lvirgos

il semblerait que ce soit bon! mais j'aimerai comprendre pourquoi!...une idée? merci

j'ai téléchargé combofix deux fois car le premier exe a été lancé mais était corrompu tous les softs ont été lancées depuis mes documents\...

otl.txt OTL logfile created on: 10/11/2010 16:56:46 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\virginie\Mes documents\PB-SPOOL Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 68.77 Gb Total Space | 52.91 Gb Free Space | 76.94% Space Free | Partition Type: NTFS Drive D: | 68.56 Gb Total Space | 68.47 Gb Free Space | 99.86% Space Free | Partition Type: NTFS Drive S: | 149.04 Gb Total Space | 99.76 Gb Free Space | 66.93% Space Free | Partition Type: NTFS Drive X: | 149.04 Gb Total Space | 99.76 Gb Free Space | 66.93% Space Free | Partition Type: NTFS Drive Y: | 149.04 Gb Total Space | 99.76 Gb Free Space | 66.93% Space Free | Partition Type: NTFS Drive Z: | 149.04 Gb Total Space | 99.76 Gb Free Space | 66.93% Space Free | Partition Type: NTFS Computer Name: PC-EXPED | User Name: virginie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/11/10 16:56:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\virginie\Mes documents\PB-SPOOL\OTL.exe PRC - [2009/11/25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/01/17 11:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe ========== Modules (SafeList) ========== MOD - [2010/11/10 16:56:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\virginie\Mes documents\PB-SPOOL\OTL.exe MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2009/11/25 00:50:32 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll ========== Win32 Services (SafeList) ========== SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2007/01/17 11:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005/09/19 23:00:32 | 001,058,408 | ---- | M] (Seagull Scientific, Inc) [On_Demand | Stopped] -- C:\Program Files\Seagull\BarTender\7.72\CmdrSrv.exe -- (Commander Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psdvdisk.sys -- (psdvdisk) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psdfilter.sys -- (psdfilter) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\osaio.sys -- (osaio) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\netlimiter.sys -- (netlimiter) DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\virginie\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2009/11/25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009/11/25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2009/11/25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009/11/25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009/04/27 09:01:59 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt) DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/02/15 05:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2008/01/29 12:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/01/24 18:07:56 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2007/07/02 02:03:50 | 000,094,592 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006/08/28 03:30:04 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2004/07/14 11:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0309&m=veriton_m460 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0309&m=veriton_m460 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2004/08/05 06:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation) O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [seagull Drivers] C:\WINDOWS\ssdal_nc.exe () O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.100.100.33 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = procalp.local O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\virginie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\virginie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/01/24 17:31:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183584330711040) ========== Files/Folders - Created Within 30 Days ========== [2010/11/10 16:48:59 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll [2010/11/10 16:48:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010/11/10 16:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java [2010/11/10 16:45:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/11/10 16:45:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/11/10 16:45:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/11/10 16:45:54 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/11/10 16:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/11/10 16:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010/11/10 16:38:35 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010/11/10 16:35:31 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/11/10 16:34:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010/11/10 16:34:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/11/10 16:34:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/11/10 16:34:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/11/10 