Vatthana

Merci encore !

Ca semble plus que que SUPER OK ! ) En tt cas merci infiniment pour ton aide ! :super: Il ne me reste plus qu'à installer explorer 8

Voici le dernier rapport de HiJackthis : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:58:44, on 22/09/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17080) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Fininfo\Fininfo VPN\cvpnd.exe C:\WINDOWS\system32\DWRCS.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\WINDOWS\system32\DWRCST.exe C:\Program Files\Sophos\Remote Management System\RouterNT.exe C:\WINDOWS\system32\StacSV.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Program Files\Sophos\AutoUpdate\almon.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Trust\Ami Mouse 300 Dual Scroll\Amoumain.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\OCS Inventory Agent\ocsservice.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe D:\Download\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://webdefence.global.blackspider.com:8082/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=webdefence.global.blackspider.com:8081 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fininfo.grp;*.fininfo.hbg;*.fininfo.fr;*.fininfo.com;localhost;127.0.0.1;172.*.*.*;128.*.*.*;168.*.*.*;212.*.*.*;153.*.*.*;*.portail;*.fininfo.fr.grp;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {94B98FD8-D1F7-467C-9BFE-17A5444D7273} - c:\windows\system32\dlo8.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.exe O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE O4 - Global Startup: Fininfo VPN Client.lnk = C:\Fininfo\Fininfo VPN\vpngui.exe O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll O15 - Trusted Zone: http://*.canalfininfo O15 - Trusted Zone: http://*.epmapp O15 - Trusted Zone: http://*.epmapp-bck O15 - Trusted Zone: http://iddprod.tkfweb.com O15 - Trusted Zone: http://www.tkfweb.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263594361906 O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.normandie-webcam.com/plugins/h263ctrl20013/h263ctrl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = int.fininfo.grp O17 - HKLM\Software\..\Telephony: DomainName = int.fininfo.grp O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = int.fininfo.grp O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Fininfo\Fininfo VPN\cvpnd.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - OCS Inventory NG - Welcome to OCS Inventory NG web site ! - C:\Program Files\OCS Inventory Agent\ocsservice.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Sophos Device Control Service - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 11555 bytes Merci :super:

