fenetre fausse alerte trojan

[cyrille_1971]

bonjour,

je rencontre le problème suivant, j'ai eu l'affichage d'une fenetre d'alerte sécurité windows sur "Trojan-Spy.Win32.Greenscreen" et betement j'ai cliqué dessus mais je pense que c'était un malware

voici mon rapport Hijackthis après avoir lancé Malwarebytes Anti-Malware

 

Merci pour le coup de main

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:07:55, on 29/09/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\system32\schtasks.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Windows\system32\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehmsas.exe

C:\ProgramData\ComSh\pcpwhypy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\conime.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Users\cyrille\Desktop\protection\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ComSh] C:\ProgramData\ComSh\pcpwhypy.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.canalblog.com/sharedDocs/misc/u...geUploader5.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/...geUploader4.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cyrille11071971.spaces.live.com/Pho...nPUpldfr-fr.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://labo.nomatica.com/downloads/ImageUploader3.cab

O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 9975 bytes

[chrifleur]

bonjour et bienvenue

Télécharge MSNFix.zip (de !aur3n7 et Regis59) sur le Bureau :

http://sosvirus.changelog.fr/MSNFix.zip

 

un tutoriel pour l'utiliser

http://sosvirus.changelog.fr/

 

Conseil : il faut toujours télécharger avant utilisation pour profiter des dernières mises à jour.

 

Remarque 1: Il est possible que l'antivirus détecte un virus au téléchargement, il s'agit de Process.exe.

Process.exe est un programme légitime mais potentiellement dangereux, et il est normal qu'un antivirus/antispyware digne de ce nom le détecte.

Remarque 2: MSNFix peut parfois rencontrer des problèmes avec les sessions comportant des caractères spéciaux. Si un message d'erreur s'affiche il conviendra donc de déplacer le dossier complet à la racine du disque dur (généralement c:\)

 

Décompresse-le (clic droit : Extraire ici).

 

Ouvre MSNFix et double clique sur le fichier MSNFix.bat (MSNFix)

Choisis l'option R

valide avec Entrée

 

L'analyse démarre, pendant ce temps, ne lancer aucune application afin de ne pas perturber son fonctionnement.

Si l'infection est détectée, il te suffit d'appuyer sur une touche du clavier. Un redémarrage du PC peut être demandé.

Le rapport est enregistré par défaut dans le dossier MSNFix et se présente sous la forme date_heure.txt.

Recommande à tes contacts d'appliquer la même procédure MSNFix, pour freiner la propagation et indique si l'éradication est réussie. S'ils ont le moindre souci, ils viennent sur le forum et postent leur rapport pour lecture et conseils...

A l'échelle mondiale, chaque jour, des milliers de personnes sont infectées. Pour apporter des solutions rapides contre ce fléau, veuillez s'il vous plaît faire parvenir l'adresse contenue dans le message MSN que vous avez reçu.

Pour cela, cliquez ici:

http://secubox.gateweb.org/notify/

Saisissez le lien contenu dans les messages MSN puis cliquez sur [Notifier]. Merci.

 

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

 

- Va dans démarrer puis panneau de configuration

- Double Clique sur l'icône "Comptes d'utilisateurs"

- Clique ensuite sur désactiver et valide.

 

Télécharge maintenant Navilog1 depuis-ce lien :

 

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

 

Enregistrer la cible (du lien) sous... et enregistre-le sur ton Bureau.

Ensuite double clique sur Navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton Bureau et choisis "Exécuter en tant qu'administrateur".

 

Au menu principal, Fais le choix 1

Laisse toi guider et patiente.

Patiente jusqu'au message :

*** Analyse Termine le ..... ***

Appuie sur une touche le bloc note va s'ouvrir.

Copie-colle l'intégralité du rapport dans une réponse.

Referme le bloc note

Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.

 

 

edit: poste aussi le rapport malwarebyte

[cyrille_1971]

Bonjour Chrifleur et merci pour ton aide,

 

toujours rien après les analyses

voici les rapports

 

Search Navipromo version 3.6.5 commencé le 29/09/2008 à 18:20:11,84

 

!!! Attention,ce rapport peut indiquer des fichiers/programmes

 

légitimes!!!

!!! Postez ce rapport sur le forum pour le faire analyser !!!

!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste

 

!!!