16:34:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/11/10 16:33:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/11/10 16:33:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/11/09 08:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\virginie\Mes documents\PB-SPOOL [2010/11/05 17:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\virginie\Mes documents\ProcessExplorer [2010/11/05 17:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010/11/05 17:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/11/05 17:14:39 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/11/05 17:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\virginie\Application Data\Sun [2010/11/05 17:11:57 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\virginie\Mes documents\JavaSetup6u22.exe [2010/11/05 17:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\virginie\Application Data\Malwarebytes [2010/11/05 17:08:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/05 17:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/11/05 17:08:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/05 17:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/05 17:00:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\virginie\Recent [2010/11/04 09:18:52 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010/11/04 09:18:52 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010/11/04 09:18:26 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010/11/03 13:04:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010/11/03 12:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2010/11/03 12:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr [2010/11/03 12:57:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2010/11/03 12:54:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2010/11/03 12:51:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010/10/29 10:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\virginie\Mes documents\Mes fichiers reçus [2010/10/29 10:00:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2010/10/28 18:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/04/07 16:56:45 | 038,811,470 | ---- | C] (inkscape.org) -- C:\Program Files\Inkscape-0.47-3.exe [2009/03/01 18:19:48 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\INTEROP.IWSHRUNTIMELIBRARY.DLL [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/10 16:47:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/11/10 16:45:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/11/10 16:45:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/11/10 16:45:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/11/10 16:45:37 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010/11/10 16:45:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/11/10 16:40:50 | 000,000,014 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AdobeUpdater.rbt [2010/11/10 16:39:55 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 8.lnk [2010/11/10 16:35:34 | 000,000,328 | RHS- | M] () -- C:\boot.ini [2010/11/10 16:34:42 | 2137,247,744 | -HS- | M] () -- C:\hiberfil.sys [2010/11/10 16:34:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/11/10 16:29:49 | 000,036,584 | ---- | M] () -- C:\Documents and Settings\virginie\.recently-used.xbel [2010/11/10 16:29:44 | 000,000,034 | -H-- | M] () -- C:\WINDOWS\sys2223 [2010/11/10 16:29:44 | 000,000,034 | -H-- | M] () -- C:\WINDOWS\stmp612 [2010/11/10 16:29:44 | 000,000,034 | -H-- | M] () -- C:\WINDOWS\kds26 [2010/11/10 16:29:44 | 000,000,034 | -H-- | M] () -- C:\WINDOWS\drvr163 [2010/11/08 17:55:45 | 001,408,790 | ---- | M] () -- C:\Documents and Settings\virginie\Bureau\Sans titre.bmp [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe [2010/11/05 17:32:55 | 001,729,668 | ---- | M] () -- C:\Documents and Settings\virginie\Mes documents\ProcessExplorer.zip [2010/11/05 17:12:01 | 000,874,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\virginie\Mes documents\JavaSetup6u22.exe [2010/11/05 17:08:47 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/11/05 13:15:03 | 000,635,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/11/05 12:54:23 | 008,904,704 | ---- | M] () -- C:\Documents and Settings\virginie\Bureau\Gesfact.mde [2010/11/05 09:10:08 | 000,567,200 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat [2010/11/05 09:10:08 | 000,489,732 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/05 09:10:08 | 000,108,900 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat [2010/11/05 09:10:08 | 000,089,812 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/11/03 13:05:34 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010/11/03 12:54:24 | 000,252,240 | RHS- | M] () -- C:\ntldr [2010/11/02 11:50:10 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\virginie\Bureau\Favoris réseau.lnk [2010/10/29 10:04:00 | 001,605,632 | -H-- | M] () -- C:\ffastun0.ffx [2010/10/29 10:04:00 | 000,491,520 | -H-- | M] () -- C:\ffastun.ffl [2010/10/29 