impossible de telecharger combofix

[abdel__]

salut il y a plus de deux semaines qu'un message qui apparait chaque fois que j'allume mon pc !!! certe cé un spasme !!! le je veux telecharger combofix , mais une fois que je veux l'installer sur mon pc , le message suivant apparait IMPOSSIBLE DE RENOMMER COMBOFIX PAR COMBOFIX[1], sachant aussi qu'il m'est impossible de telecharger quoi que se soit , une fois que je termine le telechargement , l'instalation n'aboutie pas , tout diparait sans laisser aucune trace !!!!!

nb: je viens de desinstaller combofix de mon ordi

[Falkra]

Bonsoir,

 

n'utilise pas combofix, surtout pas tout seul.

 

Quel est le message qui apparaît au démarrage ?

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport.
  

[abdel__]

Logfile of random's system information tool 1.06 (written by random/random)

Run by hp at 2009-05-26 17:58:13

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 13 GB (66%) free of 20 GB

Total RAM: 247 MB (24% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:58:24, on 26/05/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Real\RealJukebox\tsystray.exe

C:\Program Files\Real\RealOne Player\realplay.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Eraser\eraser.exe

C:\Program Files\Menara\dslmon.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe Online.com

C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe update.com

C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

C:\WINDOWS\system32\WINMINE.EXE

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\DOCUME~1\hp\LOCALS~1\Temp\winegtbcl.exe

C:\DOCUME~1\hp\LOCALS~1\Temp\nfscna.exe

C:\DOCUME~1\hp\LOCALS~1\Temp\xjsqaf.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\hp\Bureau\RSIT.exe

C:\Program Files\trend micro\hp.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bladinet.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RealJukeboxSystray] "c:\Program Files\Real\RealJukebox\tsystray.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealOne Player\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Online.com

O4 - Startup: Adobe update.com

O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8f4ca0d0e1e64f9880ca97f50b1810a0

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8f4ca0d0e1e64f9880ca97f50b1810a0

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{71BA674A-663F-49DA-92FE-8E035C1A530A}: NameServer = 62.251.229.223 62.251.229.237

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

 

--

End of file - 9706 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\User_Feed_Synchronization-{4DF9536E-79E9-41D1-B7BA-D4BB961EFCBD}.job

C:\WINDOWS\tasks\WGASetup.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-09 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-17 259696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-17 470512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-09 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-09 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-04-23 229376]

"RealJukeboxSystray"=c:\Program Files\Real\RealJukebox\tsystray.exe [2009-05-17 166912]

"RealTray"=C:\Program Files\Real\RealOne Player\realplay.exe [2009-05-17 181760]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1768960]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3987808]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-12 39408]

"Eraser"=C:\Program Files\Eraser\eraser.exe [2003-07-25 679936]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

DSLMON.lnk - C:\Program Files\Menara\dslmon.exe

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

 

C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage

Adobe Online.com

Adobe update.com

Notification de cadeaux MSN.lnk - C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

WgaLogon.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

nwprovau

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=1

"DisableRegistryTools"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoSMBalloonTip"=0

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\aMSN\bin\wish.exe"="C:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:ipsec"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:ipsec"

"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"

"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec"

"C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe"="C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe:*:Enabled:ipsec"

"C:\Program Files\Windows Live\Toolbar\wltuser.exe"="C:\Program Files\Windows Live\Toolbar\wltuser.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\SearchProtocolHost.exe"="C:\WINDOWS\system32\SearchProtocolHost.exe:*:Enabled:ipsec"

"C:\Program Files\Windows Desktop Search\WindowsSearch.exe"="C:\Program Files\Windows Desktop Search\WindowsSearch.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\WISPTIS.EXE"="C:\WINDOWS\system32\WISPTIS.EXE:*:Enabled:ipsec"

"C:\Program Files\QuickTime\qttask.exe"="C:\Program Files\QuickTime\qttask.exe:*:Enabled:ipsec"

"C:\ComboFix\NirCmd.cfexe"="C:\ComboFix\NirCmd.cfexe:*:Enabled:ipsec"

"C:\ComboFix\hidec.exe"="C:\ComboFix\hidec.exe:*:Enabled:ipsec"

"C:\Program Files\Menara\dslmon.exe"="C:\Program Files\Menara\dslmon.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\CF2242.exe"="C:\WINDOWS\system32\CF2242.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\qyjlln.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\qyjlln.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\wineaau.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\wineaau.exe:*:Enabled:ipsec"

"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winwflcck.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winwflcck.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winbimy.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winbimy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\qklwp.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\qklwp.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winhhefy.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winhhefy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\udtns.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\udtns.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\cwfe.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\cwfe.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winpaob.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winpaob.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winuacq.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winuacq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\xhsxi.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\xhsxi.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winilfk.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winilfk.exe:*:Enabled:ipsec"

"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winesnow.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winesnow.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winusho.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winusho.exe:*:Enabled:ipsec"

"C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe"="C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe:*:Enabled:ipsec"

