03-23 10:30 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll + 2010-01-12 05:54 . 2010-01-12 05:54 475136 c:\windows\system32\Macromed\Shockwave 10\PluginPing.dll - 2009-05-13 08:57 . 2009-05-13 08:57 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll + 2010-01-12 05:54 . 2010-01-12 05:54 339968 c:\windows\system32\Macromed\Shockwave 10\Plugin.dll + 2010-01-12 05:54 . 2010-01-12 05:54 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll - 2009-03-23 10:30 . 2009-03-23 10:30 606208 c:\windows\system32\Macromed\Shockwave 10\iml32X.dll + 2010-01-12 05:54 . 2010-01-12 05:54 753152 c:\windows\system32\Macromed\Shockwave 10\gi.dll + 2010-01-12 05:54 . 2010-01-12 05:54 471040 c:\windows\system32\Macromed\Shockwave 10\Control.dll + 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe + 2004-08-16 16:40 . 2009-12-09 05:54 726528 c:\windows\system32\jscript.dll - 2004-08-16 16:40 . 2009-03-08 03:33 726528 c:\windows\system32\jscript.dll + 2004-08-16 16:40 . 2010-02-25 06:17 184320 c:\windows\system32\iepeers.dll - 2004-08-16 16:40 . 2009-10-29 07:42 184320 c:\windows\system32\iepeers.dll - 2004-08-16 16:40 . 2009-10-29 07:42 387584 c:\windows\system32\iedkcs32.dll + 2004-08-16 16:40 . 2010-02-25 06:17 387584 c:\windows\system32\iedkcs32.dll - 2004-08-16 16:40 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe + 2004-08-16 16:40 . 2010-02-24 09:55 173056 c:\windows\system32\ie4uinit.exe + 2004-08-16 16:41 . 2009-12-31 16:50 353792 c:\windows\system32\drivers\srv.sys + 2009-12-24 07:00 . 2009-12-24 07:00 177664 c:\windows\system32\dllcache\wintrust.dll + 2006-05-10 05:24 . 2010-02-25 06:17 916480 c:\windows\system32\dllcache\wininet.dll - 2006-05-10 05:24 . 2009-10-29 07:42 916480 c:\windows\system32\dllcache\wininet.dll + 2008-05-09 10:55 . 2010-03-10 06:16 420352 c:\windows\system32\dllcache\vbscript.dll - 2008-05-09 10:55 . 2009-03-08 03:33 420352 c:\windows\system32\dllcache\vbscript.dll + 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys - 2009-06-16 14:40 . 2009-06-16 14:40 119808 c:\windows\system32\dllcache\t2embed.dll + 2009-06-16 14:40 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll + 2008-10-17 17:41 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys + 2009-01-07 17:21 . 2009-12-08 09:24 474624 c:\windows\system32\dllcache\shlwapi.dll - 2009-01-07 17:21 . 2009-01-07 17:21 474624 c:\windows\system32\dllcache\shlwapi.dll - 2006-10-17 11:04 . 2009-10-29 07:42 206848 c:\windows\system32\dllcache\occache.dll + 2006-10-17 11:04 . 2010-02-25 06:17 206848 c:\windows\system32\dllcache\occache.dll - 2006-05-10 05:24 . 2009-03-08 03:32 611840 c:\windows\system32\dllcache\mstime.dll + 2006-05-10 05:24 . 2010-02-25 06:17 611840 c:\windows\system32\dllcache\mstime.dll + 2009-12-17 07:41 . 2009-12-17 07:41 347648 c:\windows\system32\dllcache\mspaint.exe + 2007-04-25 07:39 . 2010-02-25 06:17 594432 c:\windows\system32\dllcache\msfeeds.dll - 2007-04-25 07:39 . 2009-10-29 07:42 594432 c:\windows\system32\dllcache\msfeeds.dll + 2008-11-14 14:54 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys - 2008-05-09 10:55 . 2009-03-08 03:33 726528 c:\windows\system32\dllcache\jscript.dll + 2008-05-09 10:55 . 2009-12-09 05:54 726528 c:\windows\system32\dllcache\jscript.dll + 2009-12-27 08:16 . 2010-02-25 06:17 247808 c:\windows\system32\dllcache\ieproxy.dll + 2006-05-10 05:24 . 2010-02-25 06:17 184320 c:\windows\system32\dllcache\iepeers.dll - 2006-05-10 05:24 . 2009-10-29 07:42 184320 c:\windows\system32\dllcache\iepeers.dll + 2006-11-07 02:27 . 2010-02-25 06:17 387584 c:\windows\system32\dllcache\iedkcs32.dll - 2006-11-07 02:27 . 2009-10-29 07:42 387584 c:\windows\system32\dllcache\iedkcs32.dll - 2006-11-07 02:26 . 2009-10-28 14:40 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2006-11-07 02:26 . 2010-02-24 09:55 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2004-08-16 16:39 . 2009-11-21 15:58 471552 c:\windows\system32\dllcache\aclayers.dll + 2010-02-12 04:34 . 2010-02-12 04:34 100864 c:\windows\system32\dllcache\6to4svc.dll + 2010-01-18 06:38 . 2010-01-18 06:38 136568 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL + 2010-01-18 07:10 . 2010-01-18 07:10 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe - 2009-04-28 10:24 . 2009-04-28 10:24 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe + 2010-01-18 07:23 . 2010-01-18 07:23 459032 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1156606.exe - 2009-04-28 10:26 . 2009-04-28 10:26 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll + 2010-01-18 07:12 . 2010-01-18 07:12 446464 c:\windows\system32\Adobe\Shockwave 11\Proj.dll - 2009-04-28 10:24 . 2009-04-28 10:24 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll + 2010-01-18 07:11 . 2010-01-18 07:11 372736 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll + 2010-01-18 06:38 . 2010-01-18 06:38 742912 c:\windows\system32\Adobe\Shockwave 11\gi.dll + 2010-01-18 07:10 . 2010-01-18 07:10 503808 c:\windows\system32\Adobe\Shockwave 11\Control.dll + 2010-01-18 07:24 . 2010-01-18 07:24 213272 c:\windows\system32\Adobe\Director\SwDir.dll + 2010-01-18 07:12 . 2010-01-18 07:12 135168 c:\windows\system32\Adobe\Director\np32dsw.dll + 2009-12-27 20:13 . 2009-12-27 20:13 816640 c:\windows\Installer\75f711.msi + 2010-04-05 06:29 . 2010-04-05 06:29 791552 c:\windows\Installer\14fc64.msi + 2010-01-01 18:18 . 