10:04:00 | 000,425,984 | -H-- | M] () -- C:\ffastun.ffo [2010/10/29 10:04:00 | 000,004,413 | -H-- | M] () -- C:\ffastun.ffa [2010/10/22 17:37:35 | 000,285,696 | ---- | M] () -- C:\Documents and Settings\virginie\Bureau\BAT int.doc [2010/10/22 15:21:21 | 000,254,167 | ---- | M] () -- C:\Documents and Settings\virginie\Mes documents\2010 10 07 - Verthyge mains verso 5 litres.btw [2010/10/21 17:17:15 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\virginie\Bureau\BAT D60 int.doc [2010/10/18 11:04:24 | 000,007,680 | ---- | M] () -- C:\WINDOWS\virginie.pcb [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/10 16:40:50 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AdobeUpdater.rbt [2010/11/10 16:39:55 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 8.lnk [2010/11/10 16:35:34 | 000,000,212 | ---- | C] () -- C:\Boot.bak [2010/11/10 16:35:31 | 000,263,488 | RHS- | C] () -- C:\cmldr [2010/11/10 16:34:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/11/10 16:34:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/11/10 16:34:07 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/11/10 16:34:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/11/10 16:34:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/11/10 16:29:49 | 000,036,584 | ---- | C] () -- C:\Documents and Settings\virginie\.recently-used.xbel [2010/11/08 17:55:45 | 001,408,790 | ---- | C] () -- C:\Documents and Settings\virginie\Bureau\Sans titre.bmp [2010/11/05 17:32:45 | 001,729,668 | ---- | C] () -- C:\Documents and Settings\virginie\Mes documents\ProcessExplorer.zip [2010/11/05 17:08:47 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2010/11/05 16:20:25 | 000,770,412 | ---- | C] () -- C:\Documents and Settings\virginie\Bureau\(DV984) NET CAR 27 03 2010.btw [2010/11/02 11:50:10 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\virginie\Bureau\Favoris réseau.lnk [2010/10/29 10:20:55 | 000,254,167 | ---- | C] () -- C:\Documents and Settings\virginie\Mes documents\2010 10 07 - Verthyge mains verso 5 litres.btw [2010/10/29 10:05:54 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\osainstlog.txt [2010/10/21 16:43:10 | 000,151,040 | ---- | C] () -- C:\Documents and Settings\virginie\Bureau\BAT D60 int.doc [2010/04/20 13:36:22 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\virginie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/27 09:01:59 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2009/03/23 10:43:16 | 000,020,419 | ---- | C] () -- C:\WINDOWS\MSUMLT_T.ini [2009/03/19 11:04:47 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\virginie\Local Settings\Application Data\fusioncache.dat [2009/03/17 19:19:29 | 000,000,616 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/03/01 10:46:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini [2009/03/01 10:32:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2008/01/24 18:17:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/01/24 18:08:34 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll [2008/01/24 18:08:00 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2008/01/24 18:08:00 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll [2008/01/24 18:08:00 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll [2008/01/24 17:31:34 | 000,004,392 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008/01/19 17:10:52 | 000,000,115 | ---- | C] () -- C:\WINDOWS\ALaunch.ini [2006/08/28 03:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys [2005/10/25 16:25:28 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004/08/05 06:00:00 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1997/08/29 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL [1997/08/29 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL [1997/08/29 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [1997/08/29 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1997/08/29 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\VAFR232.DLL [1997/08/29 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2008/01/24 17:31:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008/01/24 18:08:40 | 000,740,460 | ---- | M] () -- C:\bknowsetup.log [2009/03/01 10:26:16 | 000,000,212 | ---- | M] () -- C:\Boot.bak [2010/11/10 16:35:34 | 000,000,328 | RHS- | M] () -- C:\boot.ini [2004/08/05 06:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2004/08/03 23:00:08 | 000,263,488 | RHS- | M] () -- C:\cmldr [2010/11/10 16:53:35 | 000,009,231 | ---- | M] () -- C:\ComboFix.txt [2008/01/24 17:31:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2010/10/29 10:04:00 | 000,004,413 | -H-- | M] () -- C:\ffastun.ffa [2010/10/29 10:04:00 | 000,491,520 | -H-- | M] () -- C:\ffastun.ffl [2010/10/29 10:04:00 | 000,425,984 | -H-- | M] () -- C:\ffastun.ffo [2010/10/29 10:04:00 | 001,605,632 | -H-- | M] () -- C:\ffastun0.ffx [2010/11/10 16:34:42 | 2137,247,744 | -HS- | M] () -- C:\hiberfil.sys [2008/01/24 17:31:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008/01/24 17:31:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/05 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010/11/03 12:54:24 | 000,252,240 | RHS- | M] () -- C:\ntldr [2010/11/10 16:34:41 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2008/01/25 02:18:12 | 000,000,075 | RHS- | M] () -- C:\Preload.aaa [2009/03/01 10:35:23 | 000,000,593 | ---- | M] () -- C:\RHDSetup.log [2008/01/24 18:08:40 | 000,000,032 | ---- | M] () -- C:\setup.log [2010/07/09 08:56:54 | 007,441,040 | ---- | M] () -- C:\Valentin_7.1.9.