"C:\Program Files\Eraser\eraser.exe"="C:\Program Files\Eraser\eraser.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winrlxd.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winrlxd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\jeiynh.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\jeiynh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winesucgg.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winesucgg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\gchcu.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\gchcu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winepdnd.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winepdnd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winmvpq.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winmvpq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winrqkhjn.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winrqkhjn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winnpbwh.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winnpbwh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\xebsw.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\xebsw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winejqdff.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winejqdff.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winbbbx.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winbbbx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winktucb.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winktucb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\ojkc.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\ojkc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\oyknyy.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\oyknyy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\snssj.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\snssj.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winuqhjym.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winuqhjym.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winskpoop.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winskpoop.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\wingvoie.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\wingvoie.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winegtbcl.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winegtbcl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\nfscna.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\nfscna.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\winskdmg.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\winskdmg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\hp\LOCALS~1\Temp\rcgbkq.exe"="C:\DOCUME~1\hp\LOCALS~1\Temp\rcgbkq.exe:*:Enabled:ipsec"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87f7e4c1-ebd2-11dd-a7d2-4d6564696130}]

shell\auto\command - F:\Thumbs.com

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.com

 

 

======File associations======

 

.scr - open - %1

 

======List of files/folders created in the last 1 months======

 

2009-05-26 17:18:59 ----A---- C:\WINDOWS\system32\CF2304.exe

2009-05-26 17:12:43 ----A---- C:\WINDOWS\system32\CF1073.exe

2009-05-26 17:10:30 ----A---- C:\WINDOWS\system32\CF632.exe

2009-05-26 17:10:26 ----D---- C:\Qoobox

2009-05-26 17:10:23 ----A---- C:\Bug.txt

2009-05-26 17:03:05 ----SD---- C:\ComboFix

2009-05-24 21:45:00 ----SHD---- C:\RECYCLER

2009-05-24 21:00:20 ----A---- C:\ComboFix.txt

2009-05-24 20:46:06 ----D---- C:\WINDOWS\temp

2009-05-22 22:45:24 ----A---- C:\Boot.bak

2009-05-22 22:45:17 ----RASHD---- C:\cmdcons

2009-05-22 22:31:16 ----D---- C:\WINDOWS\ERDNT

2009-05-22 00:43:52 ----D---- C:\Program Files\CCleaner

2009-05-22 00:25:13 ----D---- C:\Documents and Settings\hp\Application Data\Auslogics

2009-05-22 00:25:04 ----D---- C:\Program Files\Auslogics

2009-05-22 00:15:31 ----A---- C:\rapport.txt

2009-05-21 23:20:15 ----HD---- C:\rsit

2009-05-21 19:36:26 ----A---- C:\fixnavi.txt

2009-05-21 19:28:05 ----D---- C:\Program Files\Navilog1

2009-05-21 18:42:50 ----A---- C:\lopR.txt

2009-05-21 18:42:18 ----HD---- C:\Lop SD

2009-05-21 18:31:04 ----A---- C:\TB.txt

2009-05-21 18:30:00 ----HD---- C:\ToolBar SD

2009-05-20 02:19:41 ----D---- C:\Program Files\a-squared Free

2009-05-20 01:39:36 ----D---- C:\Documents and Settings\hp\Application Data\Windows Search

2009-05-20 01:38:55 ----D---- C:\Documents and Settings\hp\Application Data\Windows Desktop Search

2009-05-20 01:01:51 ----D---- C:\Program Files\Windows Desktop Search

2009-05-20 01:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$

2009-05-20 00:59:20 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$

2009-05-19 23:30:04 ----D---- C:\Program Files\Trend Micro

2009-05-18 12:30:32 ----D---- C:\Program Files\AMT

2009-05-17 18:36:00 ----D---- C:\Program Files\Fichiers communs\xing shared

2009-05-17 18:32:32 ----D---- C:\Program Files\WS_FTP

2009-05-17 17:53:18 ----A---- C:\WINDOWS\adirasx64.exe

2009-05-17 17:53:11 ----A---- C:\WINDOWS\autoclk.exe

2009-05-17 17:53:10 ----A---- C:\WINDOWS\enddisk32.exe

2009-05-17 17:53:09 ----A---- C:\WINDOWS\system32\unaddrv.x64.exe

2009-05-17 17:52:28 ----D---- C:\Program Files\SAGEM

2009-05-17 17:52:25 ----D---- C:\Documents and Settings\hp\Application Data\InstallShield

2009-05-10 23:15:59 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2009-05-10 22:26:28 ----D---- C:\Program Files\Messenger Plus! Live

2009-05-08 20:28:25 ----D---- C:\WINDOWS\pss

2009-05-08 15:10:19 ----D---- C:\Program Files\Eraser

2009-05-07 23:41:06 ----D---- C:\Program Files\HP

2009-05-01 22:39:49 ----D---- C:\Program Files\ToniArts

2009-04-29 08:52:28 ----D---- C:\WINDOWS\system32\KB905474

2009-04-29 08:51:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2009-04-28 17:29:04 ----D---- C:\Documents and Settings\hp\Application Data\agi

2009-04-28 17:29:04 ----D---- C:\Documents and Settings\All Users\Application Data\agi

2009-04-28 17:27:29 ----A---- C:\WINDOWS\system32\pywintypes25.dll

2009-04-28 17:27:29 ----A---- C:\WINDOWS\system32\pythoncom25.dll

2009-04-28 17:27:29 ----A---- C:\WINDOWS\system32\python25.dll

 