2010-01-01 18:18 307200 c:\windows\Installer\{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}\SafariIco.exe + 2010-04-05 06:42 . 2010-04-05 06:42 372736 c:\windows\Installer\{996A2FAA-7514-4628-9D12-A8FC34A0016E}\iTunesIco.exe + 2009-12-27 20:13 . 2009-12-27 20:13 102400 c:\windows\Installer\{818ABC3C-635C-4651-8183-D0E9640B7DD1}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe + 2010-04-15 10:23 . 2009-03-08 03:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll + 2010-04-15 10:23 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll + 2010-04-15 10:23 . 2009-05-26 11:40 234872 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe + 2010-04-01 21:41 . 2009-12-21 19:07 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll + 2010-04-01 21:41 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll + 2010-04-01 21:41 . 2009-05-26 11:40 234872 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe + 2010-04-01 21:41 . 2009-12-21 19:07 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll + 2010-04-01 21:41 . 2009-03-08 03:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll + 2010-04-01 21:41 . 2009-12-21 19:06 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll + 2010-04-01 21:41 . 2009-12-21 19:06 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll + 2010-04-01 21:41 . 2009-12-21 19:06 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll + 2010-04-01 21:41 . 2009-12-21 19:06 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll + 2010-04-01 21:41 . 2009-12-21 13:20 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe + 2010-01-21 22:27 . 2009-10-29 07:42 916480 c:\windows\ie8updates\KB978207-IE8\wininet.dll + 2010-01-21 22:27 . 2009-05-26 11:40 406392 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll + 2010-01-21 22:27 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe + 2010-01-21 22:27 . 2009-10-29 07:42 206848 c:\windows\ie8updates\KB978207-IE8\occache.dll + 2010-01-21 22:27 . 2009-10-29 07:42 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll + 2010-01-21 22:27 . 2009-10-29 07:42 246272 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll + 2010-01-21 22:27 . 2009-10-29 07:42 184320 c:\windows\ie8updates\KB978207-IE8\iepeers.dll + 2010-01-21 22:27 . 2009-10-29 07:42 387584 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll + 2010-01-21 22:27 . 2009-10-28 14:40 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe + 2010-02-24 22:09 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll + 2010-02-24 22:09 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe + 2010-02-24 22:09 . 2009-06-22 06:47 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll + 2009-12-28 11:57 . 2008-07-08 13:04 406392 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll + 2009-12-28 11:57 . 2008-07-08 13:03 234872 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe + 2009-12-28 11:57 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll + 2008-11-14 14:54 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys + 2004-08-16 16:39 . 2009-11-21 15:58 471552 c:\windows\AppPatch\aclayers.dll + 2010-02-24 22:08 . 2009-05-26 11:40 406392 c:\windows\$NtUninstallKB979306$\spuninst\updspapi.dll + 2010-02-24 22:08 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB979306$\spuninst\spuninst.exe + 2010-02-10 23:33 . 2009-05-26 11:40 406392 c:\windows\$NtUninstallKB978706$\spuninst\updspapi.dll + 2010-02-10 23:33 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978706$\spuninst\spuninst.exe + 2010-02-10 23:33 . 2008-04-14 02:34 347648 c:\windows\$NtUninstallKB978706$\mspaint.exe + 2010-02-10 23:37 . 2009-05-26 11:40 406392 c:\windows\$NtUninstallKB978262$\spuninst\updspapi.dll + 2010-02-10 23:37 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978262$\spuninst\spuninst.exe + 2010-02-10 23:34 . 2009-05-26 11:40 406392 c:\windows\$NtUninstallKB978251$\spuninst\updspapi.dll + 2010-02-10 23:34 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978251$\spuninst\spuninst.exe + 2010-02-10 23:34 . 2008-10-24 11:21 455296 c:\windows\$NtUninstallKB978251$\mrxsmb.sys + 2010-02-10 23:34 . 2009-05-26 11:40 406392 c:\windows\$NtUninstallKB978037$\spuninst\updspapi.dll + 2010-02-10 23:34 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB978037$\spuninst\spuninst.exe + 2010-02-10 23:33 . 2009-05-26 11:40 406392 c:\windows\$NtUninstallKB977914$\spuninst\updspapi.dll + 2010-02-10 23:33 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB977914$\spuninst\spuninst.exe + 2010-02-20 09:19 . 2009-05-26 11:40 406392 c:\windows\$NtUninstallKB977165$\spuninst\updspapi.dll + 2010-02-20 09:19 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB977165$\spuninst\spuninst.exe + 2010-02-10 23:34 . 2009-05-26 11:40 406392 c:\windows\$NtUninstallKB975713$\spuninst\updspapi.dll + 2010-02-10 23:34 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB975713$\spuninst\spuninst.exe + 2010-02-10 23:34 . 2008-04-14 02:33 474624 c:\windows\$NtUninstallKB975713$\shlwapi.dll + 2010-03-10 23:17 . 2009-05-26 16:11 406392 c:\windows\$NtUninstallKB975561$\spuninst\updspapi.dll + 2010-03-10 23:17 . 2008-07-08 13:03 234872 c:\windows\$NtUninstallKB975561$\spuninst\spuninst.exe + 2010-02-10 23:34 . 2009-05-26 11:40 406392 c:\windows\$NtUninstallKB975560$\spuninst\updspapi.dll + 2010-02-10 23:34 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB975560$\spuninst\spuninst.exe + 2010-01-12 23:33 . 