Merci bcp pour toute ton aide précieuse Appolo Voici le dernier rapport de RSIT : Logfile of random's system information tool 1.08 (written by random/random) Run by VATTHANAL at 2010-09-22 12:11:51 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 19 GB (55%) free of 35 GB Total RAM: 1918 MB (54% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Contrôle AV Clients.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}] Sophos Web Content Scanner - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2010-08-31 246000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94B98FD8-D1F7-467C-9BFE-17A5444D7273}] c:\windows\system32\dlo8.dll [2004-08-05 739328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-31 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-31 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504] "Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-10-24 2220032] "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "Sophos AutoUpdate Monitor"=C:\Program Files\Sophos\AutoUpdate\almon.exe [2010-06-04 439536] "SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-05-14 248552] "TrustInstaller"=E:\Setup.exe [] "WheelMouse"=Amoumain.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] "TClockEx"=C:\Program Files\TClockEx\TCLOCKEX.EXE [2000-03-09 89088] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Fininfo VPN Client.lnk - C:\Fininfo\Fininfo VPN\vpngui.exe Giganews Accelerator.lnk - C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2007-07-27 118784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoWebServices"=1 "NoOnlinePrintsWizard"=1 "NoPublishingWizard"=1 "NoMSAppLogo5ChannelNotify"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv" "D:\Ftp32\WS_FTP32.EXE"="D:\Ftp32\WS_FTP32.EXE:*:Enabled:WS_FTP32" "C:\Program Files\adslTV\vlc.exe"="C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" "C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Program Files\WebCamera Plus\WebCamPlusSrv.exe"="C:\Program Files\WebCamera Plus\WebCamPlusSrv.exe:*:Enabled:WebCamera Plus Service" "C:\Program Files\WebCamera Plus\camviewer.exe"="C:\Program Files\WebCamera Plus\camviewer.exe:*:Enabled:WebCamera Plus" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare" ======File associations====== .txt - open - "%ProgramFiles%\Windows NT\Accessoires\WORDPAD.EXE" "%1" ======List of files/folders created in the last 1 months====== 2010-09-22 12:11:51 ----D---- C:\rsit 2010-09-22 11:57:57 ----N---- C:\WINDOWS\system32\SAVRKBootTasks.sys 2010-09-22 09:38:03 ----A---- C:\TDSSKiller.2.4.2.1_22.09.2010_09.38.03_log.txt 2010-09-20 17:10:12 ----D---- C:\Program Files\TClockEx 2010-09-20 11:21:24 ----A---- C:\WINDOWS\avisplitter.ini 2010-09-20 11:21:23 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2010-09-20 11:21:23 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2010-09-20 11:21:23 ----A---- C:\WINDOWS\system32\xvidcore.dll 2010-09-20 11:21:23 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2010-09-20 11:21:23 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2010-09-19 17:20:02 ----A---- C:\Ad-Report-CLEAN[1].txt 2010-09-19 17:13:07 ----A---- C:\Ad-Report-SCAN[1].txt 2010-09-19 17:12:44 ----D---- C:\Program Files\Ad-Remover 2010-09-19 11:57:31 ----D---- C:\Documents and Settings\vatthanal\Application Data\Malwarebytes 2010-09-19 11:57:23 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-09-19 11:57:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-09-19 11:57:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-09-19 11:57:22 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-09-18 21:15:36 ----D---- C:\Program Files\ma-config.com 2010-09-18 21:15:36 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2010-09-18 20:40:47 ----D---- C:\Program Files\trend micro 2010-09-17 11:50:07 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2010-09-17 11:49:40 ----D---- C:\Program Files\Fichiers communs\Apple 2010-09-17 11:49:22 ----D---- C:\Program Files\Apple Software Update 2010-09-16 00:13:10 ----D---- C:\Program Files\CABviaActiveSync 2010-09-02 19:38:33 ----D---- C:\Program Files\Giganews Accelerator 2010-09-01 23:36:01 ----D---- C:\Program Files\Newsbin 2010-09-01 14:22:15 ----D---- C:\Program Files\QuickPar 2010-09-01 09:43:25 ----D---- C:\Program Files\WebAndPlay 2010-08-31 18:07:04 ----D---- C:\Program Files\Trust 2010-08-31 16:54:18 ----D---- C:\WINDOWS\pss 2010-08-31 16:17:07 ----D---- C:\Documents and Settings\vatthanal\Application Data\Mozilla 2010-08-31 16:16:56 ----D---- C:\Program Files\Mozilla Firefox 2010-08-31 15:42:21 ----A---- C:\WINDOWS\system32\javaws.exe 2010-08-31 15:42:21 ----A---- C:\WINDOWS\system32\javaw.exe 2010-08-31 15:42:21 ----A---- C:\WINDOWS\system32\java.exe 2010-08-31 14:57:01 ----D---- C:\WINDOWS\ie7updates 2010-08-31 14:42:26 ----D---- C:\WINDOWS\ie7 2010-08-31 14:17:00 ----D---- C:\Program Files\QuickTime 2010-08-31 10:22:43 ----D---- C:\Program Files\Telekurs 2010-08-31 10:22:28 ----D---- C:\telekursid 2010-08-31 10:07:05 ----A---- C:\WINDOWS\system32\sdccoinstaller.dll 2010-08-31 10:06:49 ----D---- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence 2010-08-31 10:06:02 ----D---- C:\Program Files\Fichiers communs\Cisco Systems 2010-08-31 10:05:52 ----A---- C:\WINDOWS\system32\SophosBootTasks.exe 2010-08-31 10:03:52 ----A---- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys 2010-08-31 10:03:25 ----A---- C:\WINDOWS\system32\drivers\savonaccessfilter.sys 2010-08-31 10:03:02 ----A---- C:\WINDOWS\system32\drivers\SophosBootDriver.sys 2010-08-31 10:02:52 ----A---- C:\WINDOWS\system32\drivers\sdcfilter.sys 2010-08-31 09:41:50 ----HD---- C:\WINDOWS\system32\dwrcssft 2010-08-31 09:41:41 ----A---- C:\WINDOWS\system32\DWRCCMDError.ini 2010-08-30 17:38:11 ----A---- C:\WINDOWS\system32\MRT.INI 2010-08-30 15:26:18 ----SHD---- C:\Config.Msi 2010-08-30 15:22:10 ----A---- C:\WINDOWS\system32\machine_ID.txt ======List of files/folders modified in the last 1 months====== 2010-09-22 12:11:34 ----SHD---- C:\System Volume Information 2010-09-22 12:05:31 ----D---- C:\WINDOWS\Temp 2010-09-22 12:03:35 ----D---- C:\WINDOWS\Prefetch 2010-09-22 12:02:56 ----D---- C:\WINDOWS 2010-09-22 11:59:39 ----D---- C:\WINDOWS\system32\drivers 2010-09-22 11:59:39 ----D---- C:\WINDOWS\addins 2010-09-22 11:59:05 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-09-22 11:57:57 ----D---- C:\WINDOWS\system32 2010-09-22 09:53:15 ----D---- C:\Program Files\Sophos 2010-09-22 09:36:00 ----D---- C:\WINDOWS\system32\Restore 2010-09-22 09:19:02 ----D---- C:\WINDOWS\security 2010-09-22 09:09:40 ----D---- C:\Program Files\OCS Inventory Agent 2010-09-21 20:49:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-09-21 17:18:54 ----D---- C:\WINDOWS\system32\CatRoot2 2010-09-21 11:07:15 ----HD---- C:\WINDOWS\inf 2010-09-20 23:55:45 ----RD---- C:\Program Files 2010-09-20 18:23:44 ----A---- C:\WINDOWS\WS_FTP.INI 2010-09-20 11:21:41 ----D---- C:\Program Files\K-Lite Codec Pack 2010-09-19 17:21:56 ----SHD---- C:\WINDOWS\Installer 2010-09-19 15:10:53 ----SHD---- C:\WINDOWS\CSC 2010-09-17 18:50:05 ----RSH---- C:\boot.ini 2010-09-17 18:50:04 ----A---- C:\WINDOWS\system.ini 2010-09-17 18:49:36 ----A---- C:\WINDOWS\win.ini 2010-09-17 11:49:40 ----D---- C:\Program Files\Fichiers communs 2010-09-17 11:49:30 ----SD---- C:\WINDOWS\Tasks 2010-09-16 20:59:26 ----D---- C:\WINDOWS\Debug 2010-09-16 00:19:26 ----D---- C:\WINDOWS\system32\CatRoot 2010-09-16 00:13:26 ----D---- C:\Program Files\Microsoft ActiveSync 2010-09-15 16:12:08 ----SD---- C:\Documents and Settings\vatthanal\Application Data\Microsoft 2010-09-15 12:03:39 ----D---- C:\Program Files\SIX Telekurs 2010-09-15 09:50:23 ----A---- C:\WINDOWS\system32\MRT.exe 2010-09-15 09:50:16 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2010-09-15 09:47:59 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-09-15 09:47:54 ----HD---- C:\WINDOWS\$hf_mig$ 2010-09-14 09:17:09 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-09-13 17:28:07 ----A---- C:\WINDOWS\TKClientReporter.ini 2010-09-12 12:07:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-09-11 12:21:43 ----A---- C:\moduleName.txt 2010-09-06 11:46:24 ----D---- C:\WINDOWS\network diagnostic 2010-09-06 11:38:26 ----D---- C:\Documents and Settings\vatthanal\Application Data\RT-DS Viewer 1.5 2010-09-04 13:15:41 ----D---- C:\WINDOWS\system32\Macromed 2010-09-03 18:03:29 ----D---- C:\Program Files\MDFStream 2010-09-02 14:07:08 ----D---- C:\Program Files\FormatFactory 2010-09-01 22:14:28 ----D---- C:\Program Files\WebCamera Plus 2010-09-01 15:40:52 ----D---- C:\Program Files\WinRAR 2010-08-31 18:37:58 ----D---- C:\Program Files\Fichiers communs\Java 2010-08-31 15:42:02 ----A---- C:\WINDOWS\system32\deployJava1.dll 2010-08-31 15:41:58 ----D---- C:\Program Files\Java 2010-08-31 15:14:49 ----D---- C:\Program Files\Tintii 2010-08-31 