======List of files/folders modified in the last 1 months======

 

2009-05-26 17:19:12 ----D---- C:\WINDOWS\system32

2009-05-26 17:04:00 ----D---- C:\WINDOWS\system32\Restore

2009-05-26 17:03:36 ----HD---- C:\WINDOWS

2009-05-26 17:03:17 ----D---- C:\WINDOWS\Prefetch

2009-05-26 16:58:33 ----D---- C:\WINDOWS\system32\drivers

2009-05-26 08:28:43 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-05-24 20:56:41 ----D---- C:\WINDOWS\system32\CatRoot2

2009-05-24 20:48:14 ----A---- C:\WINDOWS\system.ini

2009-05-24 20:45:27 ----D---- C:\WINDOWS\AppPatch

2009-05-24 20:45:24 ----D---- C:\Program Files\Fichiers communs

2009-05-24 16:57:23 ----D---- C:\WINDOWS\system32\config

2009-05-23 23:10:27 ----HD---- C:\Program Files

2009-05-23 16:01:59 ----D---- C:\WINDOWS\Minidump

2009-05-22 23:41:31 ----D---- C:\WINDOWS\repair

2009-05-22 22:45:24 ----RASH---- C:\boot.ini

2009-05-22 01:18:52 ----D---- C:\WINDOWS\Debug

2009-05-20 04:14:19 ----D---- C:\Program Files\iTunes

2009-05-20 04:14:06 ----D---- C:\WINDOWS\network diagnostic

2009-05-20 02:12:43 ----D---- C:\WINDOWS\security

2009-05-20 01:03:21 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-05-20 01:02:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-05-20 01:02:00 ----D---- C:\WINDOWS\system32\fr-fr

2009-05-20 01:01:49 ----HD---- C:\WINDOWS\system32\GroupPolicy

2009-05-20 01:01:49 ----HD---- C:\WINDOWS\inf

2009-05-20 01:01:49 ----D---- C:\WINDOWS\system32\wbem

2009-05-20 00:59:48 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-05-19 15:33:05 ----SD---- C:\Documents and Settings\hp\Application Data\Microsoft

2009-05-18 12:54:42 ----A---- C:\WINDOWS\win.ini

2009-05-17 20:15:24 ----D---- C:\Program Files\Menara

2009-05-17 18:36:11 ----D---- C:\Program Files\Fichiers communs\Real

2009-05-17 18:35:20 ----A---- C:\WINDOWS\system32\pndx5032.dll

2009-05-17 18:35:19 ----A---- C:\WINDOWS\system32\pndx5016.dll

2009-05-17 18:35:17 ----A---- C:\WINDOWS\system32\pncrt.dll

2009-05-17 18:29:04 ----A---- C:\WINDOWS\adidsl.ini

2009-05-17 18:25:17 ----D---- C:\WINDOWS\system32\CatRoot

2009-05-17 17:52:59 ----HD---- C:\Program Files\InstallShield Installation Information

2009-05-13 13:19:10 ----SHD---- C:\WINDOWS\Installer

2009-05-08 01:52:48 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-05-07 23:40:56 ----D---- C:\WINDOWS\Downloaded Installations

2009-05-07 07:16:29 ----A---- C:\WINDOWS\system32\MRT.exe

2009-04-29 18:28:34 ----A---- C:\YServer.txt

2009-04-29 08:52:30 ----SD---- C:\WINDOWS\Tasks

2009-04-29 07:28:10 ----HD---- C:\WINDOWS\$hf_mig$

2009-04-28 17:27:29 ----A---- C:\WINDOWS\system32\msvcr71.dll

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2009-05-17 8552]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]

R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]

R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-09-07 63232]

R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-09-07 55936]

R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\gmepnn.sys []

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2006-04-01 100224]

R3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2006-04-01 578304]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-03-02 63555]

S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-04-01 134272]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-07 12032]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-09 152984]

R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

S2 AGWinService;AG Windows Service; C:\Program Files\AGI\common\win32\PythonService.exe []

S2 winvnc;VNC Server; C:\Program Files\TightVNC\WinVNC.exe -service []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 264688]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 143360]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 162864]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 159744]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe []

 

-----------------EOF-----------------

 

 

info.txt logfile of random's system information tool 1.06 2009-05-21 23:21:01

 

======Uninstall list======

 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}

aMSN 0.97.2-->C:\Program Files\aMSN\uninstall.exe

a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{4002F73D-EBB3-4EA1-A2FF-DBCB4529759E}

Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{51F366F4-C2E4-429A-866A-59C885ED42FD}

Chess Mafia-->"C:\Program Files\FreeGamePick.com\Chess Mafia\unins000.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Contextual Tool Adservefast-->C:\WINDOWS\system32\cont_adservefast-remove.exe

Contextual Tool Adservefast-->C:\WINDOWS\system32\d26c853d-c43b-898f-67ca-87b05c393cd1.exe

Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE}

EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly

Eraser-->"C:\Program Files\Eraser\unins000.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"

HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

iTunes-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{13616DE2-9795-4910-8C93-80D45AF09658} /l1036

Java 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

Kit de Connexion MENARA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB25E068-C7A2-482F-A3BC-588A5869844D}\setup.exe" -l0x40c ControlPanel

