Rapport

[vpey]

Bonjour,

 

Je vous poste un rapport d'HijackThis car depuis quelques temps j'ai des pop-up et le pc est très ralenti.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:16:38, on 23/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\TODDSrv.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

C:\WINDOWS\TEMP\XTF027.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://172.16.1.5/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: LogicFunctions module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - (no file)

O2 - BHO: (no name) - {1D6931F4-6F48-424C-AD55-3D3AA5EA2BF8} - C:\WINDOWS\system32\geBsSmJd.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {3C8CD028-388B-4D29-95D7-F009A1E528C3} - C:\WINDOWS\system32\byXNgdDu.dll (file missing)

O2 - BHO: (no name) - {507E876F-B290-4448-8E9F-A6EDC3B6D58E} - C:\WINDOWS\system32\rqRHwVoN.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {84327C78-174F-4AF7-A6F0-B1B64E54EEB9} - C:\WINDOWS\system32\pmnKeCsR.dll (file missing)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [setAudioDevice] "c:\windows\oemdrv\swhelper\XP_SetAnalogToDefault.exe"

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [b893de0a] rundll32.exe "C:\WINDOWS\system32\kckehhgd.dll",b

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [spybotDeletingA357] command /c del "C:\WINDOWS\system32\byXNgdDu.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC3486] cmd /c del "C:\WINDOWS\system32\byXNgdDu.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingA5109] command /c del "C:\WINDOWS\system32\rqRHwVoN.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC6404] cmd /c del "C:\WINDOWS\system32\rqRHwVoN.dll_old"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [WellPhone XT Sagem] "C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://projets.oleane.com/qp2.cab

O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.fruits-et-legumes.net/download/CfxIEAx.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204783174282

O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NICOLAS.siege

O17 - HKLM\Software\..\Telephony: DomainName = NICOLAS.siege

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = NICOLAS.siege

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: geBsSmJd - C:\WINDOWS\SYSTEM32\geBsSmJd.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Scan en temps réel Trend Micro Client/Server Security Agent (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe

O23 - Service: Pare-feu personnel Trend Micro Client/Server Security Agent (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: SmartcomSCPService - Smartcom - C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe

O23 - Service: Trend Micro Client-Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

 

--

End of file - 14413 bytes

[Falkra]

Bonjour, il y a du monde là dedans !

 

J'adore, plus de saleté à shooter, et c'est plus dur.

 

Désactive TeaTimer dans spybot dès maintenant, ça peut empêcher la désinfection.

A faire en passant par les options de Spybot: il faut aller dans le menu "Mode"=> coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" . Tu ne doit plus voir l'icône du Teatimer dans la barre de tâches!

 

Ensuite, télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  
• Pour plus d'information et un tuto illustré, voici le seul tuto officiel et autorisé : http://www.bleepingcomputer.com/combofix/f...iliser-combofix
  

[vpey]

Bonjour,

Avec un peu de retard, voici le rapport de combofix:

 

ComboFix 08-06-20.4 - nicolas 2008-06-25 10:24:09.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1239 [GMT 2:00]

Endroit: C:\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\bggidhvw.ini

C:\WINDOWS\system32\dghhekck.ini

C:\WINDOWS\system32\dpysxjiy.dll

C:\WINDOWS\system32\edwvduwv.ini

C:\WINDOWS\system32\geBsSmJd.dll

C:\WINDOWS\system32\gpwsfglk.ini

C:\WINDOWS\system32\khfCtsRl.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\NoVwHRqr.ini

C:\WINDOWS\system32\NoVwHRqr.ini2

C:\WINDOWS\system32\OpYJmUtv.ini

C:\WINDOWS\system32\OpYJmUtv.ini2

C:\WINDOWS\system32\qoMeDWon.dll

C:\WINDOWS\system32\RsCeKnmp.ini

C:\WINDOWS\system32\RsCeKnmp.ini2

C:\WINDOWS\system32\sjfdomwk.ini

C:\WINDOWS\system32\uDdgNXyb.ini

C:\WINDOWS\system32\uDdgNXyb.ini2

C:\WINDOWS\system32\vjscbrop.ini

C:\WINDOWS\system32\vtUmJYpO.dll

C:\WINDOWS\system32\weoebeii.ini

C:\WINDOWS\system32\yijxsypd.ini

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-25 10:28 . 2008-06-25 10:28 294 ---hs---- C:\WINDOWS\system32\vjscbrop.ini