2009-06-16 14:40 119808 c:\windows\$NtUninstallKB972270$\t2embed.dll + 2010-01-12 23:33 . 2008-07-08 13:04 406392 c:\windows\$NtUninstallKB972270$\spuninst\updspapi.dll + 2010-01-12 23:33 . 2008-07-08 13:03 234872 c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe + 2010-02-10 23:37 . 2008-12-11 10:57 333952 c:\windows\$NtUninstallKB971468$\srv.sys + 2010-02-10 23:37 . 2008-07-08 13:04 406392 c:\windows\$NtUninstallKB971468$\spuninst\updspapi.dll + 2010-02-10 23:37 . 2008-07-08 13:03 234872 c:\windows\$NtUninstallKB971468$\spuninst\spuninst.exe + 2010-01-12 23:33 . 2009-05-26 16:11 406392 c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll + 2010-01-12 23:33 . 2009-05-26 11:40 234872 c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe + 2010-01-12 23:33 . 2008-04-14 02:33 451072 c:\windows\$NtUninstallKB955759$\aclayers.dll + 2010-02-10 23:33 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB978706\update\updspapi.dll + 2010-02-10 23:33 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB978706\update\update.exe + 2010-02-10 23:33 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978706\spuninst.exe + 2009-12-17 07:38 . 2009-12-17 07:38 347648 c:\windows\$hf_mig$\KB978706\SP3QFE\mspaint.exe + 2010-02-10 23:37 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB978262\update\updspapi.dll + 2010-02-10 23:37 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB978262\update\update.exe + 2010-02-10 23:37 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978262\spuninst.exe + 2010-02-10 23:34 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB978251\update\updspapi.dll + 2010-02-10 23:34 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB978251\update\update.exe + 2010-02-10 23:34 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978251\spuninst.exe + 2010-02-10 22:59 . 2009-12-04 17:25 456832 c:\windows\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys + 2010-01-21 22:27 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB978207-IE8\update\updspapi.dll + 2010-01-21 22:27 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB978207-IE8\update\update.exe + 2010-01-21 22:27 . 2008-07-08 13:03 234872 c:\windows\$hf_mig$\KB978207-IE8\spuninst.exe + 2010-01-21 19:05 . 2009-12-21 19:01 916480 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll + 2010-01-21 19:05 . 2009-12-21 19:01 206848 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\occache.dll + 2010-01-21 19:05 . 2009-12-21 19:01 594432 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\msfeeds.dll + 2010-01-21 19:05 . 2009-12-21 19:01 246272 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\ieproxy.dll + 2010-01-21 19:05 . 2009-12-21 19:01 184320 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\iepeers.dll + 2010-01-21 19:05 . 2009-12-21 19:01 387584 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\iedkcs32.dll + 2010-01-21 19:05 . 2009-12-21 13:22 173056 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\ie4uinit.exe + 2010-02-10 23:34 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB978037\update\updspapi.dll + 2010-02-10 23:34 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB978037\update\update.exe + 2010-02-10 23:34 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB978037\spuninst.exe + 2010-02-10 23:33 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB977914\update\updspapi.dll + 2010-02-10 23:33 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB977914\update\update.exe + 2010-02-10 23:33 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB977914\spuninst.exe + 2010-02-20 09:19 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB977165\update\updspapi.dll + 2010-02-20 09:19 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB977165\update\update.exe + 2010-02-20 09:19 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB977165\spuninst.exe + 2010-02-24 22:09 . 2008-07-08 13:04 406392 c:\windows\$hf_mig$\KB976662-IE8\update\updspapi.dll + 2010-02-24 22:09 . 2008-07-08 13:03 767352 c:\windows\$hf_mig$\KB976662-IE8\update\update.exe + 2010-02-24 22:09 . 2008-07-08 13:03 234872 c:\windows\$hf_mig$\KB976662-IE8\spuninst.exe + 2010-02-24 07:30 . 2009-12-09 05:52 726528 c:\windows\$hf_mig$\KB976662-IE8\SP3QFE\jscript.dll + 2010-02-10 23:34 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB975713\update\updspapi.dll + 2010-02-10 23:34 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB975713\update\update.exe + 2010-02-10 23:34 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB975713\spuninst.exe + 2009-12-08 09:02 . 2009-12-08 09:02 474624 c:\windows\$hf_mig$\KB975713\SP3QFE\shlwapi.dll + 2010-03-10 23:17 . 2009-05-26 16:11 406392 c:\windows\$hf_mig$\KB975561\update\updspapi.dll + 2010-03-10 23:17 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB975561\update\update.exe + 2010-03-10 23:17 . 2008-07-08 13:03 234872 c:\windows\$hf_mig$\KB975561\spuninst.exe + 2010-02-10 23:34 . 2009-05-26 11:40 406392 c:\windows\$hf_mig$\KB975560\update\updspapi.dll + 2010-02-10 23:34 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB975560\update\update.exe + 2010-02-10 23:34 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB975560\spuninst.exe + 2010-01-12 23:33 . 2008-07-08 13:04 406392 c:\windows\$hf_mig$\KB972270\update\updspapi.dll + 2010-01-12 23:33 . 2008-07-08 13:03 767352 c:\windows\$hf_mig$\KB972270\update\update.exe + 2010-01-12 23:33 . 