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

Navigation par onglets (Windows Live Toolbar)-->MsiExec.exe /X{E74559C2-BB47-45AD-83DD-0D66B67E7811}

Navilog1 3.7.7-->"C:\Program Files\Navilog1\unins000.exe"

OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{F242B06B-517F-4D62-B654-16B11564A912}

OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD} /l1036

RealJukebox-->C:\Program Files\Real\RealJukebox\Update\rnuninst.exe RealNetworks|RealJukebox|1.0

RealPlayer Basic-->C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0

RichFX Player-->RunDll32 C:\PROGRA~1\COMMON~1\RichFX\npvpg004.dll,Uninstall_Player

RON Too1 Adservefast-->C:\WINDOWS\system32\gjretmnnpkmpwvufd.exe

SAGEM F@st 800/840-->C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe -runfromtemp -l0x040c -removeonly

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Skype 3.1-->"C:\Program Files\Skype\Phone\unins000.exe"

Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}

USB Disk Security 5.0.0.35-->"C:\Program Files\USB Disk Security\unins000.exe"

VisualRoute Lite Edition-->"C:\Program Files\VisualRoute Lite Edition\Uninstall.exe" "C:\Program Files\VisualRoute Lite Edition"

Who's Closing My Convo 1.0-->C:\Program Files\Pwndsoft\Who's Closing My Convo\uninst.exe

Winamp3 (remove only)-->C:\Program Files\Winamp3\uninst-wa3.EXE

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}

Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}

Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}

Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

ZNsoft Optimizer Xp-->"C:\Program Files\ZNsoft Corporation\ZNsoft Optimizer Xp\unins000.exe"

 

======System event log======

 

Computer Name: HP-7E00783F7641

Event Code: 6005

Message: Le service d'Enregistrement d'événement a démarré.

 

Record Number: 8906

Source Name: EventLog

Time Written: 20090503204632.000000+000

Event Type: Informations

User:

 

Computer Name: HP-7E00783F7641

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free.

 

Record Number: 8905

Source Name: EventLog

Time Written: 20090503204632.000000+000

Event Type: Informations

User:

 

Computer Name: HP-7E00783F7641

Event Code: 6006

Message: Le service d'Enregistrement d'événement a été arrêté.

 

Record Number: 8904

Source Name: EventLog

Time Written: 20090503191017.000000+000

Event Type: Informations

User:

 

Computer Name: HP-7E00783F7641

Event Code: 20159

Message: La connexion à Menara ADSL effectuée par l'utilisateur megzari49 utilisant le périphérique ISDN12-0 a été déconnectée.

 

Record Number: 8903

Source Name: RemoteAccess

Time Written: 20090503185945.000000+000

Event Type: Informations

User:

 

Computer Name: HP-7E00783F7641

Event Code: 7036

Message: Le service iPodService est entré dans l'état : arrêté.

 

Record Number: 8902

Source Name: Service Control Manager

Time Written: 20090503185933.000000+000

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: HP-7E00783F7641

Event Code: 1004

Message: L'utilisateur a accepté le CLUF.

 

Record Number: 824

Source Name: WgaSetup

Time Written: 20090508204737.000000+000

Event Type: Informations

User:

 

Computer Name: HP-7E00783F7641

Event Code: 1002

Message: Starting interactive setup.

 

Record Number: 823

Source Name: WgaSetup

Time Written: 20090508204737.000000+000

Event Type: Informations

User:

 

Computer Name: HP-7E00783F7641

Event Code: 1006

Message: Le CLUF a déjà été accepté.

 

Record Number: 822

Source Name: WgaSetup

Time Written: 20090508204737.000000+000

Event Type: Informations

User:

 

Computer Name: HP-7E00783F7641

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 821

Source Name: SecurityCenter

Time Written: 20090508204710.000000+000

Event Type: Informations

User:

 

Computer Name: HP-7E00783F7641

Event Code: 0

Message:

Record Number: 820

Source Name: SeaPort

Time Written: 20090508204705.000000+000

Event Type: Informations

User:

 

======Environment variables======

 

"CLASSPATH"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"NUMBER_OF_PROCESSORS"=1

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel

"PROCESSOR_LEVEL"=15

"PROCESSOR_REVISION"=0209

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"windir"=%SystemRoot%

 

-----------------EOF-----------------

[Falkra]

Ok.

 

Pas besoin de combofix pour le moment (oublie), et on voit la bestiole.

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen rapide"
  
• Clique sur "Rechercher"
  
• L'analyse démarre.
  
• A la fin de l'analyse (mais ce n'est pas fini), un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi. N'oublie pas la suite.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

NB : Si MBAM te demande à redémarrer, fais-le.

[abdel__]

Malwarebytes' Anti-Malware 1.37

Version de la base de données: 2182

Windows 5.1.2600 Service Pack 3

 

26/05/2009 20:25:55

mbam-log-2009-05-26 (20-25-55).txt

 

Type de recherche: Examen rapide

Eléments examinés: 79284

Temps écoulé: 7 minute(s), 1 second(s)

 

Processus mémoire infecté(s): 6

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 7

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 7

 

Processus mémoire infecté(s):

C:\Documents and Settings\hp\Local Settings\temp\nfscna.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\Documents and Settings\hp\Local Settings\temp\xjsqaf.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\Documents and Settings\hp\Local Settings\temp\bjntws.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\Documents and Settings\hp\Local Settings\temp\winpidlqo.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\Documents and Settings\hp\Local Settings\temp\vdmwbh.exe (Trojan.Downloader) -> Unloaded process successfully.