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010/09/09 14:34:09 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2010/09/09 14:34:09 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [2010/09/09 14:34:10 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll [2009/08/06 18:23:54 | 000,575,704 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wuapi.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2008/01/24 18:26:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008/01/24 18:26:00 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008/01/24 18:26:00 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\drivers\*.sys /90 > [2010/08/26 14:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys < End of report > extras.txt OTL Extras logfile created on: 10/11/2010 16:56:46 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\virginie\Mes documents\PB-SPOOL Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 68.77 Gb Total Space | 52.91 Gb Free Space | 76.94% Space Free | Partition Type: NTFS Drive D: | 68.56 Gb Total Space | 68.47 Gb Free Space | 99.86% Space Free | Partition Type: NTFS Drive S: | 149.04 Gb Total Space | 99.76 Gb Free Space | 66.93% Space Free | Partition Type: NTFS Drive X: | 149.04 Gb Total Space | 99.76 Gb Free Space | 66.93% Space Free | Partition Type: NTFS Drive Y: | 149.04 Gb Total Space | 99.76 Gb Free Space | 66.93% Space Free | Partition Type: NTFS Drive Z: | 149.04 Gb Total Space | 99.76 Gb Free Space | 66.93% Space Free | Partition Type: NTFS Computer Name: PC-EXPED | User Name: virginie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "9999:UDP" = 9999:UDP:*:Enabled:LANScope UDP Port "2804:TCP" = 2804:TCP:*:Enabled:LANScope TCP Port "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "6160:TCP" = 6160:TCP:*:Enabled:Seagull Driver Networking ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22 "{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}" = Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français) "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{38C65D12-79E3-49C0-B211-DE3BE0A7AB39}" = commercial "{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra "{3FD17FF6-9C94-4A0C-A7E2-87EC77B03D79}" = BarTender 7.72.1548 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{480DBB60-F0B6-45F2-B26F-1A2E11197791}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA "{90283F22-0731-43B6-81FD-E6DD911A31FB}" = Microsoft SQL Server Native Client "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C74B273E-DF20-4955-899B-15205119894C}" = Microsoft SQL Server VSS Writer "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "avast!" = avast! Antivirus "CCleaner" = CCleaner "HDMI" = Intel® Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "Inkscape" = Inkscape 0.47 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OcaHistoryUpd" = OCA Client history tool install "Office8.0" = Microsoft Office 97 Professional "ST6UNST #1" = Impression "WIC" = Windows Imaging Component "Windows XP Service" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.6 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 06/04/2010 05:12:45 | Computer Name = PC-EXPED | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\PHOTO ACHETEES\BOUTEILLE ROSE ACHETTEE.jpg failed, 0000A420. Error - 06/04/2010 05:19:56 | Computer Name = PC-EXPED | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of E:\PHOTO ACHETEES\AGRUMES ACHETES.jpg failed, 0000A420. [ Application Events ] Error - 01/10/2010 09:09:13 | Computer Name = PC-EXPED | Source = Application Hang | ID = 1002 Description = Application bloquée bartend.exe, version 7.72.1548.834, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 01/10/2010 09:16:15 | Computer Name = PC-EXPED | Source = Application Hang | ID = 1002 Description = Application bloquée bartend.exe, version 7.72.1548.834, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 01/10/2010 10:06:50 | Computer Name = PC-EXPED | Source = Application Hang | ID = 1002 Description = Application bloquée bartend.exe, version 7.72.1548.834, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 04/10/2010 02:52:34 | Computer Name = PC-EXPED | Source = MSSQL$MSSMLBIZ | ID = 15466 Description = Une erreur s'est produite au cours du déchiffrement. Error - 04/10/2010 02:52:35 | Computer Name = PC-EXPED | Source = MSSQL$MSSMLBIZ | ID = 17190 Description = Échec de l'initialisation du certificat de transmission. Code d'erreur : 1. Error - 04/10/2010 