2008-06-25 09:51 . 2008-06-25 09:45 2,037,114 --a------ C:\ComboFix.exe

2008-06-25 08:59 . 2008-06-25 08:59 92,032 --a------ C:\WINDOWS\system32\porbcsjv.dll

2008-06-23 17:16 . 2008-05-14 13:55 812,344 --a------ C:\HJTInstall.exe

2008-06-23 17:08 . 2008-05-15 21:21 570,657 --a------ C:\Navilog1.exe

2008-06-23 10:32 . 2008-06-23 17:14 <REP> d-------- C:\Program Files\Navilog1

2008-06-21 23:05 . 2008-06-23 07:56 544 --a------ C:\WINDOWS\wininit.ini

2008-06-21 22:35 . 2008-06-21 22:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-21 22:35 . 2008-06-21 23:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-16 07:11 . 2008-06-16 07:11 <REP> d-------- C:\Program Files\LogicFunctions

2008-06-10 21:54 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 21:54 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-10 21:54 . 2008-05-08 14:28 202,752 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-04 22:56 . 2008-06-04 22:56 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\Apple Computer

2008-06-04 22:55 . 2008-06-04 22:56 <REP> d-------- C:\Program Files\iTunes

2008-06-04 22:55 . 2008-06-04 22:55 <REP> d-------- C:\Program Files\iPod

2008-06-04 22:55 . 2008-06-04 22:55 <REP> d-------- C:\Program Files\Fichiers communs\Apple

2008-06-04 22:50 . 2008-06-04 22:50 <REP> d-------- C:\Program Files\Apple Software Update

2008-06-04 22:50 . 2008-06-04 22:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-06-02 18:18 . 2008-06-02 18:18 1,507 --a------ C:\WINDOWS\system32\Adiboud'chou.lnk

2008-06-02 18:17 . 2008-06-02 18:17 <REP> d-------- C:\coktel

2008-05-26 16:03 . 2008-06-25 10:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-26 16:03 . 2008-06-04 22:56 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-26 16:02 . 2008-05-26 16:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-05-26 15:59 . 2008-05-26 16:03 <REP> d-------- C:\Program Files\QuickTime

2008-05-26 15:45 . 2008-05-26 15:45 <REP> d-------- C:\Program Files\iWizz

2008-05-26 15:45 . 2008-05-31 15:37 <REP> d-------- C:\Documents and Settings\nicolas\iWizz

2008-05-26 15:45 . 2008-05-26 15:45 <REP> d-------- C:\Documents and Settings\nicolas\.bitrock

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-25 07:59 --------- d-----w C:\Documents and Settings\nicolas\Application Data\Skype

2008-06-25 07:16 --------- d-----w C:\Documents and Settings\nicolas\Application Data\skypePM

2008-06-25 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-06-23 15:16 --------- d-----w C:\Program Files\Trend Micro

2008-05-19 20:08 --------- d-----w C:\Documents and Settings\nicolas\Application Data\InterVideo

2008-05-18 18:44 --------- d-----w C:\Program Files\Google

2008-05-17 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-29 07:27 --------- d-----w C:\Program Files\SmartCom

2008-04-29 07:27 --------- d-----w C:\Program Files\Fichiers communs\SmartCom

2008-04-26 17:32 --------- d-----w C:\Program Files\VirginMega

2008-04-26 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations

2008-04-02 08:48 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2006-12-12 10:13 32,768 ----a-w C:\Documents and Settings\All Users\Application Data\EBLib.dll

2006-07-28 15:25 19,456 ----a-w C:\Documents and Settings\All Users\Application Data\LPCFilter.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D6931F4-6F48-424C-AD55-3D3AA5EA2BF8}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B5283D6-D1D7-4E2C-AB8F-5F4EA100B3A4}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C8CD028-388B-4D29-95D7-F009A1E528C3}]