15:11:23 ----D---- C:\Program Files\adslTV 2010-08-31 14:57:16 ----D---- C:\WINDOWS\system32\fr-fr 2010-08-31 14:57:16 ----D---- C:\Program Files\Internet Explorer 2010-08-31 14:56:32 ----D---- C:\Program Files\Google 2010-08-31 14:45:41 ----D---- C:\WINDOWS\Media 2010-08-31 14:45:41 ----D---- C:\WINDOWS\Help 2010-08-31 10:22:43 ----HD---- C:\Program Files\InstallShield Installation Information 2010-08-31 10:05:40 ----D---- C:\Documents and Settings\All Users\Application Data\Sophos 2010-08-31 09:41:50 ----A---- C:\WINDOWS\system32\DWRCS.INI 2010-08-30 20:24:30 ----D---- C:\WINDOWS\Microsoft.NET 2010-08-30 20:23:21 ----RSD---- C:\WINDOWS\assembly 2010-08-30 17:39:05 ----D---- C:\Program Files\CCleaner 2010-08-30 17:38:39 ----D---- C:\Program Files\Movie Maker 2010-08-30 17:30:22 ----D---- C:\WINDOWS\WinSxS 2010-08-30 17:15:11 ----D---- C:\WINDOWS\system32\config 2010-08-30 17:14:43 ----D---- C:\WINDOWS\system32\wbem 2010-08-30 17:14:41 ----D---- C:\WINDOWS\Registration ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 ohci1394;Contrôleurs hôte IEEE 1394 compatible OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696] R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520] R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver; C:\WINDOWS\system32\DRIVERS\dwvkbd.sys [2007-02-15 26624] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2010-08-31 151936] R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2010-08-31 24064] R1 SAVRKBootTasks;Boot Tasks Driver; \??\C:\WINDOWS\system32\SAVRKBootTasks.sys [] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032] R2 CVPNDRVA;Fininfo IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752] R3 Amps2prt;PS/2 Port Mouse Filter Driver; C:\WINDOWS\System32\Drivers\Amps2prt.sys [2000-11-03 10122] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-07-27 2371584] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604] R3 DwMirror;DwMirror; C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [2007-02-07 3712] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 sdcfilter;sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [2010-08-31 23928] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2004-12-13 39904] S3 AteksoftAudio;WebCamera Plus Audio; C:\WINDOWS\system32\drivers\ateksoftaudio.sys [2009-07-14 12288] S3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-24 1287552] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\20.tmp [] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 usb_rndisx;Carte ISDN USB; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800] S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2010-08-31 14976] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-07-27 483328] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Fininfo\Fininfo VPN\cvpnd.exe [2004-08-04 1445912] R2 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\system32\DWRCS.EXE [2005-08-24 160256] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-31 153376] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 msfkbbbk;SophosBootController; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208] R2 OCS INVENTORY;OCS INVENTORY SERVICE; C:\Program Files\OCS Inventory Agent\ocsservice.exe [2008-04-21 69632] R2 SAVAdminService;Créateur de rapports d'état Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-09-01 163056] R2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2010-08-31 97520] R2 Sophos Agent;Sophos Agent; C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe [2010-08-31 282624] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2010-06-04 222448] R2 Sophos Message Router;Sophos Message Router; C:\Program Files\Sophos\Remote Management System\RouterNT.exe [2010-08-31 806912] R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-05-10 94208] R2 swi_service;Sophos Web Intelligence Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-09-01 1531632] R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-10-24 24064] R3 Sophos Device Control Service;Sophos Device Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe [2010-08-31 551152] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-20 136176] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-24 182768] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2010-05-11 271728] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240] -----------------EOF----------------- Dois je faire aussi HiJackThis ?