2008-07-08 13:03 234872 c:\windows\$hf_mig$\KB972270\spuninst.exe + 2010-01-12 22:51 . 2009-10-15 16:39 119808 c:\windows\$hf_mig$\KB972270\SP3QFE\t2embed.dll + 2009-12-28 11:57 . 2008-07-08 13:04 406392 c:\windows\$hf_mig$\KB971961-IE8\update\updspapi.dll + 2009-12-28 11:57 . 2008-07-08 13:03 767352 c:\windows\$hf_mig$\KB971961-IE8\update\update.exe + 2009-12-28 11:57 . 2008-07-08 13:03 234872 c:\windows\$hf_mig$\KB971961-IE8\spuninst.exe + 2009-12-28 07:38 . 2009-06-22 06:49 726528 c:\windows\$hf_mig$\KB971961-IE8\SP3QFE\jscript.dll + 2010-02-10 23:37 . 2008-07-08 13:04 406392 c:\windows\$hf_mig$\KB971468\update\updspapi.dll + 2010-02-10 23:37 . 2008-07-08 13:03 767352 c:\windows\$hf_mig$\KB971468\update\update.exe + 2010-02-10 23:37 . 2008-07-08 13:03 234872 c:\windows\$hf_mig$\KB971468\spuninst.exe + 2010-02-10 22:59 . 2010-01-01 07:58 353792 c:\windows\$hf_mig$\KB971468\SP3QFE\srv.sys + 2010-01-12 23:33 . 2009-05-26 16:11 406392 c:\windows\$hf_mig$\KB955759\update\updspapi.dll + 2010-01-12 23:33 . 2009-05-26 11:40 767352 c:\windows\$hf_mig$\KB955759\update\update.exe + 2010-01-12 23:33 . 2009-05-26 11:40 234872 c:\windows\$hf_mig$\KB955759\spuninst.exe + 2010-01-12 22:51 . 2009-11-21 15:46 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll + 2009-06-09 05:28 . 2009-10-16 00:33 3003680 c:\windows\system32\usbaaplrc.dll + 2004-08-16 16:41 . 2010-02-25 06:17 1209344 c:\windows\system32\urlmon.dll + 2004-08-16 16:40 . 2009-11-27 17:13 1297920 c:\windows\system32\quartz.dll + 2004-08-16 16:40 . 2010-02-25 06:17 5944832 c:\windows\system32\mshtml.dll + 2010-01-12 05:54 . 2010-01-12 05:54 1975408 c:\windows\system32\Macromed\Shockwave 10\gt.exe + 2010-01-12 05:54 . 2010-01-12 05:54 1490944 c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll - 2009-05-13 08:57 . 2009-05-13 08:57 1490944 c:\windows\system32\Macromed\Shockwave 10\dirapiX.dll - 2006-10-17 10:57 . 2009-10-29 07:42 1985536 c:\windows\system32\iertutil.dll + 2006-10-17 10:57 . 2010-02-25 06:17 1985536 c:\windows\system32\iertutil.dll + 2010-04-05 06:31 . 2009-10-16 00:33 3003680 c:\windows\system32\DRVSTORE\usbaapl_E0F497D6C8B1C59AEB6422181BF0AFABD8356D47\usbaaplrc.dll + 2006-05-10 05:24 . 2010-02-25 06:17 1209344 c:\windows\system32\dllcache\urlmon.dll + 2008-05-07 05:11 . 2009-11-27 17:13 1297920 c:\windows\system32\dllcache\quartz.dll + 2008-10-17 17:40 . 2010-02-17 12:07 2192000 c:\windows\system32\dllcache\ntoskrnl.exe + 2008-10-17 17:40 . 2010-02-16 19:06 2026496 c:\windows\system32\dllcache\ntkrpamp.exe + 2008-10-17 17:40 . 2010-02-16 19:07 2068864 c:\windows\system32\dllcache\ntkrnlpa.exe + 2008-10-17 17:40 . 2010-02-16 19:06 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe + 2006-05-19 15:09 . 2010-02-25 06:17 5944832 c:\windows\system32\dllcache\mshtml.dll - 2004-08-16 17:06 . 2008-04-14 02:34 3558912 c:\windows\system32\dllcache\moviemk.exe + 2004-08-16 17:06 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe - 2007-04-25 07:39 . 2009-10-29 07:42 1985536 c:\windows\system32\dllcache\iertutil.dll + 2007-04-25 07:39 . 2010-02-25 06:17 1985536 c:\windows\system32\dllcache\iertutil.dll + 2010-01-18 06:44 . 2010-01-18 06:44 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll - 2009-04-28 10:00 . 2009-04-28 10:00 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll + 2010-01-18 06:38 . 2010-01-18 06:38 1975408 c:\windows\system32\Adobe\Shockwave 11\gt.exe - 2009-04-28 10:04 . 2009-04-28 10:04 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll + 2010-01-18 06:48 . 2010-01-18 06:48 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll + 2010-01-01 18:18 . 2010-01-01 18:18 2449408 c:\windows\Installer\23ece85.msi + 2010-04-05 17:11 . 2010-04-05 17:11 1234944 c:\windows\Installer\196a3f.msi + 2010-04-05 06:41 . 2010-04-05 06:41 4911104 c:\windows\Installer\150c16.msi + 2010-04-05 06:35 . 2010-04-05 06:35 9472000 c:\windows\Installer\150479.msi + 2010-04-05 06:33 . 2010-04-05 06:33 1774080 c:\windows\Installer\15014b.msi + 2010-04-05 06:31 . 2010-04-05 06:31 3165184 c:\windows\Installer\14fcb2.msi + 2010-04-05 06:30 . 2010-04-05 06:30 1984000 c:\windows\Installer\14fc77.msi + 2010-04-01 21:41 . 2009-12-21 19:07 1208832 c:\windows\ie8updates\KB980182-IE8\urlmon.dll + 2010-04-01 21:41 . 2009-12-21 19:07 5942784 c:\windows\ie8updates\KB980182-IE8\mshtml.dll + 2010-04-01 21:41 . 2009-12-21 19:06 1985536 c:\windows\ie8updates\KB980182-IE8\iertutil.dll + 2010-01-21 22:27 . 2009-10-29 07:42 1208832 c:\windows\ie8updates\KB978207-IE8\urlmon.dll + 2010-01-21 22:27 . 2009-10-29 07:42 5940736 c:\windows\ie8updates\KB978207-IE8\mshtml.dll + 2010-01-21 22:27 . 2009-10-29 07:42 1985536 c:\windows\ie8updates\KB978207-IE8\iertutil.dll + 2009-12-27 20:13 . 2009-12-27 20:13 1728512 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{EC391058-A292-41C5-92C7-95C5A09793B8}\HP Update.msi + 2008-10-17 17:40 . 2010-02-17 12:07 2192000 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2008-10-17 17:40 . 2010-02-16 19:06 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2008-10-17 17:40 . 2010-02-16 19:07 2068864 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2008-10-17 17:40 . 2010-02-16 19:06 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2010-02-20 09:19 . 2009-08-04 20:58 2191232 c:\windows\$NtUninstallKB977165$\ntoskrnl.exe + 2010-02-20 09:19 . 2009-08-04 17:27 2025984 c:\windows\$NtUninstallKB977165$\ntkrpamp.exe + 2010-02-20 09:19 . 