C:\WINDOWS\system32\byXNgdDu.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40C03EF5-7404-4C79-ABC9-EFF154970A51}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{507E876F-B290-4448-8E9F-A6EDC3B6D58E}]

C:\WINDOWS\system32\rqRHwVoN.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84327C78-174F-4AF7-A6F0-B1B64E54EEB9}]

C:\WINDOWS\system32\pmnKeCsR.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CADCDC1E-7960-4EB0-8A52-BD5416B17CA6}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-01-09 15:23 191552]

"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 17:08 65536]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]

"WellPhone XT Sagem"="C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" [2008-04-09 14:27 1888920]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 08:30 68856]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16:21 16384000 C:\WINDOWS\RTHDCPL.exe]

"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 07:49 651264]

"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 14:45 28672]

"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 12:17 65536]

"TPSMain"="TPSMain.exe" [2005-08-12 12:14 266240 C:\WINDOWS\system32\TPSMain.exe]

"TDispVol"="TDispVol.exe" [2005-12-27 14:06 73728 C:\WINDOWS\system32\TDispVol.exe]

"Zooming"="ZoomingHook.exe" [2005-06-06 10:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]

"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2007-05-11 12:59 143360]

"NDSTray.exe"="NDSTray.exe" []

"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 12:49 495616]

"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 10:24 581632]

"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 06:40 53248]

"SetAudioDevice"="c:\windows\oemdrv\swhelper\XP_SetAnalogToDefault.exe" [2007-09-10 18:17 200704]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 23:40 196608]

"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 11:50 413696]

"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-12-16 06:09 372813]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-26 15:59 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"TFncKy"="TFncKy.exe" []

"TCtryIOHook"="TCtrlIOHook.exe" [2007-06-30 09:18 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]

"b893de0a"="C:\WINDOWS\system32\porbcsjv.dll" [2008-06-25 08:59 92032]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsSmJd]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

PCANotify.dll 2002-02-15 11:51 24638 C:\WINDOWS\system32\PCANotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=

"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=

"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"33162:TCP"= 33162:TCP:TCPEMULE

"50813:UDP"= 50813:UDP:UDPEMULE

 

R2 SmartcomSCPService;SmartcomSCPService;C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe [2008-04-09 14:27]

R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 13:22]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 13:15]

S3 TpChoice;Touch Pad Detection Filter driver;C:\WINDOWS\system32\DRIVERS\TpChoice.sys []

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f939d10-0074-11dd-9f0e-000b0d82196c}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-06-13 13:52:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-25 10:28:24

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

 

C:\WINDOWS\system32\vjscbrop.ini 294 bytes

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 1

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe

C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

C:\WINDOWS\Temp\AT5C10.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Apoint2K\ApntEx.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-25 10:31:23 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-25 08:31:20

 

Pre-Run: 140,970,438,656 octets libres

Post-Run: 140,922,863,616 octets libres

 

219 --- E O F --- 2008-06-11 15:08:03

[Falkra]

D'après le rapport, tu n'as pas désactivé TeaTimer, désactive-le stp, ça peut faire échouer la désinfection !

J'inclus des instructions pour le désactiver moi-même, au cas où.

 

Voici la suite, le système est encore bien chargé.

 

• Ouvre le bloc notes. Copie colle ceci dedans :
  

 

File::

C:\WINDOWS\system32\pmnKeCsR.dll

C:\WINDOWS\system32\byXNgdDu.dll

C:\WINDOWS\system32\rqRHwVoN.dll

C:\WINDOWS\system32\porbcsjv.dll

C:\WINDOWS\system32\vjscbrop.ini

 

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D6931F4-6F48-424C-AD55-3D3AA5EA2BF8}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B5283D6-D1D7-4E2C-AB8F-5F4EA100B3A4}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C8CD028-388B-4D29-95D7-F009A1E528C3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40C03EF5-7404-4C79-ABC9-EFF154970A51}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{507E876F-B290-4448-8E9F-A6EDC3B6D58E}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84327C78-174F-4AF7-A6F0-B1B64E54EEB9}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CADCDC1E-7960-4EB0-8A52-BD5416B17CA6}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBsSmJd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"b893de0a"=-