j'ai activé la suppresseion via MBAM, voici le nouveau rapport : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4650 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 22/09/2010 11:56:23 mbam-log-2010-09-22 (11-56-23).txt Type d'examen: Examen rapide Elément(s) analysé(s): 154405 Temps écoulé: 9 minute(s), 56 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\ConnectionsTab (Hijack.ConnectionControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\drivers\chtygigt.sys (Rootkit.Agent.BO) -> Quarantined and deleted successfully.

Voici le rapport de MBAM : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4650 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 22/09/2010 11:39:56 mbam-log-2010-09-22 (11-39-56).txt Type d'examen: Examen rapide Elément(s) analysé(s): 154405 Temps écoulé: 9 minute(s), 56 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\ConnectionsTab (Hijack.ConnectionControl) -> Bad: (1) Good: (0) -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\drivers\chtygigt.sys (Rootkit.Agent.BO) -> No action taken.

J'ai lancé "Sophos Anti-Rootkit" et il m'a détecté un "Troj/BoaxxE-Fam" sur C:\WINDOWS\system32\drivers\chtygigt.sys Je le détruis ? Merci

Bonjour Appolo, j'ai lancé TDSSKiller comme conseillé et en scannant j'ai "infection : not found"

voici ce que me détecte maintenant Sophos :Troj/TDL3Mem-A :-? C'est grave ?

Pas de rapport après avoir lancé OTM.exe En revanche j'ai refait un HiJackthis dont voici le rapport : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:08:53, on 21/09/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17080) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe C:\Program Files\Sophos\Remote Management System\RouterNT.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Sophos\AutoUpdate\almon.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Trust\Ami Mouse 300 Dual Scroll\Amoumain.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe D:\Download\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://webdefence.global.blackspider.com:8082/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=webdefence.global.blackspider.com:8081 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fininfo.grp;*.fininfo.hbg;*.fininfo.fr;*.fininfo.com;localhost;127.0.0.1;172.*.*.*;128.*.*.*;168.*.*.*;212.*.*.*;153.*.*.*;*.portail;*.fininfo.fr.grp;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {94B98FD8-D1F7-467C-9BFE-17A5444D7273} - c:\windows\system32\dlo8.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.exe O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE O4 - Global Startup: Fininfo VPN Client.lnk = C:\Fininfo\Fininfo VPN\vpngui.exe O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll O15 - Trusted Zone: http://*.canalfininfo O15 - Trusted Zone: http://*.epmapp O15 - Trusted Zone: http://*.epmapp-bck O15 - Trusted Zone: http://iddprod.tkfweb.com O15 - Trusted Zone: http://www.tkfweb.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263594361906 O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.normandie-webcam.com/plugins/h263ctrl20013/h263ctrl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = int.fininfo.grp O17 - HKLM\Software\..\Telephony: DomainName = int.fininfo.grp O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = int.fininfo.grp O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Fininfo\Fininfo VPN\cvpnd.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - OCS Inventory NG - Welcome to OCS Inventory NG web site ! - C:\Program Files\OCS Inventory Agent\ocsservice.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Sophos Device Control Service - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 10980 bytes Merci