 

Outil exécuté depuis C:\Program Files\navilog1

Session actuelle : "cyrille"

 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

 

Microsoft Windows Vista 6.0.6001

Internet Explorer : 7.0.6001.18000

Système de fichiers : NTFS

 

Recherche executé en mode normal

 

*** Recherche Programmes installés ***

 

 

*** Recherche dossiers dans "C:\Windows" ***

 

 

*** Recherche dossiers dans "C:\Program Files" ***

 

 

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1

 

\programs" ***

 

 

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1"

 

***

 

 

*** Recherche dossiers dans "C:\ProgramData" ***

 

 

*** Recherche dossiers dans

 

"c:\users\cyrille\appdata\roaming\micros~1\windows\startm~1\programs"

 

***

 

 

*** Recherche dossiers dans

 

"C:\Users\cyrille\AppData\Local\virtualstore\Program Files" ***

 

 

*** Recherche dossiers dans "C:\Users\cyrille\AppData\Roaming" ***

 

 

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer

 

***

pour + d'infos : http://www.gmer.net

 

 

 

*** Recherche avec GenericNaviSearch ***

!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!

!!! A vérifier impérativement avant toute suppression manuelle !!!

 

* Recherche dans "C:\Windows\system32" *

 

* Recherche dans "C:\Users\cyrille\AppData\Local\Microsoft" *

 

* Recherche dans

 

"C:\Users\cyrille\AppData\Local\virtualstore\windows\system32" *

 

* Recherche dans "C:\Users\cyrille\AppData\Local" *

 

 

 

*** Recherche fichiers ***

 

 

 

*** Recherche clés spécifiques dans le Registre ***

 

 

*** Module de Recherche complémentaire ***

(Recherche fichiers spécifiques)

 

1)Recherche nouveaux fichiers Instant Access :

 

 

2)Recherche Heuristique :

 

* Dans "C:\Windows\system32" :

 

 

* Dans "C:\Users\cyrille\AppData\Local\Microsoft" :

 

 

* Dans "C:\Users\cyrille\AppData\Local\virtualstore\windows\system32"

 

:

 

 

* Dans "C:\Users\cyrille\AppData\Local" :

 

 

3)Recherche Certificats :

 

Certificat Egroup absent !

Certificat Electronic-Group absent !

Certificat Montorgueil absent !

Certificat OOO-Favorit absent !

Certificat Sunny-Day-Design-Ltd absent !

 

4)Recherche fichiers connus :

 

 

 

*** Analyse terminée le 29/09/2008 à 18:32:55,78 ***

 

 

et voici le rapport Malwarebytes

 

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1217

Windows 6.0.6001 Service Pack 1

 

28/09/2008 19:44:23

mbam-log-2008-09-28 (19-44-23).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 197571

Temps écoulé: 1 hour(s), 58 minute(s), 47 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 28

Valeur(s) du Registre infectée(s): 5

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ktwnqkhfjm (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3pcj0egem (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\ProgramData\nyjkhezy\badejehc.exe (Trojan.FakeAlert.H) -> Delete on reboot.

[chrifleur]

j'aurais bien voulu voir le rapport de MSNFix stp

puis tu feras ceci

* Télécharge Random's System Information Tool (RSIT) de Random / Random et sauvegarde-le sur ton Bureau,

* Double-clique sur RSIT.exe pour lancer le programme,

* Clique sur continuer sur l'écran Disclaimer,

* Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)

ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

[cyrille_1971]

bonjour chrifleur,

je n'arrive pas à récupérer le rapport MSNfix, il me dit qu'il n'a rien trouvé et je ne peux pas récupérer le rapport, il se ferme avant.

 

ensuite, j'ai fait des recherche sur le nety car windows defender m'affichait un fichier au démarrage inconnu.

 

c:\programdata\comsh\pcpwhypy.

je l'ai analysé sur :

http://www.kaspersky.com/scanforvirus

ety voici la reponse :

Scanned file: pcpwhypy.exe - Infected

 

pcpwhypy.exe - infected by Trojan.Win32.Obfuscated.gx

 

dis moi ce que je dois faire, en attendant, je telecharge RSIT

 

Merci

Cyrille

[chrifleur]

poste RSIT

il va nous donner le nom du ou des fichiers infectés...