"TFncKy"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=-

 

• Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
   
  
• Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
  

• Une fenêtre bleue va apparaître: au message qui apparaît (Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  
• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

[vpey]

Voici le nouveau rapport :

 

ComboFix 08-06-20.4 - nicolas 2008-06-25 12:02:00.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1402 [GMT 2:00]

Endroit: C:\Documents and Settings\nicolas\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\nicolas\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\byXNgdDu.dll

C:\WINDOWS\system32\pmnKeCsR.dll

C:\WINDOWS\system32\porbcsjv.dll

C:\WINDOWS\system32\rqRHwVoN.dll

C:\WINDOWS\system32\vjscbrop.ini

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\porbcsjv.dll

C:\WINDOWS\system32\vjscbrop.ini

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-25 to 2008-06-25 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-25 09:51 . 2008-06-25 09:45 2,037,114 --a------ C:\ComboFix.exe

2008-06-23 17:16 . 2008-05-14 13:55 812,344 --a------ C:\HJTInstall.exe

2008-06-23 17:08 . 2008-05-15 21:21 570,657 --a------ C:\Navilog1.exe

2008-06-23 10:32 . 2008-06-23 17:14 <REP> d-------- C:\Program Files\Navilog1

2008-06-21 23:05 . 2008-06-23 07:56 544 --a------ C:\WINDOWS\wininit.ini

2008-06-21 22:35 . 2008-06-25 11:52 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-21 22:35 . 2008-06-25 11:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-16 07:11 . 2008-06-16 07:11 <REP> d-------- C:\Program Files\LogicFunctions

2008-06-10 21:54 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 21:54 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-10 21:54 . 2008-05-08 14:28 202,752 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-06-04 22:56 . 2008-06-04 22:56 <REP> d-------- C:\Documents and Settings\nicolas\Application Data\Apple Computer

2008-06-04 22:55 . 2008-06-04 22:56 <REP> d-------- C:\Program Files\iTunes

2008-06-04 22:55 . 2008-06-04 22:55 <REP> d-------- C:\Program Files\iPod

2008-06-04 22:55 . 2008-06-04 22:55 <REP> d-------- C:\Program Files\Fichiers communs\Apple

2008-06-04 22:50 . 2008-06-04 22:50 <REP> d-------- C:\Program Files\Apple Software Update

2008-06-04 22:50 . 2008-06-04 22:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-06-02 18:18 . 2008-06-02 18:18 1,507 --a------ C:\WINDOWS\system32\Adiboud'chou.lnk

2008-06-02 18:17 . 2008-06-02 18:17 <REP> d-------- C:\coktel

2008-05-26 16:03 . 2008-06-25 12:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-26 16:03 . 2008-06-04 22:56 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-26 16:02 . 2008-05-26 16:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-05-26 15:59 . 2008-05-26 16:03 <REP> d-------- C:\Program Files\QuickTime

2008-05-26 15:45 . 2008-05-26 15:45 <REP> d-------- C:\Program Files\iWizz

2008-05-26 15:45 . 2008-05-31 15:37 <REP> d-------- C:\Documents and Settings\nicolas\iWizz

2008-05-26 15:45 . 2008-05-26 15:45 <REP> d-------- C:\Documents and Settings\nicolas\.bitrock

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-25 09:50 --------- d-----w C:\Program Files\Microsoft Works

2008-06-25 09:47 --------- d-----w C:\Documents and Settings\nicolas\Application Data\Skype

2008-06-25 07:16 --------- d-----w C:\Documents and Settings\nicolas\Application Data\skypePM

2008-06-25 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-06-23 15:16 --------- d-----w C:\Program Files\Trend Micro

2008-05-19 20:08 --------- d-----w C:\Documents and Settings\nicolas\Application Data\InterVideo

2008-05-18 18:44 --------- d-----w C:\Program Files\Google

2008-05-17 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-29 07:27 --------- d-----w C:\Program Files\SmartCom