2009-08-04 17:28 2068096 c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe + 2010-02-20 09:19 . 2009-08-04 17:27 2147328 c:\windows\$NtUninstallKB977165$\ntkrnlmp.exe + 2010-03-10 23:17 . 2008-04-14 02:34 3558912 c:\windows\$NtUninstallKB975561$\moviemk.exe + 2010-02-10 23:34 . 2009-06-03 19:10 1297408 c:\windows\$NtUninstallKB975560$\quartz.dll + 2010-01-21 19:05 . 2009-12-21 19:01 1209344 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\urlmon.dll + 2010-01-21 19:05 . 2009-12-21 19:01 5945856 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll + 2010-01-21 19:05 . 2009-12-21 19:01 1986048 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\iertutil.dll + 2009-12-09 14:32 . 2009-12-09 14:32 2191360 c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe + 2010-02-20 08:11 . 2009-12-09 10:02 2025984 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrpamp.exe + 2009-12-09 14:32 . 2009-12-09 14:32 2068224 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe + 2010-02-20 08:11 . 2009-12-09 10:02 2147328 c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlmp.exe + 2010-03-10 21:32 . 2009-10-23 14:53 3558912 c:\windows\$hf_mig$\KB975561\SP3QFE\moviemk.exe + 2009-11-27 17:25 . 2009-11-27 17:25 1297920 c:\windows\$hf_mig$\KB975560\SP3QFE\quartz.dll + 2006-02-16 09:48 . 2010-04-06 17:52 31971272 c:\windows\system32\MRT.exe + 2006-11-07 20:03 . 2010-02-25 09:47 11070976 c:\windows\system32\ieframe.dll + 2007-04-25 07:39 . 2010-02-25 09:47 11070976 c:\windows\system32\dllcache\ieframe.dll + 2010-01-20 22:40 . 2010-01-20 22:40 15710720 c:\windows\Installer\253f323.msp + 2010-04-01 21:41 . 2009-12-21 19:06 11070464 c:\windows\ie8updates\KB980182-IE8\ieframe.dll + 2010-01-21 22:27 . 2009-10-29 07:42 11069952 c:\windows\ie8updates\KB978207-IE8\ieframe.dll + 2009-12-22 13:01 . 2009-12-22 13:01 11070976 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\ieframe.dll . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-25 251264] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 67128] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-27 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144] "BrowserChoice"="c:\windows\system32\browserchoice.exe" [2010-02-12 293376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "nwiz"="nwiz.exe" [2005-08-02 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016] "NECHotkey"="mHotkey.exe" [2005-10-12 548864] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888] "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272] "MM_MODULE"="c:\program files\MIC\HAWAII\Hawaii.exe" [2005-07-12 90112] "OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2005-08-12 1859584] "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-03 180269] "LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728] "lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512] "EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2008-06-11 148784] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] d:\documents and settings\Lou\Menu D‚marrer\Programmes\D‚marrage\ monxga32.exe [2008-4-14 31232] d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-27 67128] Microsoft Office.lnk - d:\office\OSA9.EXE [1999-1-20 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 2005-08-12 16:01 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\\AOL 9.0\\aol.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\APPS\\Inventime\\my.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\incredimail_install.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\APPS\\skype\\phone\\Skype.exe"= "c:\\Program Files\\Magentic\\bin\\MgImp.exe"= "c:\\Program Files\\Magentic\\bin\\Magentic.exe"= "c:\\Program Files\\Magentic\\bin\\MgApp.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 13:31 92008] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/01/2006 21:07 799744] R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [01/01/1980 01:00 20736] S0 ybeyo;ybeyo; [x] S2 gupdate1c9aed76e7466f6;Google Update Service (gupdate1c9aed76e7466f6);c:\program files\Google\Update\GoogleUpdate.exe [27/03/2009 14:27 133104] S3 bDMusicb;bDMusicb;\??\d:\docume~1\Lou\LOCALS~1\Temp\bDMusicb.sys --> d:\docume~1\Lou\LOCALS~1\Temp\bDMusicb.sys [?] S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [16/08/2004 18:41 12800] . Contenu du dossier 'Tâches planifiées' 2010-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 10:34] 2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 12:27] 2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 12:27] 2010-04-11 c:\windows\Tasks\Norton Security Scan for Caro.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2010-02-26 15:45] 2010-04-21 c:\windows\Tasks\User_Feed_Synchronization-{560AF3C5-0A5E-43FE-A8BD-EED5401EDBB3}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://fr.weather.com/weather/10day-lisle-jourdain-frpc0411 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost;*.local IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxp://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-21 10:40 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(572) c:\apps\Softex\OmniPass\opxpgina.dll . Heure de fin: 2010-04-21 10:47:44 ComboFix-quarantined-files.txt 2010-04-21 08:47 ComboFix2.txt 2009-12-27 16:38 Avant-CF: 133 708 279 808 octets libres Après-CF: 133 690 019 840 octets libres - - End Of File - - 26F9096D34C3E687D47A01825950CF94