05:39:55 | Computer Name = PC-EXPED | Source = Application Hang | ID = 1002 Description = Application bloquée AcroRd32.exe, version 8.1.0.137, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 04/10/2010 11:31:22 | Computer Name = PC-EXPED | Source = Application Hang | ID = 1002 Description = Application bloquée inkscape.exe, version 0.47.0.0, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 05/10/2010 02:53:15 | Computer Name = PC-EXPED | Source = MSSQL$MSSMLBIZ | ID = 15466 Description = Une erreur s'est produite au cours du déchiffrement. Error - 05/10/2010 02:53:15 | Computer Name = PC-EXPED | Source = MSSQL$MSSMLBIZ | ID = 17190 Description = Échec de l'initialisation du certificat de transmission. Code d'erreur : 1. Error - 06/10/2010 02:49:49 | Computer Name = PC-EXPED | Source = MSSQL$MSSMLBIZ | ID = 15466 Description = Une erreur s'est produite au cours du déchiffrement. [ System Events ] Error - 09/11/2010 11:18:18 | Computer Name = PC-EXPED | Source = Service Control Manager | ID = 7031 Description = Le service Spouleur d'impression s'est terminé de manière inattendue. Ceci s'est produit 2 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service. Error - 09/11/2010 11:58:21 | Computer Name = PC-EXPED | Source = Service Control Manager | ID = 7034 Description = Le service Spouleur d'impression s'est terminé de façon inattendue pour la 3ème fois. Error - 09/11/2010 12:18:17 | Computer Name = PC-EXPED | Source = Service Control Manager | ID = 7000 Description = Le service netlimiter n'a pas pu démarrer en raison de l'erreur : %%2 Error - 09/11/2010 12:18:17 | Computer Name = PC-EXPED | Source = Service Control Manager | ID = 7000 Description = Le service osaio n'a pas pu démarrer en raison de l'erreur : %%2 Error - 10/11/2010 04:06:49 | Computer Name = PC-EXPED | Source = Service Control Manager | ID = 7000 Description = Le service netlimiter n'a pas pu démarrer en raison de l'erreur : %%2 Error - 10/11/2010 04:06:49 | Computer Name = PC-EXPED | Source = Service Control Manager | ID = 7000 Description = Le service osaio n'a pas pu démarrer en raison de l'erreur : %%2 Error - 10/11/2010 11:01:26 | Computer Name = PC-EXPED | Source = Service Control Manager | ID = 7031 Description = Le service Spouleur d'impression s'est terminé de manière inattendue. Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans 60000 millisecondes : Redémarrer le service. Error - 10/11/2010 11:35:26 | Computer Name = PC-EXPED | Source = System Error | ID = 1003 Description = Code erreur 1000008e, paramètre 1 80000004, paramètre 2 804dca5c, paramètre 3 a8acd660, paramètre 4 00000000. Error - 10/11/2010 11:36:45 | Computer Name = PC-EXPED | Source = Service Control Manager | ID = 7000 Description = Le service netlimiter n'a pas pu démarrer en raison de l'erreur : %%2 Error - 10/11/2010 11:36:45 | Computer Name = PC-EXPED | Source = Service Control Manager | ID = 7000 Description = Le service osaio n'a pas pu démarrer en raison de l'erreur : %%2 < End of report >

combofix (otl suit) ComboFix 10-11-09.02 - virginie 10/11/2010 16:50:00.2.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2038.1494 [GMT 1:00] Lancé depuis: c:\documents and settings\virginie\Mes documents\PB-SPOOL\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 101110-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((( Fichiers créés du 2010-10-10 au 2010-11-10 )))))))))))))))))))))))))))))))))))) . 2010-11-10 15:48 . 2006-06-29 12:07 14048 ------w- c:\windows\system32\spmsg2.dll 2010-11-10 15:48 . 2010-11-10 15:48 -------- d-----w- c:\windows\LastGood 2010-11-10 15:46 . 2010-11-10 15:46 -------- d-----w- c:\program files\Fichiers communs\Java 2010-11-10 15:45 . 2010-11-10 15:45 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-11-10 15:45 . 2010-11-10 15:45 -------- d-----w- c:\program files\Java 2010-11-05 16:21 . 2010-11-05 16:21 388096 ----a-r- c:\documents and settings\virginie\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-11-05 16:17 . 2010-11-05 16:17 -------- d-----w- c:\program files\Trend Micro 2010-11-05 16:14 . 2010-11-10 15:45 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-11-05 16:08 . 2010-11-05 16:08 -------- d-----w- c:\documents and settings\virginie\Application Data\Malwarebytes 2010-11-05 16:08 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-05 16:08 . 2010-11-05 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-05 16:08 . 2010-11-05 16:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-05 16:08 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-04 08:18 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-11-04 08:18 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-11-04 08:18 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-11-03 11:57 . 2010-11-03 11:57 -------- d-----w- c:\windows\system32\fr 2010-11-03 11:57 . 2010-11-03 11:57 -------- d-----w- c:\windows\system32\bits 2010-11-03 11:57 . 2010-11-03 11:57 -------- d-----w- c:\windows\l2schemas 2010-10-28 17:04 . 