2008-04-29 07:27 --------- d-----w C:\Program Files\Fichiers communs\SmartCom

2008-04-26 17:32 --------- d-----w C:\Program Files\VirginMega

2008-04-26 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations

2008-04-02 08:48 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2006-12-12 10:13 32,768 ----a-w C:\Documents and Settings\All Users\Application Data\EBLib.dll

2006-07-28 15:25 19,456 ----a-w C:\Documents and Settings\All Users\Application Data\LPCFilter.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-25_10.31.09.54 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-03-11 11:16:13 997,992 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

+ 2008-06-25 09:49:44 1,000,848 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

- 2008-03-11 11:16:13 1,100,392 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

+ 2008-06-25 09:50:33 1,103,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

- 2008-03-11 11:16:14 141,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

+ 2008-06-25 09:50:34 144,784 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

- 2008-03-11 11:16:14 408,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll

+ 2008-06-25 09:50:42 411,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll

- 2008-03-11 11:16:14 35,448 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll

+ 2008-06-25 09:50:39 38,304 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll

- 2008-03-11 11:16:14 461,416 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll

+ 2008-06-25 09:50:24 464,272 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll

- 2008-03-11 11:16:14 223,856 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

+ 2008-06-25 09:50:44 226,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

- 2008-03-11 11:16:14 20,080 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

+ 2008-06-25 09:50:27 22,928 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

- 2008-03-11 11:16:14 662,120 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

+ 2008-06-25 09:50:50 664,968 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

- 2008-03-11 11:16:13 371,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

+ 2008-06-25 09:50:26 374,152 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

- 2008-03-11 11:16:14 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

+ 2008-06-25 09:50:06 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

- 2008-03-11 11:16:14 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL

+ 2008-06-25 09:49:55 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL

- 2008-06-25 08:27:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-25 10:04:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-04-14 15:52:45 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys

+ 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys

+ 2008-03-11 11:16:13 997,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\ACCESS.DLL

+ 2003-07-15 10:13:58 166,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL

+ 2003-07-15 05:43:20 87,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL

+ 2003-07-15 05:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL

+ 2003-07-15 05:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\AW.DLL

+ 2003-07-14 21:53:24 60,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\BLNMGR.DLL

+ 2003-07-14 21:53:22 46,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL

+ 2003-07-15 02:14:28 350,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL

+ 2003-07-15 10:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE

+ 2003-07-26 01:57:20 75,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL

+ 2003-07-15 05:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\DSITF.DLL

+ 2003-07-15 05:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\DSSM.EXE

+ 2003-07-31 22:19:52 131,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL

+ 2003-08-13 09:34:38 10,073,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE

+ 2008-03-11 11:16:13 1,100,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL

+ 2003-07-15 05:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\FINDER.EXE

+ 2002-10-07 16:49:36 192,573 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\FORM.DLL

+ 2008-03-11 11:16:13 371,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL

+ 2003-07-24 06:01:40 1,949,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL

+ 2003-07-15 06:36:14 186,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL

+ 2003-07-15 05:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL

+ 2003-07-26 02:00:16 1,157,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL

+ 2003-07-26 02:14:50 799,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL

+ 2003-07-15 06:11:42 2,139,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE

+ 2008-03-11 11:16:14 141,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL

+ 2003-07-15 05:53:50 161,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\IETAG.DLL

+ 2003-07-24 05:32:32 121,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL

+ 2003-05-28 22:42:48 514,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\INTLNAME.DLL

+ 2003-06-19 00:31:44 758,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL

+ 2003-06-19 00:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL

+ 2003-06-19 00:31:48 17,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL

+ 2003-06-19 00:31:48 18,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL

+ 2003-06-19 00:31:46 35,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL

+ 2003-06-19 00:31:34 443,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL

+ 2003-05-28 22:42:50 342,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\METCONV.DLL

+ 2003-07-15 05:46:08 176,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MIMEDIR.DLL

+ 2003-07-15 06:01:44 445,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MODHELP.DLL

+ 2003-08-15 07:54:08 6,627,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE

+ 2003-07-15 10:13:58 130,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL

+ 2003-07-15 05:57:14 124,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL

+ 2003-07-15 06:12:22 47,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL

+ 2003-07-14 21:58:04 230,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL

+ 2003-07-15 05:56:14 40,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSE7.EXE

+ 2003-07-15 05:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL

+ 2003-07-15 10:14:00 139,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL

+ 2003-07-15 05:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSMH.DLL

+ 2003-08-08 07:23:16 12,172,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSO.DLL

+ 2003-07-14 21:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL

+ 2003-07-15 02:14:18 106,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL

+ 2003-07-23 21:35:26 127,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL

+ 2003-07-15 05:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL

+ 2003-07-15 05:44:06 25,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL

+ 2003-07-15 05:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE

+ 2003-07-15 05:56:16 54,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL

+ 2003-07-15 10:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL

+ 2003-07-14 21:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL

+ 2003-07-15 05:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL

+ 2003-07-15 05:53:00 55,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL

+ 2003-07-15 05:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL

+ 2003-07-15 05:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL

+ 2003-07-15 05:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE

+ 2003-07-15 05:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL

+ 2003-06-19 00:31:24 1,033,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL

+ 2003-06-19 00:31:54 788,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL

+ 2003-06-19 00:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL

+ 2003-06-19 23:05:52 128,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE

+ 2003-06-19 23:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE

+ 2003-07-15 06:02:42 637,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE

+ 2003-07-15 05:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSSH.DLL

+ 2008-03-11 11:16:14 20,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL

+ 2003-07-15 06:02:14 627,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE

+ 2003-07-15 05:56:24 124,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE

+ 2003-07-24 05:40:00 482,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL

+ 2003-07-15 06:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL

+ 2003-07-15 05:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\NAME.DLL

+ 2003-07-15 05:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL

+ 2003-06-19 00:31:58 6,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL

+ 2008-03-11 11:16:14 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL

+ 2003-07-15 10:14:26 283,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OIS.EXE

+ 2003-07-15 10:14:26 828,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL

+ 2003-07-15 10:14:26 27,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL

+ 2003-07-15 10:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL

+ 2008-03-11 11:16:14 35,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL

+ 2003-07-15 06:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OMFC.DLL

+ 2003-07-15 06:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OMFC.DLL_0002

+ 2003-07-14 21:53:08 95,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OSA.EXE

+ 2003-07-15 05:41:56 24,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL

+ 2003-07-15 05:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL

+ 2003-08-10 06:06:42 7,522,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL

+ 2003-07-15 05:44:32 88,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL

+ 2003-07-15 05:45:18 196,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE

+ 2003-07-15 05:43:48 139,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL

+ 2008-03-11 11:16:14 408,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL

+ 2003-07-15 05:43:18 64,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL

+ 2003-07-15 05:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL

+ 2003-08-04 20:19:34 7,330,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OWC10.DLL

+ 2003-08-01 22:09:04 8,086,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OWC11.DLL

+ 2008-03-11 11:16:14 461,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL

+ 2003-07-30 19:40:40 6,133,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE

+ 2003-07-15 10:18:54 430,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL

+ 2003-07-15 10:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL

+ 2008-03-11 11:16:14 223,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL

+ 2003-07-31 22:21:08 1,782,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE

+ 2002-10-07 17:11:00 167,997 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\PSOM.DLL

+ 2003-07-15 05:42:26 37,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\RECALL.DLL

+ 2003-05-09 04:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL

+ 2003-07-15 05:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL

+ 2002-10-07 16:49:42 81,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL

+ 2003-07-15 05:43:30 74,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\RM.DLL

+ 2003-07-21 18:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL

+ 2003-07-15 05:57:18 349,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE

+ 2003-07-15 05:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL

+ 2003-07-14 21:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL

+ 2003-08-06 20:31:22 362,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\SETLANG.EXE

+ 2003-07-15 05:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE

+ 2003-08-06 20:26:18 445,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\SOA.DLL

+ 2003-08-03 17:52:32 2,808,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL

+ 2002-10-07 16:53:04 106,561 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL

+ 2003-07-15 06:00:22 99,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL

+ 2002-10-07 16:50:44 241,729 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL

+ 2002-10-07 16:51:04 180,289 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL

+ 2002-10-07 16:51:14 147,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL

+ 2002-10-07 16:51:20 102,467 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL

+ 2002-10-07 16:50:04 118,847 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL

+ 2002-10-07 16:49:56 81,983 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL

+ 2002-10-07 16:51:44 221,252 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL

+ 2003-07-15 05:57:40 59,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE

+ 2003-07-03 22:19:36 2,502,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\VBE6.DLL

+ 2008-03-11 11:16:14 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL

+ 2003-08-06 20:24:20 12,037,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE

+ 2008-03-11 11:16:14 662,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL

+ 2002-10-07 17:03:34 1,794,113 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL

+ 2003-04-30 18:52:32 1,581,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL

+ 2003-01-17 21:03:34 59,466 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT

+ 2001-06-05 15:13:22 289,926 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT

+ 2001-06-05 15:13:22 34,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT

+ 2001-06-05 15:13:24 18,844 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.8173\JFONT.DAT

+ 2001-06-05 15:13:26 65,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT

+ 2005-05-03 23:06:28 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL

+ 2005-05-03 23:06:30 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL

+ 2005-05-03 23:06:24 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL

+ 2006-09-26 20:01:30 2,113,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.8173\MSOLAP80.DLL

+ 2001-10-23 07:13:42 53,260 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT

+ 2001-06-05 15:13:26 40,972 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040111900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT

- 2008-06-11 15:06:39 593,920 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-06-25 09:51:00 593,920 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-06-11 15:06:39 12,288 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-06-25 09:51:00 12,288 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-06-11 15:06:38 135,168 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-06-25 09:50:59 135,168 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-06-11 15:06:39 11,264 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-06-25 09:51:00 11,264 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-06-11 15:06:39 27,136 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-06-25 09:51:00 27,136 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-06-11 15:06:39 4,096 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-06-25 09:51:00 4,096 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-06-11 15:06:39 794,624 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-06-25 09:51:00 794,624 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-06-11 15:06:39 249,856 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-06-25 09:51:00 249,856 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-06-11 15:06:38 61,440 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-06-25 09:51:00 61,440 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-06-11 15:06:39 23,040 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-06-25 09:51:00 23,040 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-06-11 15:06:38 286,720 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-06-25 09:50:59 286,720 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-06-11 15:06:38 409,600 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-06-25 09:50:59 409,600 ----a-r C:\WINDOWS\Installer\{9111040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2006-10-26 13:10:08 1,190,688 ----a-w C:\WINDOWS\system32\FM20.DLL

+ 2007-06-06 08:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL

- 2003-06-19 00:31:48 17,920 ----a-w C:\WINDOWS\system32\mdimon.dll

+ 2007-04-09 11:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll

- 2003-06-19 00:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll

+ 2007-04-09 11:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll

- 2003-06-19 00:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll

+ 2007-04-09 11:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll

- 2003-06-19 00:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll

+ 2007-04-09 11:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll

- 2003-06-19 00:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll

+ 2007-04-09 11:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll

- 2003-06-19 00:31:48 18,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

+ 2007-04-09 11:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

+ 2005-12-16 04:06:46 172,099 ----a-w C:\WINDOWS\TEMP\ZF1DF2.EXE

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

={750fdf0e-2a26-11d1-a3ea-080036587f03}

={4E77131D-3629-431c-9818-C5679DC83E81}

={99FD978C-D287-4F50-827F-B2C658EDA8E7}

={AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}

={920E6DB1-9907-4370-B3A0-BAFC03D81399}

={16F3DD56-1AF5-4347-846D-7C10C4192619}

={2916C86E-86A6-43FE-8112-43ABE6BF8DCC}

={b32a6748-f273-4546-b60a-3c5adc239de5}

={36A21736-36C2-4C11-8ACB-D4136F2B57BD}

={EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}

={666C7833-A9B6-4AB4-94ED-DC238C81E925}

={1F038B9D-83F5-4b28-BA76-8654EC297DD6}

={A825576B-0042-4F0F-8FB0-93CE0F054E69}

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-01-09 15:23 191552]