C:\Documents and Settings\hp\Local Settings\temp\pakkj.exe (Trojan.Downloader) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{a71c9f09-fd16-4efd-a939-a7157371b850} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation (Backdoor.Agent) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (%1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Documents and Settings\hp\Local Settings\temp\nfscna.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\hp\Local Settings\temp\xjsqaf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\hp\Local Settings\temp\bjntws.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\hp\Local Settings\temp\winpidlqo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\hp\Local Settings\temp\vdmwbh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\hp\Local Settings\temp\pakkj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\ossmtp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

[Falkra]

Ca doit faire du bien.

 

Redémarre, et poste un nouveau rapport HijackThis stp.

[abdel__]

je sais pas comment ? me faut un lien pour telecharger hijack

[Falkra]

Pardon, j'ai oublié ça, c'était RSIT que je t'avais passé avant. Voilà.

 

Clique sur ce lien pour télécharger HijackThis 2.0.2 :

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

Cette version est sans installateur ou Zip à décompresser, choisis de l'enregistrer sur le bureau.

 

Double-clique sur l'icône HijackThis :

 

HijackThis démarre, c'est le premier bouton qui nous intéresse "Do a system scan and save a logfile" (le fichier "log" est le rapport).

Clique dessus.

 

Copie-colle le contenu du rapport qui va s'afficher dans le Bloc-notes dans ta prochaine réponse.

[abdel__]

OTL logfile created on: 26/05/2009 21:30:42 - Run 2

OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\XH9O10LH

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

247,48 Mb Total Physical Memory | 60,33 Mb Available Physical Memory | 24,38% Memory free

606,54 Mb Paging File | 115,22 Mb Available in Paging File | 19,00% Paging File free

Paging file location(s): C:\pagefile.sys 372 744 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19,53 Gb Total Space | 12,81 Gb Free Space | 65,60% Space Free | Partition Type: NTFS

Drive D: | 18,75 Gb Total Space | 18,38 Gb Free Space | 98,04% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HP-7E00783F7641

Current User Name: hp

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Output = Standard

File Age = 30 Days

Company Name Whitelist: On

 

========== Processes (SafeList) ==========

 

PRC - [2008/11/09 18:26:59 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2008/04/14 02:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2009/04/23 21:00:55 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe

PRC - [2009/05/17 18:36:05 | 00,166,912 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealJukebox\tsystray.exe

PRC - [2009/05/17 18:35:21 | 00,181,760 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealOne Player\realplay.exe

PRC - [2009/02/06 18:51:28 | 03,987,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

PRC - [2003/07/25 11:15:48 | 00,679,936 | ---- | M] (-) -- C:\Program Files\Eraser\eraser.exe

PRC - [2006/06/13 11:34:54 | 00,909,312 | ---- | M] () -- C:\Program Files\Menara\dslmon.exe

PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe

PRC - [2009/02/14 16:43:44 | 00,114,688 | ---- | M] () -- C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe Online.com

PRC - [2009/02/14 16:43:44 | 00,114,688 | ---- | M] () -- C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe update.com

PRC - [2009/04/11 02:01:10 | 00,213,504 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

PRC - [2002/09/07 01:00:00 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WINMINE.EXE

PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe

PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe

PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe

PRC - [2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe

PRC - [2009/05/26 21:12:06 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\hp\Local Settings\temp\winncgwby.exe

PRC - [2009/05/26 21:12:16 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\hp\Local Settings\temp\kwyppv.exe

PRC - [2009/05/26 21:30:36 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\XH9O10LH\OTL[1].exe

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found -- -- (AGWinService [Auto | Stopped])

SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])

SRV - [2009/04/17 01:42:08 | 00,264,688 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])

SRV - [2008/04/14 02:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2005/04/04 00:41:10 | 00,143,360 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

SRV - File not found -- -- (iPodService [Disabled | Stopped])

SRV - [2008/11/09 18:26:59 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2003/07/28 20:28:22 | 00,162,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2005/08/02 21:18:49 | 00,159,744 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])

SRV - [2009/01/14 17:53:02 | 00,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])

SRV - File not found -- -- (winvnc [Auto | Stopped])

SRV - [2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services (SafeList) ==========

 

DRV - File not found -- -- (abp470n5 [On_Demand | Running])

DRV - [2006/04/01 12:30:46 | 00,100,224 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])

DRV - [2009/05/17 18:35:35 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])

DRV - [2006/04/01 12:33:16 | 00,134,272 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Stopped])

DRV - [2006/05/04 17:20:20 | 00,114,616 | R--- | M] (Analog Devices Inc.) -- C:\WINDOWS\system32\DRIVERS\e4usbaw.sys -- (e4usbaw [On_Demand | Running])

DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])