[cyrille_1971]

voila les rapport

dabbord info puis log

 

j'ai du mal à bien comprendre ces fichier

 

encore merci pour ton aide

 

Cyrille

 

info.txt logfile of random's system information tool 1.02 2008-09-30 11:29:04

 

======Uninstall list======

 

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}

AlerteGPS G300-->C:\Program Files\AlerteGPS\G300\Uninstal.exe

AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"

Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

Caesar IV-->C:\Program Files\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\setup.exe -runfromtemp -l0x040c -removeonly

ccc-Branding-->MsiExec.exe /I{4F027497-15AE-4DE5-B3BC-8E721C6127DE}

CD Jaquette 5.0-->"C:\JSAL Software\CD Jaquette\uninstall.exe"

CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

doPDF 6.0 printer-->"C:\Program Files\Softland\doPDF 6\unins000.exe"

DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"

Empire Earth Patch 1.0.4.0-->C:\Sierra\EMPIRE~1\UNWISE.EXE C:\Sierra\EMPIRE~1\INSTALL.LOG

Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe" -l0x40c

Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}

Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}

GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall

Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {69ca8988-1c6c-4285-b8af-db780a6e42af}

Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->MsiExec.exe /X{69CA8988-1C6C-4285-B8AF-DB780A6E42AF}

Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}

Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}

HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}\setup.exe -runfromtemp -l0x0409

HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly

HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}

HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly

HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe

HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{D64BC2CF-0F12-47d7-B412-B4F3FD684253}\setup\hpzscr01.exe -datfile hposcr21.dat

HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat

HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}

HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}

HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Total Care Advisor-->MsiExec.exe /X{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}

HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}

HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

KaraFun 1.18-->"C:\Program Files\KaraFun\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4040C-6000-11D3-8CFE-0150048383C9}

Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791}

Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove

Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}

Microsoft SQL Server VSS Writer-->MsiExec.exe /I{75FF1600-6330-43FA-9022-E0835BF20778}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}

Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144}

MSNFix 1.746-->"C:\Program Files\MSNFix\unins000.exe"

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}\setup.exe -runfromtemp -l0x040c -removeonly

MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}

Navilog1 3.6.5-->"C:\Program Files\Navilog1\unins000.exe"

Nero BackItUp 2 Essentials-->MsiExec.exe /X{7D041B4C-076F-4F16-A2F9-B0F8D7B81036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

Outils de diagnostic du matériel-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe

PDFTK Builder 3.2-->"C:\Program Files\PDFTK Builder\unins000.exe"

PSP Video 9 2.25-->C:\Program Files\Red Kawa\Video Converter\uninstaller.exe

Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}

Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}

Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}

Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}

Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}

Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Solution de clavier multimédia amélioré-->C:\HP\KBD\Install.exe /u

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

TCPMP-->C:\Windows\WindowsMobile\TCPMP\Uninstall.exe TCPMP

TubeMaster-->"C:\Program Files\TubeMaster\uninstall.exe"

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}

VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VirtualDub 1.6.9 Fr-->C:\Program Files\VirtualDub\UnInstall_VirtualDub.exe

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Live Writer-->MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}

XnView 1.93.6-->"C:\Program Files\XnView\unins000.exe"

ZikiTranslator 1.3.5a-->C:\Program Files\ZikiTranslator\uninst.exe

 

======Security center information======

 

AV: AVG Anti-Virus Free

AS: AVG Anti-Virus Free (disabled)

AS: Windows Defender

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=6b02

"NUMBER_OF_PROCESSORS"=2

"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

"PLATFORM"=HPD

"PCBRAND"=Pavilion

"OnlineServices"=Services en ligne

 

-----------------EOF-----------------

 

 

Logfile of random's system information tool 1.02 (written by random/random)

Run by cyrille at 2008-09-30 11:28:46

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1

System drive C: has 83 GB (28%) free of 298 GB

Total RAM: 2046 MB (43% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:29:00, on 30/09/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\WindowsMobile\wmdc.exe

C:\Windows\system32\schtasks.exe

C:\Windows\system32\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehmsas.exe

C:\ProgramData\ComSh\pcpwhypy.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\IEUser.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\cyrille\Desktop\RSIT.exe

C:\Program Files\trend micro\cyrille.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ComSh] C:\ProgramData\ComSh\pcpwhypy.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.canalblog.com/sharedDocs/misc/u...geUploader5.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/...geUploader4.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cyrille11071971.spaces.live.com/Pho...nPUpldfr-fr.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://labo.nomatica.com/downloads/ImageUploader3.cab

O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 10524 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\User_Feed_Synchronization-{719EC912-FD84-4CB4-97A2-5A0FFCA6E766}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]

HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-06-03 1404928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-27 455960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-04-07 501400]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-01-17 2436160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-01-17 2436160]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]

"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]

"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]

"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]

"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24 71176]