"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 17:08 65536]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]

"WellPhone XT Sagem"="C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" [2008-04-09 14:27 1888920]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 08:30 68856]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16:21 16384000 C:\WINDOWS\RTHDCPL.exe]

"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 07:49 651264]

"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 14:45 28672]

"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 12:17 65536]

"TPSMain"="TPSMain.exe" [2005-08-12 12:14 266240 C:\WINDOWS\system32\TPSMain.exe]

"TDispVol"="TDispVol.exe" [2005-12-27 14:06 73728 C:\WINDOWS\system32\TDispVol.exe]

"Zooming"="ZoomingHook.exe" [2005-06-06 10:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]

"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2007-05-11 12:59 143360]

"NDSTray.exe"="NDSTray.exe" []

"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 12:49 495616]

"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 10:24 581632]

"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 06:40 53248]

"SetAudioDevice"="c:\windows\oemdrv\swhelper\XP_SetAnalogToDefault.exe" [2007-09-10 18:17 200704]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 23:40 196608]

"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 11:50 413696]

"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-12-16 06:09 372813]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-26 15:59 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"TCtryIOHook"="TCtrlIOHook.exe" [2007-06-30 09:18 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

PCANotify.dll 2002-02-15 11:51 24638 C:\WINDOWS\system32\PCANotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=

"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=

"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"33162:TCP"= 33162:TCP:TCPEMULE

"50813:UDP"= 50813:UDP:UDPEMULE

 

R2 SmartcomSCPService;SmartcomSCPService;C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe [2008-04-09 14:27]

R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-26 13:22]

R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-19 13:15]

S3 TpChoice;Touch Pad Detection Filter driver;C:\WINDOWS\system32\DRIVERS\TpChoice.sys []

S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f939d10-0074-11dd-9f0e-000b0d82196c}]

\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-06-13 13:52:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-25 12:05:53

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe

C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

C:\WINDOWS\TEMP\ZF1DF2.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Apoint2K\ApntEx.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-25 12:08:38 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-25 10:08:34

ComboFix2.txt 2008-06-25 08:31:24

 

Pre-Run: 140,357,255,168 octets libres

Post-Run: 140,364,460,032 octets libres

 

410 --- E O F --- 2008-06-25 09:51:38

[Falkra]

Ok, poste un nouveau rapport HijackThis stp.

[vpey]

Le voila:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:27, on 2008-06-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

C:\WINDOWS\system32\TODDSrv.exe

c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

C:\WINDOWS\TEMP\ZF1DF2.EXE

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\WINDOWS\system32\TPSMain.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe

C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

C:\Program Files\WinZip\WZQKPICK.EXE

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://172.16.1.5/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [setAudioDevice] "c:\windows\oemdrv\swhelper\XP_SetAnalogToDefault.exe"

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [WellPhone XT Sagem] "C:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://projets.oleane.com/qp2.cab

O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.fruits-et-legumes.net/download/CfxIEAx.cab

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204783174282

O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobtv.f..._instmodule.exe

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nicolas.siege

O17 - HKLM\Software\..\Telephony: DomainName = nicolas.siege

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nicolas.siege

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Scan en temps réel Trend Micro Client/Server Security Agent (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe

O23 - Service: Pare-feu personnel Trend Micro Client/Server Security Agent (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: SmartcomSCPService - Smartcom - C:\Program Files\Fichiers communs\SmartCom\Services\SmartcomSCPService.exe

O23 - Service: Trend Micro Client-Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

 

--

End of file - 12399 bytes

[Falkra]

Relance HijackThis, coche cette ligne et fais "fix checked" :

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

 

Tu peux désinstaller combofix : entre combofix /u dans la boite exécuter du menu démarrer.

Après cela, efface ce dossier s'il existe encore.

C:\QooBox

 

As-tu encore des symptômes anormaux ?

[vpey]

Ok,

ça a l'air de mieux fonctionner.

 

Merci pour le moment et si jamais j'ai un problème je re-poste un message.

 

A+

[Falkra]

Trend micro te fait antivirus et firewall (pare-feu) ?