DRV - [2005/02/02 01:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

DRV - [2006/03/02 17:55:04 | 00,063,555 | R--- | M] (Analog Deivces) -- C:\WINDOWS\System32\Drivers\e4ldr.sys -- (IKANLOADER2 [Auto | Stopped])

DRV - [2008/04/13 18:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])

DRV - [2005/08/02 21:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])

DRV - [2008/04/13 18:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])

DRV - [2002/09/07 01:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])

DRV - [2002/09/07 01:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])

DRV - [2008/04/13 18:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwrdr.sys -- (NWRDR [On_Demand | Stopped])

DRV - [2002/09/07 01:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2008/04/13 16:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2006/04/01 12:30:48 | 00,578,304 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bladinet.net/

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 3E DE 1D 6C C0 C9 01 [binary data]

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1003\S-1-5-21-343818398-1960408961-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found

O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - Reg Error: Key error. File not found

O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - Reg Error: Key error. File not found

O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found

O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Reg Error: Key error. File not found

O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)

O4 - HKLM..\Run: [RealJukeboxSystray] "c:\Program Files\Real\RealJukebox\tsystray.exe" (RealNetworks, Inc.)

O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealOne Player\realplay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-343818398-1960408961-839522115-1003..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide (-)

O4 - HKU\S-1-5-21-343818398-1960408961-839522115-1003..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

O4 - HKU\S-1-5-21-343818398-1960408961-839522115-1003..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)

O4 - HKU\S-1-5-21-343818398-1960408961-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk = C:\Program Files\Menara\dslmon.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe Online.com ()

O4 - Startup: C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe update.com ()

O4 - Startup: C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0

O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8f4ca0d0e1e64f9880ca97f50b1810a0 (Microsoft Corporation)

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8f4ca0d0e1e64f9880ca97f50b1810a0 (Microsoft Corporation)

O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Protocole de transport compatible NWLink IPX/SPX/NetBIOS] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (Hewlett-Packard Online Support Services)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931 (Java Plug-in 1.6.0_10)

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)

O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner 4.0 Launcher)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)

O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab (Reg Error: Key error.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/10/12 01:39:36 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/05/25 09:47:03 | 00,000,096 | RH-- | M] () - C:\Autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/05/25 09:47:03 | 00,000,096 | RH-- | M] () - D:\Autorun.inf -- [ NTFS ]

O33 - MountPoints2\{7926b52a-980b-11dd-be1b-806d6172696f}\Shell\auto\command - "" = C:\Thumbs.com -- [2009/02/14 16:43:44 | 00,114,688 | RH-- | M] ()

O33 - MountPoints2\{7926b52b-980b-11dd-be1b-806d6172696f}\Shell\auto\command - "" = D:\Thumbs.com -- [2009/02/14 16:43:44 | 00,114,688 | RH-- | M] ()

O33 - MountPoints2\{87f7e4c1-ebd2-11dd-a7d2-4d6564696130}\Shell\auto\command - "" = F:\Thumbs.com -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - * [2009/05/26 17:03:27 | 00,000,000 | ---D | M]

 

========== Files/Folders - Created Within 30 Days ==========

 

[4 C:\WINDOWS\*.tmp files]

[2009/05/26 20:07:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\Malwarebytes

[2009/05/26 20:07:03 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2009/05/26 20:07:00 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/05/26 20:06:58 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/05/26 20:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/05/26 20:06:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/05/26 17:18:59 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2304.exe

[2009/05/26 17:12:43 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF1073.exe

[2009/05/26 17:10:30 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF632.exe

[2009/05/26 17:10:26 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/05/26 17:03:05 | 00,000,000 | --SD | C] -- C:\ComboFix

[2009/05/25 21:48:10 | 00,114,688 | R--- | C] () -- C:\Documents and Settings\hp\Bureau\SOIT TRANSMIS .scr

[2009/05/25 21:47:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hp\Bureau\الضرب و الجرح و العنف

** - C:\Documents and Settings\hp\Bureau\????? ? ????? ? ?????

[2009/05/25 09:47:03 | 00,000,096 | RH-- | C] () -- C:\Autorun.inf

[2009/05/24 21:45:00 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/05/24 21:00:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hp\Local Settings\temp

[2009/05/24 20:46:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/05/22 22:45:24 | 00,000,212 | ---- | C] () -- C:\Boot.bak

[2009/05/22 22:45:20 | 00,263,488 | ---- | C] () -- C:\cmldr

[2009/05/22 22:45:17 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/05/22 22:31:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/05/22 18:57:34 | 00,859,733 | ---- | C] () -- C:\Documents and Settings\hp\Bureau\RSIT.exe

[2009/05/22 01:46:42 | 00,250,304 | ---- | C] () -- C:\Documents and Settings\hp\Mes documents\cc_20090522_014630.reg

[2009/05/22 00:43:52 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\hp\Bureau\CCleaner.lnk

[2009/05/22 00:43:52 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/05/22 00:25:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\Auslogics

[2009/05/22 00:25:05 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\hp\Bureau\AusLogics Disk Defrag.lnk