Ouvert à toute suggestion...

Merci, je me lance. Pour info je n'ai aps d'anti-virus depuis pas mal de temps. Je ml'y perdais entre toutes les offres et je trouvais que c'était l'arnaque car je ne m'y connaîs pas assez pour trouver le bon outil... Je te tiens au courant, merci encore

Même résultat

J'ai l'impression qu'il n'arrive pas à le charger. Message erreur croix blanche ds rond rouge D:\Document and Settings\Lou\Local Settings\Temporary Internet Files\Content\IES\4J8OP2WH\RSIT[1].exe n'est pas une application win32 valide

Voici, merci : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:30:34, on 21/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wuauclt.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\mshta.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\mHotkey.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Fingerprint Sensor\ATSwpNav.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Program Files\MIC\HAWAII\Hawaii.exe C:\WINDOWS\System32\svchost.exe C:\Apps\Softex\OmniPass\scureapp.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HiYo\bin\HiYo.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Magentic\bin\MgApp.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\SnapShot\SnapShot.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\IncrediMail\bin\IncMail.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Documents and Settings\Lou\Bureau\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.weather.com/weather/10day-lisle-jourdain-frpc0411 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [browserChoice] "C:\WINDOWS\system32\browserchoice.exe" /run O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: monxga32.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Startup: SnapShot.lnk = C:\Program Files\SnapShot\SnapShot.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - http://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Update Service (gupdate1c9aed76e7466f6) (gupdate1c9aed76e7466f6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 14085 bytes

Voici le rapport : Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Version de la base de données: 3930 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 20/04/2010 23:51:41 mbam-log-2010-04-20 (23-51-41).txt Type d'examen: Examen rapide Elément(s) analysé(s): 116567 Temps écoulé: 1 heure(s), 30 minute(s), 59 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\drivers\ybeyo.sys (Rootkit.Agent) -> Delete on reboot. D:\Documents and Settings\All Users\Application Data\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully. D:\Documents and Settings\Lou\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. Merci pour votre aide !!!

Merci ! ! ! J'ai déjà MBAM depuis environ quelques mois, suite à une précédente opération. Est-ce que je dois télécharger la nouvelle version malgré tout ?

Autant pour moi... MErci !

C'est bon j'ai posté l'analyse comme demandé, sur le forum sécurité, avec un lien pour ce post. Pouvez-vous me donner des nouvelles ? Merci d'avance !!

http://forum.zebulon.fr/uc-100-utilisee-pc...ml#entry1481720 Comme demandé par Bleuet, voici ci-dessus le lien sur mon sujet (PC devenu lent, peut-être problème de capacité (?)), et l'analyse ci-dessous. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:42:22, on 19/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\mHotkey.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Fingerprint Sensor\ATSwpNav.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Program Files\MIC\HAWAII\Hawaii.exe C:\Apps\Softex\OmniPass\scureapp.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HiYo\bin\HiYo.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Magentic\bin\MgApp.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SnapShot\SnapShot.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\IncrediMail\bin\IncMail.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe D:\Office\WINWORD.EXE D:\Documents and Settings\Lou\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.weather.com/weather/10day-lisle-jourdain-frpc0411 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: monxga32.exe O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Startup: SnapShot.lnk = C:\Program Files\SnapShot\SnapShot.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - http://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Update Service (gupdate1c9aed76e7466f6) (gupdate1c9aed76e7466f6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de liPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe Merci !!

Merci - Tu vois que tu parles plusieurs langues ("Mes langues: la mienne, et celles des autres quand je les connais " Ca reste du Chinois pour moi le highjackthis etc... Mais je pense vraiment plutôt à un problème de capacités PC... Il y a pas un truc que je pourrais regarder et te donner les tailles pour que tu me dises ce que tu en penses ? A moins que j'aie trop d'appli ouvertes en mémoire sns que je le sache ?

Bonjour chers Zébulons. Depuis hier, mon PC a ralenti nettement. Les logiciels s'ouvrent lentement, i-tunes bloque parfois carrément sur une chanson etc etc... J'ai redémarré, rien ne change. D'après le tableau de performance du gestionnaire des tâches, l'utilisation de l'UC est à 100 %, ce qui n'est pas le cas d'habitude il semble. Je me doute qu'il y a pas mal de sujets sur cette question, mais il y a tellement de possibilités d'après les posts, que je ne m'y retrouve pas, n'y connaissant pas grand-chose....... D'ailleurs, de façon générale je ne crois pas que mon PC soit assez puissant, il bloquait de temps en temps sur les videos i-tunes... mais bon, là c'est encore plus lent... Merci d'avance pour vos conseils, bonne journée

Cher Falkra, après quelques heures d'utilisation, tout marche toujours parfaitement !! Je ne sais pas ce que tu fais dans la vie à part bon samaritain le Dimanche, mais de grosses sociétés donneraient sans doute cher pour avoir quelqu'un comme toi dans leur équipe. Merci mille fois, vraiment

J'ai dû faire une erreur, j'ai bien copié le résultat de l'analyse, supprimé les 20 fichiers affectés, mais avant que je puisse coller le résultat, le PC a rebooté quand j'ai voulu fermer les navigateurs. D'ailleurs je ne comprenais aps très bien commment fermer les navigateurs (internet ?) et coller ensuite.... Donc j'ai perdu le texte de l'analyse, mais en tout cas depuis la session d'avant, comme tu l'avais écrit, tout va beaucoup beaucoup mieux !!!!! Que dois-je faire, avant de t'élever une statue ?????