"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2007-04-07 54936]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

""=C:\Windows\system32\

"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdc.exe [2007-01-24 563080]

"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 81920]

"NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2007-09-17 1377576]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-09-10 1253040]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"PCDrProfiler"=C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-04-06 73728]

"Launcher"=C:\Windows\SMINST\launcher.exe [2007-04-03 44168]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2008-09-20 2177984]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

"ComSh"=C:\ProgramData\ComSh\pcpwhypy.exe [2008-09-27 94208]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="avgrsstx.dll"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13788dfe-cbef-11dc-a870-001bb9f65e74}]

shell\AutoRun\command - L:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152ebdcf-5fdf-11dd-a62b-001bb9f65e74}]

shell\AutoRun\command - F:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eae52f89-c842-11dc-adc8-001bb9f65e74}]

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

 

 

======List of files/folders created in the last 1 months======

 

2008-09-30 11:28:48 ----D---- C:\Program Files\trend micro

2008-09-30 11:28:46 ----D---- C:\rsit

2008-09-30 10:56:27 ----D---- C:\Program Files\Enigma Software Group

2008-09-30 08:57:47 ----D---- C:\_OTMoveIt

2008-09-29 18:20:11 ----A---- C:\fixnavi.txt

2008-09-29 18:17:06 ----D---- C:\Program Files\Navilog1

2008-09-29 18:12:07 ----D---- C:\Upload_Me

2008-09-29 18:10:05 ----D---- C:\Program Files\MSNFix

2008-09-28 19:47:29 ----D---- C:\Avenger

2008-09-28 19:47:29 ----A---- C:\avenger.txt

2008-09-28 10:28:52 ----D---- C:\Users\cyrille\AppData\Roaming\Malwarebytes

2008-09-28 10:28:49 ----D---- C:\ProgramData\Malwarebytes

2008-09-28 10:28:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-27 23:33:00 ----HD---- C:\$AVG8.VAULT$