[2009/05/22 00:25:04 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics

[2009/05/21 23:20:15 | 00,000,000 | -H-D | C] -- C:\rsit

[2009/05/21 19:28:06 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk

[2009/05/21 19:28:05 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1

[2009/05/21 18:42:18 | 00,000,000 | -H-D | C] -- C:\Lop SD

[2009/05/21 18:30:00 | 00,000,000 | -H-D | C] -- C:\ToolBar SD

[2009/05/20 04:17:12 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn

[2009/05/20 04:17:12 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for

[2009/05/20 02:19:41 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free

[2009/05/20 01:39:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\Windows Search

[2009/05/20 01:38:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\Windows Desktop Search

[2009/05/20 01:02:40 | 00,001,837 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk

[2009/05/20 01:01:51 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search

[2009/05/20 00:58:45 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll

[2009/05/20 00:58:45 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll

[2009/05/20 00:58:45 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll

[2009/05/19 23:30:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/05/18 16:13:43 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\hp\Mes documents\Nouveau Document Microsoft Word.doc

[2009/05/18 12:30:32 | 00,000,000 | ---D | C] -- C:\Program Files\AMT

[2009/05/17 18:36:00 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\xing shared

[2009/05/17 18:35:35 | 00,000,141 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Real.com Guide.url

[2009/05/17 18:32:32 | 00,000,000 | ---D | C] -- C:\Program Files\WS_FTP

[2009/05/17 17:53:18 | 00,253,008 | ---- | C] () -- C:\WINDOWS\adirasx64.exe

[2009/05/17 17:53:18 | 00,169,496 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\drivers\adiusbawx64.sys

[2009/05/17 17:53:18 | 00,146,968 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\drivers\e4usbawx64.sys

[2009/05/17 17:53:18 | 00,118,552 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\drivers\adiusbaw.sys

[2009/05/17 17:53:18 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\drivers\adiusbawx64.cat

[2009/05/17 17:53:18 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\drivers\adiusbaw.cat

[2009/05/17 17:53:18 | 00,013,981 | ---- | C] () -- C:\WINDOWS\System32\drivers\e4usbawx64.cat

[2009/05/17 17:53:18 | 00,013,981 | ---- | C] () -- C:\WINDOWS\System32\drivers\e4usbaw.cat

[2009/05/17 17:53:11 | 00,176,128 | ---- | C] () -- C:\WINDOWS\autoclk.exe

[2009/05/17 17:53:10 | 00,071,832 | ---- | C] (Analog Deivces) -- C:\WINDOWS\System32\drivers\e4ldrx64.sys

[2009/05/17 17:53:10 | 00,024,576 | ---- | C] () -- C:\WINDOWS\enddisk32.exe

[2009/05/17 17:53:10 | 00,011,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\e4ldrx64.cat

[2009/05/17 17:53:10 | 00,011,399 | ---- | C] () -- C:\WINDOWS\System32\drivers\e4ldr.cat

[2009/05/17 17:53:09 | 00,316,416 | ---- | C] (Analog Devices.) -- C:\WINDOWS\System32\unaddrv.x64.exe

[2009/05/17 17:53:09 | 00,058,264 | ---- | C] (Analog Deivces) -- C:\WINDOWS\System32\drivers\adildrx64.sys

[2009/05/17 17:53:09 | 00,056,088 | ---- | C] (Analog Deivces) -- C:\WINDOWS\System32\drivers\adildr.sys

[2009/05/17 17:53:09 | 00,012,403 | ---- | C] () -- C:\WINDOWS\System32\drivers\adildrx64.cat

[2009/05/17 17:53:09 | 00,012,403 | ---- | C] () -- C:\WINDOWS\System32\drivers\adildr.cat

[2009/05/17 17:52:28 | 00,000,000 | ---D | C] -- C:\Program Files\SAGEM

[2009/05/17 17:52:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\InstallShield

[2009/05/16 21:33:43 | 00,142,848 | ---- | C] () -- C:\Documents and Settings\hp\Mes documents\UN MICRI DANS 15 ANS.doc

[2009/05/10 23:15:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2009/05/10 22:28:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hp\Mes documents\Mes Historiques de Conversation

[2009/05/10 22:26:28 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live

[2009/05/08 20:28:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009/05/08 15:10:19 | 00,000,000 | ---D | C] -- C:\Program Files\Eraser

[2009/05/07 23:41:06 | 00,000,000 | ---D | C] -- C:\Program Files\HP

[2009/05/01 22:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\ToniArts

[2009/04/29 08:52:30 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job

[2009/04/29 08:52:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474

[2009/04/28 17:29:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hp\Application Data\agi

[2009/04/28 17:29:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\agi

[2009/04/28 17:27:29 | 02,117,632 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\python25.dll

[2009/04/28 17:27:29 | 00,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll

[2009/04/28 17:27:29 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll

[2009/04/28 17:26:24 | 01,332,197 | ---- | C] () -- C:\WINDOWS\System32\pythondll.zip

[2009/04/25 20:59:26 | 00,000,183 | ---- | C] () -- C:\WINDOWS\aimpr.ini

[2009/04/18 21:04:44 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/04/18 21:04:44 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/04/11 23:31:09 | 00,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\MS1000.sys

[2009/02/11 02:48:02 | 00,002,638 | ---- | C] () -- C:\WINDOWS\System32\assuntos.dll

[2009/02/11 02:47:38 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\total.dll