2010-10-28 17:05 -------- d-----w- c:\program files\CCleaner . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 11:23 . 2006-12-14 13:45 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2006-11-01 19:18 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-18 06:53 . 2004-08-05 05:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-05 05:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-09 13:34 . 2007-04-18 12:44 832512 ----a-w- c:\windows\system32\wininet.dll 2010-09-09 13:34 . 2004-08-05 05:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-09-09 13:34 . 2004-08-05 05:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-09 13:34 . 2004-08-05 05:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-09-08 15:57 . 2004-08-05 05:00 389120 ----a-w- c:\windows\system32\html.iec 2010-09-01 11:51 . 2004-08-05 05:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:55 . 2007-03-08 15:33 1852928 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2005-10-17 21:21 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:58 . 2004-12-07 19:34 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2005-05-10 00:17 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:12 . 2004-08-05 05:00 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2005-06-10 23:53 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:44 . 2004-08-05 05:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-04-07 15:56 . 2010-04-07 15:56 38811470 ----a-w- c:\program files\Inkscape-0.47-3.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "Seagull Drivers"="ssdal_nc.exe startup" [X] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "RTHDCPL"="RTHDCPL.EXE" [2008-01-28 16859648] "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-16 53248] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9999:UDP"= 9999:UDP:LANScope UDP Port "2804:TCP"= 2804:TCP:LANScope TCP Port "6160:TCP"= 6160:TCP:Seagull Driver Networking R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17/03/2009 19:05 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/03/2009 19:05 20560] S2 netlimiter;netlimiter;\??\c:\windows\system32\drivers\netlimiter.sys --> c:\windows\system32\drivers\netlimiter.sys [?] S3 Commander Service;Commander Service;c:\program files\Seagull\BarTender\7.72\CmdrSrv.exe [19/09/2005 23:00 1058408] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - JAVAQUICKSTARTERSERVICE . . ------- Examen supplémentaire ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0309&m=veriton_m460 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0309&m=veriton_m460 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-11-10 16:52 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3504) c:\windows\system32\eappprxy.dll . Heure de fin: 2010-11-10 16:53:35 ComboFix-quarantined-files.txt 2010-11-10 15:53 Avant-CF: 56 802 975 744 octets libres Après-CF: 56 792 633 344 octets libres - - End Of File - - 549AA9461AE9AB3CC5A87A82E17B06C1

RESULTATS MALWAREBYTES Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 5079 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 09/11/2010 09:06:38 mbam-log-2010-11-09 (09-06-38).txt Type d'examen: Examen rapide Elément(s) analysé(s): 243271 Temps écoulé: 5 minute(s), 27 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) RESULTATS ESET Rien: no threads found RESULTATS SECURITY CHECK Results of screen317's Security Check version 0.99.5 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! avast! Antivirus Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner Java 6 Update 22 Out of date Java installed! Adobe Flash Player Adobe Reader 8.1.0 - Français Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast4 aswUpdSv.exe Alwil Software Avast4 ashServ.exe Alwil Software Avast4 ashDisp.exe ```````````````````````````````` DNS Vulnerability Check: POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS) ``````````End of Log````````````

voici le log hijackthis - merci pour votre aide Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:44:52, on 05/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17091) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0309&m=veriton_m460 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0309&m=veriton_m460 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0309&m=veriton_m460 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0309&m=veriton_m460 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [seagull Drivers] ssdal_nc.exe startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = procalp.local O17 - HKLM\Software\..\Telephony: DomainName = procalp.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = procalp.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = procalp.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = procalp.local O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Commander Service - Seagull Scientific, Inc - C:\Program Files\Seagull\BarTender\7.72\CmdrSrv.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 7894 bytes