2008-09-27 09:35:48 ----A---- C:\Windows\system32\avgrsstx.dll

2008-09-27 09:35:45 ----D---- C:\ProgramData\avg8

2008-09-27 09:35:45 ----D---- C:\Program Files\AVG

2008-09-27 00:27:22 ----D---- C:\ProgramData\nyjkhezy

2008-09-27 00:27:20 ----D---- C:\ProgramData\ComSh

2008-09-25 03:00:31 ----A---- C:\Windows\system32\msshooks.dll

2008-09-25 03:00:31 ----A---- C:\Windows\system32\msscb.dll

2008-09-25 03:00:28 ----A---- C:\Windows\system32\SearchFilterHost.exe

2008-09-25 03:00:28 ----A---- C:\Windows\system32\propdefs.dll

2008-09-25 03:00:28 ----A---- C:\Windows\system32\msstrc.dll

2008-09-25 03:00:28 ----A---- C:\Windows\system32\mssitlb.dll

2008-09-25 03:00:28 ----A---- C:\Windows\system32\msshsq.dll

2008-09-25 03:00:27 ----A---- C:\Windows\system32\thawbrkr.dll

2008-09-25 03:00:27 ----A---- C:\Windows\system32\srchadmin.dll

2008-09-25 03:00:27 ----A---- C:\Windows\system32\propsys.dll

2008-09-25 03:00:27 ----A---- C:\Windows\system32\mssprxy.dll

2008-09-25 03:00:27 ----A---- C:\Windows\system32\korwbrkr.dll

2008-09-25 03:00:26 ----A---- C:\Windows\system32\xmlfilter.dll

2008-09-25 03:00:26 ----A---- C:\Windows\system32\wsepno.dll

2008-09-25 03:00:26 ----A---- C:\Windows\system32\rtffilt.dll

2008-09-25 03:00:26 ----A---- C:\Windows\system32\offfilt.dll

2008-09-25 03:00:26 ----A---- C:\Windows\system32\nlhtml.dll

2008-09-25 03:00:26 ----A---- C:\Windows\system32\msscntrs.dll

2008-09-25 03:00:26 ----A---- C:\Windows\system32\mimefilt.dll

2008-09-25 03:00:26 ----A---- C:\Windows\system32\chsbrkr.dll

2008-09-25 03:00:25 ----A---- C:\Windows\system32\tquery.dll

2008-09-25 03:00:25 ----A---- C:\Windows\system32\SearchProtocolHost.exe

2008-09-25 03:00:25 ----A---- C:\Windows\system32\SearchIndexer.exe

2008-09-25 03:00:25 ----A---- C:\Windows\system32\mssvp.dll

2008-09-25 03:00:25 ----A---- C:\Windows\system32\mssrch.dll

2008-09-25 03:00:25 ----A---- C:\Windows\system32\mssphtb.dll

2008-09-25 03:00:25 ----A---- C:\Windows\system32\mssph.dll

2008-09-25 03:00:25 ----A---- C:\Windows\system32\chtbrkr.dll

2008-09-24 19:53:54 ----A---- C:\Windows\system32\NVUNINST.EXE

2008-09-11 08:47:01 ----D---- C:\ProgramData\WindowsSearch

2008-09-10 09:05:22 ----A---- C:\Windows\system32\Apphlpdm.dll

2008-09-10 09:05:21 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2008-09-10 09:05:05 ----A---- C:\Windows\system32\wmpeffects.dll

2008-09-10 09:05:01 ----A---- C:\Windows\system32\emdmgmt.dll

2008-09-10 09:05:01 ----A---- C:\Windows\system32\dataclen.dll

2008-09-10 09:05:01 ----A---- C:\Windows\system32\cdd.dll

 

======List of files/folders modified in the last 1 months======

 

2008-09-30 11:29:00 ----D---- C:\Windows\Temp

2008-09-30 11:29:00 ----D---- C:\Windows\Prefetch

2008-09-30 11:28:48 ----RD---- C:\Program Files

2008-09-30 11:09:37 ----D---- C:\Windows\System32

2008-09-30 10:57:06 ----D---- C:\Windows\system32\drivers

2008-09-30 10:56:34 ----D---- C:\Windows\system32\Tasks

2008-09-30 09:57:42 ----SHD---- C:\System Volume Information

2008-09-28 19:50:34 ----D---- C:\Users\cyrille\AppData\Roaming\Skype

2008-09-28 19:49:42 ----D---- C:\Users\cyrille\AppData\Roaming\skypePM

2008-09-28 19:48:05 ----D---- C:\Windows\SMINST

2008-09-28 10:28:49 ----HD---- C:\ProgramData

2008-09-27 09:35:02 ----SHD---- C:\Windows\Installer

2008-09-27 09:34:42 ----D---- C:\Windows

2008-09-27 00:28:26 ----D---- C:\Windows\system32\catroot2

2008-09-26 12:42:09 ----D---- C:\Windows\inf

2008-09-26 12:42:09 ----A---- C:\Windows\system32\PerfStringBackup.INI

2008-09-25 03:27:15 ----D---- C:\Windows\rescache

2008-09-25 03:07:38 ----D---- C:\Windows\system32\fr-FR

2008-09-25 03:07:38 ----D---- C:\Windows\PolicyDefinitions

2008-09-25 03:01:32 ----D---- C:\Windows\winsxs

2008-09-25 03:01:13 ----D---- C:\Windows\system32\catroot

2008-09-11 03:10:16 ----D---- C:\Windows\AppPatch

2008-09-11 03:03:01 ----D---- C:\ProgramData\Microsoft Help

2008-09-11 03:01:34 ----D---- C:\Program Files\Microsoft Works

2008-09-08 18:11:24 ----D---- C:\ProgramData\Roxio

2008-09-08 17:46:52 ----D---- C:\ProgramData\DVD Shrink

2008-09-05 09:22:50 ----D---- C:\Program Files\Messenger Plus! Live

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-09-27 97928]

R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-09-27 26824]

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]

R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2008-09-20 99648]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 3076608]

R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]

R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]

R3 QCDonner;Logitech QuickCam Express(PID_0840); C:\Windows\system32\DRIVERS\LVCD.sys [2004-04-27 474304]

R3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

S3 catchme;catchme; \??\C:\Users\cyrille\AppData\Local\Temp\catchme.sys []

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 Ser2pl;Prolific2 Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2005-11-04 48640]

S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-19 15872]

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-08-13 610304]

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]

R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-24 61440]

R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

R2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-17 138168]

S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]

S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

 

-----------------EOF-----------------

[cyrille_1971]

oups

je te l'ai pas mis ou il fallait

j'ai répondu à ton autre topic

 

dis moi si t'y vois quelque chose

[chrifleur]

Télécharge ComboFix.exe (par sUBs) sur ton Bureau

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Tutoriel officiel de ComboFix, afin de l’utiliser correctement

http://www.bleepingcomputer.com/combofix/f...iliser-combofix

Désactive ton antivirus, antispyware, et Spybot-S&D (résident) durant l'utilisation de ComboFix. Merci. Tu le réactiveras ensuite, en fin de désinfection.