Et voici le dernier rapport de HiJackThis : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:11:25, on 21/09/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17080) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Fininfo\Fininfo VPN\cvpnd.exe C:\WINDOWS\system32\DWRCS.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\OCS Inventory Agent\ocsservice.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\WINDOWS\system32\DWRCST.exe C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe C:\Program Files\Sophos\Remote Management System\RouterNT.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Sophos\AutoUpdate\almon.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Trust\Ami Mouse 300 Dual Scroll\Amoumain.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe D:\Download\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://webdefence.global.blackspider.com:8082/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=webdefence.global.blackspider.com:8081 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fininfo.grp;*.fininfo.hbg;*.fininfo.fr;*.fininfo.com;localhost;127.0.0.1;172.*.*.*;128.*.*.*;168.*.*.*;212.*.*.*;153.*.*.*;*.portail;*.fininfo.fr.grp;;;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {94B98FD8-D1F7-467C-9BFE-17A5444D7273} - c:\windows\system32\dlo8.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.exe O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE O4 - Global Startup: Fininfo VPN Client.lnk = C:\Fininfo\Fininfo VPN\vpngui.exe O4 - Global Startup: Giganews Accelerator.lnk = C:\Program Files\Giganews Accelerator\GiganewsAccelerator.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll O10 - Unknown file in Winsock LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll O15 - Trusted Zone: http://*.canalfininfo O15 - Trusted Zone: http://*.epmapp O15 - Trusted Zone: http://*.epmapp-bck O15 - Trusted Zone: http://iddprod.tkfweb.com O15 - Trusted Zone: http://www.tkfweb.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263594361906 O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.normandie-webcam.com/plugins/h263ctrl20013/h263ctrl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = int.fininfo.grp O17 - HKLM\Software\..\Telephony: DomainName = int.fininfo.grp O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = int.fininfo.grp O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Fininfo\Fininfo VPN\cvpnd.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\system32\DWRCS.EXE O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - OCS Inventory NG - Welcome to OCS Inventory NG web site ! - C:\Program Files\OCS Inventory Agent\ocsservice.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Sophos Device Control Service - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 11445 bytes Thanks :super:

Voici le rapport après 4h de scan via "Virus Removal Tool" : Autoscan: completed 2 minutes ago (events: 14, objects: 636385, time: 03:58:49) 20/09/2010 19:47:35 Task started 20/09/2010 20:57:46 Detected: Trojan-Dropper.Win32.Agent.cfzw G:\SOFTWARE\Office 2007\I386\VSP.EX_/VSP.exe 20/09/2010 22:33:06 Untreated: Trojan-Dropper.Win32.Agent.cfzw G:\SOFTWARE\Office 2007\I386\VSP.EX_/VSP.exe Write not supported 20/09/2010 23:38:57 Detected: Trojan-Dropper.Win32.Agent.cfzw G:\SOFTWARE\Office 2007\I386\VSP.EX_/VSP.exe 20/09/2010 23:38:57 Untreated: Trojan-Dropper.Win32.Agent.cfzw G:\SOFTWARE\Office 2007\I386\VSP.EX_/VSP.exe Write not supported 20/09/2010 23:46:25 Task completed Merci

Oui j'avais détruit manuellement les fichiers détectés par kaspersky et après j'ai lancé VirutKiller. Ce soir je vais lancer le virusRemoval et je te tiens au courant ! Merci encore pour ton aide

Bonjour Appolo, J'ai lancé VirutKiller, et rien n'a été détecté et de plus je n'ai pas eu en retour de rapport ? Est normal ? Merci pour ton aide

Après 4h00 de scan voici enfin le rapport : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, September 19, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, September 19, 2010 15:51:48 Records in database: 4225486 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 61713 Threats found: 3 Infected objects found: 4 Suspicious objects found: 0 Scan duration: 03:53:10 File name / Threat / Threats count C:\Program Files\Tintii\Tintii.photo.filter.v2.2.1\keyfilemaker.rar Infected: Virus.Win32.Virut.ce 1 D:\HTC DIAMOND\igo\PACK ASTUCES IGO.RAR Infected: Trojan-Spy.Win32.Delf.joz 1 D:\HTC DIAMOND\mobiolawebcam_wm_25_hgo.zip Infected: Trojan-Dropper.Win32.Small.fnr 1 D:\HTC DIAMOND\mobiolawebcam_wm_25_setup.exe Infected: Trojan-Dropper.Win32.Small.fnr 1 Selected area has been scanned.