Cher maître, Voici le rapport de Combofix, que dois-je faire maintenant ? ComboFix 09-12-26.05 - Lou 27/12/2009 17:30:45.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.473 [GMT 1:00] Lancé depuis: d:\documents and settings\Lou\Bureau\ComboFix.exe FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\cleanup.exe c:\program files\Altnet c:\program files\Altnet\Download Manager\asm.exe c:\program files\Altnet\Download Manager\asmps.dll c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\recycler\S-1-5-21-2671262923-3008502225-2811782023-1003 c:\recycler\S-1-5-21-3110697496-4227106032-516200530-1003 c:\windows\Fonts\acrsecB.fon c:\windows\Fonts\acrsecI.fon c:\windows\smdat32a.sys c:\windows\smdat32m.sys c:\windows\system32\drivers\H8SRTvweteqvsqp.sys c:\windows\system32\H8SRTcbbgpyvxbk.dat c:\windows\system32\H8SRTfsavhgracv.dll c:\windows\system32\H8SRTrbolglvayx.dll c:\windows\system32\krl32mainweq.dll c:\windows\system32\srcr.dat d:\docume~1\Lou\LOCALS~1\Temp\tmp2.tmp d:\docume~1\Lou\LOCALS~1\Temp\wscsvc32.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-27 au 2009-12-27 )))))))))))))))))))))))))))))))))))) . 2009-12-27 11:20 . 2009-12-27 11:20 0 ----a-w- C:\backup.reg 2009-12-27 11:20 . 2009-12-27 11:20 574 ----a-w- C:\cleanup.bat 2009-12-27 11:20 . 2009-12-27 11:20 135168 ----a-w- C:\zip.exe 2009-12-27 08:33 . 2009-12-27 08:33 -------- d-sh--w- d:\documents and settings\Lou\IETldCache 2009-12-27 08:31 . 2009-12-27 08:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-12-27 08:16 . 2009-10-29 07:42 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-12-27 08:16 . 2009-10-29 07:42 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-27 08:16 . 2009-12-27 08:16 -------- d-----w- c:\windows\ie8updates 2009-12-27 08:15 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-12-27 08:12 . 2009-12-27 08:14 -------- dc-h--w- c:\windows\ie8 2009-12-27 00:51 . 2009-12-27 00:52 -------- d-----w- c:\program files\Malware Defense 2009-12-23 19:59 . 2009-12-27 11:24 -------- d-----w- d:\documents and settings\Lou\Tracing 2009-12-23 19:40 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-12-23 19:39 . 2009-12-23 19:39 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-12-23 19:38 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-12-23 19:38 . 2009-12-23 19:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-12-23 19:36 . 2009-12-23 19:36 -------- d-----w- c:\program files\Microsoft 2009-12-23 19:36 . 2009-12-23 19:36 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-12-23 19:24 . 2009-12-23 19:24 -------- d-----w- c:\program files\Fichiers communs\Windows Live . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-27 11:29 . 2009-11-07 05:48 79488 ----a-w- d:\documents and settings\Lou\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-27 11:24 . 2006-01-31 09:59 -------- d-----w- c:\program files\Lx_cats 2009-12-27 07:26 . 2009-03-27 12:58 -------- d-----w- d:\documents and settings\All Users\Application Data\Google Updater 2009-12-24 20:07 . 2006-10-01 15:54 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-12-23 19:59 . 2006-02-16 09:36 74400 ----a-w- d:\documents and settings\Lou\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-23 19:40 . 2008-05-23 21:56 -------- d-----w- c:\program files\Windows Live 2009-12-23 19:39 . 2006-12-11 08:32 -------- d-----w- c:\program files\Windows Live Toolbar 2009-12-22 21:48 . 2006-02-14 17:21 -------- d-----w- c:\program files\Google 2009-12-05 19:21 . 2009-01-01 07:13 -------- d-----w- c:\program files\Free Video Converter 2009-11-04 07:27 . 2004-08-16 16:41 84766 ----a-w- c:\windows\system32\perfc00C.dat 2009-11-04 07:27 . 2004-08-16 16:41 510742 ----a-w- c:\windows\system32\perfh00C.dat 2009-10-30 10:53 . 2009-10-30 10:52 -------- d-----w- c:\program files\iTunes 2009-10-30 10:52 . 2007-07-08 18:15 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-10-30 10:52 . 2006-03-16 13:07 -------- d-----w- c:\program files\iPod 2009-10-30 10:41 . 2009-10-30 10:41 79144 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-29 07:42 . 2004-08-16 16:41 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:39 . 2004-08-16 16:41 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:39 . 2004-08-16 16:40 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-03 22:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:33 . 2004-08-16 16:40 271360 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:39 . 2004-08-16 16:41 150528 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:39 . 2004-08-16 16:40 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-04 07:32 . 2009-10-04 07:32 57984 ---ha-w- c:\windows\system32\mlfcache.dat 2009-05-06 17:30 . 2009-05-04 12:05 19165248 ----a-w- c:\program files\TomTomHOME2winlatest.exe 2009-01-06 09:33 . 2009-01-06 09:32 12814336 -c--a-w- c:\program files\mp10setup.exe 2008-10-19 15:09 . 2008-10-19 15:09 4865408 -c--a-w- c:\program files\Silverlight.2.0.exe 2008-10-19 15:07 . 2008-10-19 15:07 1837280 -c--a-w- c:\program files\snpvw.exe 2007-07-15 07:14 . 2007-07-15 06:51 49943864 -c--a-w- c:\program files\iTunesSetup.exe 2007-04-08 07:51 . 2007-04-08 07:38 7930697 -c--a-w- c:\program files\gimp-2.2.13-i586-setup-1.zip 2007-04-08 07:44 . 2007-04-08 07:44 5671965 -c--a-w- c:\program files\gtk+-2.10.6-1-setup.zip 2006-03-07 14:38 . 2006-03-07 14:37 8619112 -c--a-w- c:\program files\IncrediMailSetup_fr.exe 2006-02-14 17:21 . 2006-02-14 17:21 11817800 -c--a-w- c:\program files\GoogleEarth.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-25 251264] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 67128] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-27 39408] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144] "Malware Defense"="c:\program files\Malware Defense\mdefense.exe" [2009-12-27 1756088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "nwiz"="nwiz.exe" [2005-08-02 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016] "NECHotkey"="mHotkey.exe" [2005-10-12 548864] "SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888] "Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272] "MM_MODULE"="c:\program files\MIC\HAWAII\Hawaii.exe" [2005-07-12 90112] "OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2005-08-12 1859584] "Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-03 180269] "LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728] "lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512] "EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2008-06-11 148784] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-27 67128] Microsoft Office.lnk - d:\office\OSA9.EXE [1999-1-20 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 2005-08-12 16:01 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\\AOL 9.0\\aol.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"= "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\APPS\\Inventime\\my.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\incredimail_install.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\APPS\\skype\\phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Magentic\\bin\\MgImp.exe"= "c:\\Program Files\\Magentic\\bin\\Magentic.exe"= "c:\\Program Files\\Magentic\\bin\\MgApp.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [23/12/2009 20:40 54752] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/01/2006 20:07 799744] R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [01/01/1980 20736] S2 gupdate1c9aed76e7466f6;Google Update Service (gupdate1c9aed76e7466f6);c:\program files\Google\Update\GoogleUpdate.exe [27/03/2009 13:27 133104] S3 bDMusicb;bDMusicb;\??\d:\docume~1\Lou\LOCALS~1\Temp\bDMusicb.sys --> d:\docume~1\Lou\LOCALS~1\Temp\bDMusicb.sys [?] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [16/08/2004 17:41 12800] . ------- Examen supplémentaire ------- . uStart Page = hxxp://mystart.incredimail.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost;*.local IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxp://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-EPSON AL-C3000 Advanced - c:\windows\System32\spool\DRIVERS\W32X86\3\E_L17362.EXE AddRemove-bddaa - d:\documents and settings\caro\local settings\application data\bddaa.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-27 17:36 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run EPSON AL-C3000 Advanced = c:\windows\System32\spool\DRIVERS\W32X86\3\E_L17362.EXE /A "c:\windows\system32\E_L26.tmp"??? ??????????????>??w` Y?????\???\???D???????????????????\??????????w????????\??????????????????????????????????wp??????w????????????????????????????????? ?????????w??_ Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(576) c:\apps\Softex\OmniPass\opxpgina.dll . Heure de fin: 2009-12-27 17:38:18 ComboFix-quarantined-files.txt 2009-12-27 16:38 Avant-CF: 134 018 580 480 octets libres Après-CF: 134 169 976 832 octets libres - - End Of File - - 7BCF813C382DCE9846E152016E749EF1

Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Voici le résultat de Avenger: Beginning to process script file: Rootkit scan active. Hidden driver "H8SRTd.sys" found! ImagePath: \systemroot\system32\drivers\H8SRTvweteqvsqp.sys Start Type: 4 (Disabled) Rootkit scan completed. Driver "H8SRTd.sys" disabled successfully. Driver "H8SRTd.sys" deleted successfully. Completed script processing. ******************* Finished! Terminate. Est-ce que je dois lancer combofix ? Merci encore !!!!!!! Je reprends espoir !!!!!! (un de + sans doute...)

Ca y est, le scan est passé GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2009-12-27 12:02:40 Windows 5.1.2600 Service Pack 3 Running: yipgrgro.exe; Driver: D:\DOCUME~1\Lou\LOCALS~1\Temp\ffrdqpog.sys ---- System - GMER 1.0.15 ---- Code 86F36DE8 ZwEnumerateKey Code 870780F0 ZwFlushInstructionCache Code 86F810AE IofCallDriver Code 86EAB966 IofCompleteRequest ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\H8SRTrbolglvayx.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [776] 0x00DF0000 Library \\?\globalroot\systemroot\system32\H8SRTrbolglvayx.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2984] 0x10000000 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\H8SRTvweteqvsqp.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTvweteqvsqp.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTvweteqvsqp.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTfsavhgracv.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcbbgpyvxbk.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTrbolglvayx.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTvweteqvsqp.sys Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTvweteqvsqp.sys Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTfsavhgracv.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTcbbgpyvxbk.dat Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTrbolglvayx.dll ---- EOF - GMER 1.0.15 ----

Voici le copier-coller: Bonjour Falkra ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:34:49, on 27/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Apps\Softex\OmniPass\Omniserv.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Apps\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\mHotkey.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Fingerprint Sensor\ATSwpNav.exe C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MIC\HAWAII\Hawaii.exe C:\Apps\Softex\OmniPass\scureapp.exe C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\Lexmark 4300 Series\ezprint.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\lxcecoms.exe C:\Program Files\HiYo\bin\HiYo.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe D:\DOCUME~1\Lou\LOCALS~1\Temp\richtx64.exe C:\Program Files\Malware Defense\mdefense.exe C:\PROGRA~1\Magentic\bin\MgApp.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SnapShot\SnapShot.exe C:\Program Files\Logitech\Video\FxSvr2.exe D:\DOCUME~1\Lou\LOCALS~1\Temp\wscsvc32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\IncrediMail\bin\IncMail.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Internet Explorer\Iexplore.exe D:\Documents and Settings\Lou\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [EPSON AL-C3000 Advanced] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_L17362.EXE /A "C:\WINDOWS\system32\E_L26.tmp" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [richtx64.exe] D:\DOCUME~1\Lou\LOCALS~1\Temp\richtx64.exe O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe O4 - Startup: SnapShot.lnk = C:\Program Files\SnapShot\SnapShot.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = D:\Office\OSA9.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - http://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Update Service (gupdate1c9aed76e7466f6) (gupdate1c9aed76e7466f6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 14583 bytes En revanche, pour le moment je n'arrive pas à lancer le GMER Rootkit Scanner... Je vais essayer de fermer toutes les autres fenêtre si c'est ça qui coince....

Bonjour ! Depuis hier soir, cette saleté de virus Malware Defense a infesté mon PC... Ca n'a pas l'air trop grave pour le moment, à part les fenêtres intempestives. Je ne suis pas très calé en PC, voire pas patient du tout en fait... Quand je vois les pages entières de manip, je suis admiratif Existe-t-il une solution automatisée, même payante ? Ou sinon, est-ce qu'une petite société informatique locale peut se charger de nettoyer ce genre de problème ? En tout cas, félicitations pour votre pertinence et votre réactivité... Bon Dimanche.

Bonjour Falkra ! J'ai le même problème (qui me rend fou) Malware Defense. Je n'y connaîs pas grand-chose en PC. Existe-t-il une solution automatisée, ou dois-je penser à filer chez un réparateur ? Je ne me sens pas du tout de me lancer dans le genre de manip du 21ème siècle que tu décris tellement bien pourtant ... !!... Merci ! ! !