Voir ici comment désactiver tes protections

http://forum.pcastuces.com/desactiver_les_...entes-f31s4.htm

Double clique sur ComboFix.exe (ComboFix)

Tape 1 puis tape sur Entrée

A noter: une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.

Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...

A la fin de l’analyse, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

Si le rapport n'apparaît pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)

Pour tous les lecteurs :

-- Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

-- Ne pas utiliser en dehors de ce cas de figure : dangereux!

[cyrille_1971]

combofix executé avec les précautions recquises

 

voici le log, faut-il que je redémmarre pour finaliser ???

 

ComboFix 08-09-28.03 - cyrille 2008-09-30 12:14:50.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1004 [GMT 2:00]

Lancé depuis: C:\Users\cyrille\Desktop\ComboFix.exe

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\system32\AutoRun.inf

C:\Windows\system32\jusched.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-28 au 2008-09-30 ))))))))))))))))))))))))))))))))))))

.

 

2008-09-30 11:28 . 2008-09-30 11:29 <REP> d-------- C:\rsit

2008-09-30 11:28 . 2008-09-30 11:29 <REP> d-------- C:\Program Files\trend micro

2008-09-30 10:56 . 2008-09-30 10:56 <REP> d-------- C:\Program Files\Enigma Software Group

2008-09-30 08:57 . 2008-09-30 08:57 <REP> d-------- C:\_OTMoveIt

2008-09-29 18:17 . 2008-09-30 08:48 <REP> d-------- C:\Program Files\Navilog1

2008-09-29 18:12 . 2008-09-29 18:12 <REP> d-------- C:\Upload_Me

2008-09-29 18:10 . 2008-09-29 18:10 <REP> d-------- C:\Program Files\MSNFix

2008-09-28 10:28 . 2008-09-28 10:28 <REP> d-------- C:\Users\cyrille\AppData\Roaming\Malwarebytes

2008-09-28 10:28 . 2008-09-28 10:28 <REP> d-------- C:\Users\All Users\Malwarebytes

2008-09-28 10:28 . 2008-09-28 10:28 <REP> d-------- C:\ProgramData\Malwarebytes

2008-09-28 10:28 . 2008-09-28 10:29 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-28 10:28 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-09-28 10:28 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-09-27 23:33 . 2008-09-30 10:35 <REP> d--h----- C:\$AVG8.VAULT$

2008-09-27 09:35 . 2008-09-30 08:45 <REP> d-------- C:\Windows\System32\drivers\Avg

2008-09-27 09:35 . 2008-09-27 09:35 <REP> d-------- C:\Users\All Users\avg8

2008-09-27 09:35 . 2008-09-27 09:35 <REP> d-------- C:\ProgramData\avg8

2008-09-27 09:35 . 2008-09-27 09:35 <REP> d-------- C:\Program Files\AVG

2008-09-27 09:35 . 2008-09-27 09:35 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys

2008-09-27 09:35 . 2008-09-27 09:35 10,520 --a------ C:\Windows\System32\avgrsstx.dll

2008-09-27 00:27 . 2008-09-28 19:47 <REP> d-------- C:\Users\All Users\nyjkhezy

2008-09-27 00:27 . 2008-09-27 00:27 <REP> d-------- C:\Users\All Users\ComSh

2008-09-27 00:27 . 2008-09-28 19:47 <REP> d-------- C:\ProgramData\nyjkhezy

2008-09-27 00:27 . 2008-09-27 00:27 <REP> d-------- C:\ProgramData\ComSh

2008-09-24 19:54 . 2007-10-15 18:02 8,535 --a------ C:\Windows\System32\nvide.nvu

2008-09-24 19:53 . 2007-08-21 18:26 356,352 --a------ C:\Windows\System32\NVUNINST.EXE

2008-09-20 12:44 . 2008-09-20 12:44 99,648 --a------ C:\Windows\System32\drivers\AnyDVD.sys

2008-09-11 08:47 . 2008-09-11 08:47 <REP> d-------- C:\Users\All Users\WindowsSearch

2008-09-11 08:47 . 2008-09-11 08:47 <REP> d-------- C:\ProgramData\WindowsSearch

2008-09-10 09:05 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-10 09:05 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-10 09:05 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-10 09:05 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-10 09:05 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-10 09:05 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-10 09:05 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-10 09:05 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-10 09:05 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-03 19:32 . 2008-09-03 19:32 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-08-25 12:56 . 2008-08-25 12:56 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf

2008-08-24 16:32 . 2008-08-24 16:32 <REP> d-------- C:\PerfLogs

2008-08-19 03:13 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-08-19 03:13 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-08-19 03:13 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-08-19 03:13 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-08-19 03:13 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-08-19 03:13 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-08-19 03:13 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-08-19 03:13 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-08-19 03:13 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-08-15 03:05 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll

2008-08-01 10:02 . 2008-08-01 10:02 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-08-01 10:02 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-28 17:50 --------- d-----w C:\Users\cyrille\AppData\Roaming\Skype

2008-09-28 17:49 --------- d-----w C:\Users\cyrille\AppData\Roaming\skypePM

2008-09-11 01:03 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-11 01:01 --------- d-----w C:\Program Files\Microsoft Works

2008-09-08 16:11 --------- d-----w C:\ProgramData\Roxio

2008-09-08 15:46 --------- d-----w C:\ProgramData\DVD Shrink

2008-09-05 07:22 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-08-24 14:46 174 --sha-w C:\Program Files\desktop.ini

2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Sidebar

2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Mail

2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Journal

2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Defender

2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Collaboration

2008-08-24 14:36 --------- d-----w C:\Program Files\Windows Calendar

2008-08-24 10:57 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-08-24 10:57 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-08-12 13:47 --------- d---a-w C:\ProgramData\TEMP

2008-08-12 07:31 --------- d-----w C:\Program Files\TubeMaster

2008-08-02 01:01 --------- d-----w C:\Program Files\Windows Live

2008-08-01 07:56 --------- d-----w C:\ProgramData\WLInstaller

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-30 20:40 56 ---ha-w C:\Users\All Users\ezsidmv.dat

2008-07-30 20:40 56 ---ha-w C:\ProgramData\ezsidmv.dat

2008-07-30 20:37 --------- d-----w C:\ProgramData\Skype

2008-07-30 20:37 --------- d-----w C:\Program Files\Skype

2008-07-30 20:37 --------- d-----w C:\Program Files\Common Files\Skype

2008-07-18 18:39 587,264 ----a-w C:\Windows\WLXPGSS.SCR

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 11:06 93,128 ----a-w C:\Windows\System32\ElbyCDIO.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-06-11 12:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe

2008-03-10 13:34 54 ----a-w C:\Users\cyrille\AppData\Roaming\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-20 2177984]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"ComSh"="C:\ProgramData\ComSh\pcpwhypy.exe" [2008-09-27 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536]

"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]

"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]

"NBKeyScan"="C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-09-17 1377576]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]

"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-04-06 73728]

"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-04-03 44168]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{66FB78F9-567E-4B7D-B148-A676BA68EC41}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{E4224C1F-2852-494C-9C7C-7D4FC407F962}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{D4F57DC9-6B8D-4257-882D-DAAD7B904C2B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{03193DF7-1C54-4662-B32D-B43DB54BF1D8}"= UDP:990:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001

"TCP Query User{3C985349-44A4-4436-AE3F-2DAAB9C6B377}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{5DB16C50-C0C4-4EFE-A620-C71263DBCC39}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"{F83BADB1-B24A-494D-95A6-3125742425C8}"= UDP:5721:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4002

"{76C410CA-86FE-40AF-8245-B2A517E33F60}"= UDP:1034:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4003

"{49ADF4AB-B4AA-4322-B16E-CAAB8ADF9F18}"= UDP:5678:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004

"{FD38FCDC-1AAF-4FE9-B58F-B8BFA39D2C6D}"= UDP:999:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005

"{5E98020F-2324-4FFB-B1EE-92333EE668ED}"= UDP:26675:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4006

"{24091200-7D69-44BD-9503-26C064617460}"= UDP:990:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001

"{9C43F343-44C8-4B0D-A1BA-6506BD3BDF3E}"= Disabled:UDP:E:\setup\HPZnui01.exe:hpznui01.exe

"{8DB3B810-D218-4E2E-9A57-A4A659EF35B1}"= Disabled:TCP:E:\setup\HPZnui01.exe:hpznui01.exe

"{AE765E85-EEF6-4850-97A0-FA284A6DACE8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{F788D02F-C005-45EC-9766-10F93B4FBC58}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe

"{51C68EF9-F7F0-4352-9D1D-F33D81E9E67B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{CBC50F24-982D-4387-8376-9D6F66C6FA86}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe

"{80DE8A9D-F88B-49EF-A379-A6490C65D150}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{E123C4CE-77E3-4C09-AB21-3C86B191D1DA}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe

"{BD357DA2-BE0D-4DFB-9BDD-FEA85C63962E}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{8E8B4C39-B80C-4BB1-B1FB-01213B9C999C}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe

"{E54BAD1C-6C50-4F8B-9315-2DDC9D7951E4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{7F00BEAF-ACD9-4D39-A21F-0BB62CA49AF6}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe

"{DE34ABD9-F0C1-440E-A30A-507C8EF53360}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

"{90D214D7-EEC2-4212-8934-2010FEC95A9E}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe

"{C8707B8F-0061-4038-A5C0-5C3758FD996B}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{526578B1-0A34-4539-B1B8-4879CF22DCE0}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe

"{6BCAFC74-E142-46CF-B0AC-23CF95668867}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{F6835B7C-27D0-490A-BF8E-B5E618AC24AB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe

"{70897FE0-E69E-4250-8775-E352673D4ADF}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{44DD43D3-4223-4BC0-BA10-C8D34E69943F}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe

"{AA966026-99B3-4B70-AB59-96794B005C3F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

"{C8E72141-5293-4BC4-84C6-E5C63183D694}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe

"{28A0916B-33E7-4E3A-AF8E-9150BC02FDDC}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"TCP Query User{9E69B023-C6D1-4408-B0B0-162AE451115D}C:\\sierra\\empire earth\\empire earth.exe"= UDP:C:\sierra\empire earth\empire earth.exe:Empire Earth

"UDP Query User{BB31195C-6C8E-44CF-8553-A21D18EE7788}C:\\sierra\\empire earth\\empire earth.exe"= TCP:C:\sierra\empire earth\empire earth.exe:Empire Earth

"{B4E82E20-0AE0-49E6-9F52-5082791031C5}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

"{D46B898E-FA8A-4E32-8DEA-6A34879C005D}"= UDP:5721:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4002

"{84F7C063-1A70-47D7-AEF5-CD13F8AC7548}"= UDP:1034:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4003

"{425D263D-71B1-4EE9-8F4D-4D4B66758942}"= UDP:5678:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004

"{280AEFBE-899B-494C-A655-06A555A173FF}"= UDP:999:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005

"{321DD03A-E24D-4625-A1C2-5A25A510CA65}"= UDP:26675:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}:@%systemroot%\WindowsMobile\wmdc.exe,-4006

"{F8152021-48F1-41DE-99DC-B1F1259E4305}"= UDP:990:LocalSubnet:LocalSubnet|IF={94B2C8FC-CDA8-4CB7-8B4C-6CE8EDAE286F}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001

"{DF1DED75-A0C7-4319-884D-52BC6F340AF3}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-27 97928]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]

R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 3076608]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13788dfe-cbef-11dc-a870-001bb9f65e74}]

\shell\AutoRun\command - L:\LaunchU3.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{152ebdcf-5fdf-11dd-a62b-001bb9f65e74}]

\shell\AutoRun\command - F:\InstallTomTomHOME.exe

 

*Newly Created Service* - CATCHME

*Newly Created Service* - MCHINJDRV

*Newly Created Service* - PROCEXP90

.

Contenu du dossier 'Tâches planifiées'

.

.

------- Examen supplémentaire -------

.

R0 -: HKCU-Main,Start Page =

O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

 

O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.canalblog.com/sharedDocs/misc/uploader/ImageUploader5.cab

C:\Windows\Downloaded Program Files\CONFLICT.2\ImageUploader5.inf

C:\Windows\System32\unicows.dll

C:\Windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx

C:\Windows\Downloaded Program Files\CONFLICT.2\ImageUploader5.ocx

 

O16 -: {E1342154-4889-42B5-BEF6-19237577048F} - hxxp://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/zuma/oberongamesloader.cab

C:\Windows\Downloaded Program Files\Oberongamesloader.inf

C:\Windows\Downloaded Program Files\Oberongamesloader.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-30 12:17:22

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

Heure de fin: 2008-09-30 12:18:53

ComboFix-quarantined-files.txt 2008-09-30 10:18:37

 

Avant-CF: 86ÿ204ÿ555ÿ264 octets libres

Après-CF: 87,639,363,584 octets libres

 

250 --- E O F --- 2008-09-26 03:44:52