[2009/02/11 02:47:23 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\links.dll

[2009/02/11 02:47:19 | 00,020,543 | ---- | C] () -- C:\WINDOWS\System32\frases.dll

[2009/02/11 02:47:17 | 00,045,121 | ---- | C] () -- C:\WINDOWS\System32\logs.dll

[2009/02/11 02:47:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\config.dll

[2009/02/11 02:47:11 | 00,000,033 | ---- | C] () -- C:\WINDOWS\System32\errox32.dll

[2008/10/14 19:44:53 | 00,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini

[2008/10/14 19:44:46 | 00,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini

[2008/10/12 17:03:05 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll

[2008/10/12 17:03:03 | 00,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll

[2008/10/12 17:03:00 | 00,000,989 | ---- | C] () -- C:\WINDOWS\adiras.ini

[2008/10/12 17:02:59 | 00,000,169 | ---- | C] () -- C:\WINDOWS\adidsl.ini

[2008/10/12 17:02:59 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini

[2008/10/12 16:15:12 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/05/26 22:23:32 | 00,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008/05/26 22:23:30 | 00,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008/05/26 22:23:28 | 00,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008/01/14 16:47:06 | 00,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll

[2005/08/02 21:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2003/04/01 10:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/09/07 01:00:00 | 00,001,091 | ---- | C] () -- C:\WINDOWS\win.ini

[2002/09/07 01:00:00 | 00,000,282 | ---- | C] () -- C:\WINDOWS\system.ini

 

========== Files - Modified Within 30 Days ==========

 

[4 C:\WINDOWS\*.tmp files]

[2009/05/26 21:26:25 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/05/26 20:32:50 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2009/05/26 20:32:27 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\hp\Local Settings\desktop.ini

[2009/05/26 20:32:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/05/26 20:32:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/05/26 20:07:03 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2009/05/26 17:18:53 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2304.exe

[2009/05/26 17:12:36 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF1073.exe

[2009/05/26 17:10:21 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF632.exe

[2009/05/26 17:00:42 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4DF9536E-79E9-41D1-B7BA-D4BB961EFCBD}.job

[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/05/25 09:47:03 | 00,000,096 | RH-- | M] () -- C:\Autorun.inf

[2009/05/24 20:48:14 | 00,000,282 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/05/24 20:47:59 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/05/23 22:16:55 | 00,002,573 | ---- | M] () -- C:\Documents and Settings\hp\Bureau\Microsoft Office Word 2003.lnk

[2009/05/22 22:45:24 | 00,000,282 | RHS- | M] () -- C:\boot.ini

[2009/05/22 18:57:34 | 00,859,733 | ---- | M] () -- C:\Documents and Settings\hp\Bureau\RSIT.exe

[2009/05/22 01:47:04 | 00,250,304 | ---- | M] () -- C:\Documents and Settings\hp\Mes documents\cc_20090522_014630.reg

[2009/05/22 00:43:53 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\hp\Bureau\CCleaner.lnk

[2009/05/22 00:25:06 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\hp\Bureau\AusLogics Disk Defrag.lnk

[2009/05/21 19:28:06 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Navilog1.lnk

[2009/05/20 22:09:36 | 00,142,848 | ---- | M] () -- C:\Documents and Settings\hp\Mes documents\UN MICRI DANS 15 ANS.doc

[2009/05/20 04:17:12 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009/05/20 04:17:12 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for

[2009/05/20 01:02:40 | 00,001,837 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk

[2009/05/20 01:02:13 | 01,026,092 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/05/20 01:02:13 | 00,484,240 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2009/05/20 01:02:13 | 00,081,596 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2009/05/18 16:29:11 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\hp\Mes documents\Nouveau Document Microsoft Word.doc

[2009/05/18 12:54:42 | 00,001,091 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/05/17 20:15:36 | 00,001,422 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Menara ADSL.lnk

[2009/05/17 20:15:33 | 00,001,524 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk

[2009/05/17 20:15:31 | 00,002,292 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Messagerie avec Menara.lnk

[2009/05/17 20:15:29 | 00,001,533 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Internet avec Menara.lnk

[2009/05/17 20:15:27 | 00,001,592 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Configurateur de messagerie.lnk

[2009/05/17 18:36:15 | 00,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\RealJukebox.lnk

[2009/05/17 18:35:35 | 00,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\RealPlayer Basic.lnk

[2009/05/17 18:35:35 | 00,000,141 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Real.com Guide.url

[2009/05/17 18:35:17 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2009/05/17 18:29:04 | 00,000,169 | ---- | M] () -- C:\WINDOWS\adidsl.ini

[2009/05/10 16:19:50 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/05/08 20:45:57 | 00,000,212 | ---- | M] () -- C:\Boot.bak

[2009/05/07 07:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/05/03 01:37:42 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/05/02 02:52:57 | 00,395,650 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/05/02 02:52:57 | 00,059,890 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/04/28 17:27:29 | 02,117,632 | ---- | M] (Python Software Foundation) -- C:\WINDOWS\System32\python25.dll

[2009/04/28 17:27:29 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll

[2009/04/28 17:27:29 | 00,339,968 | ---- | M] () -- C:\WINDOWS\System32\pythoncom25.dll

[2009/04/28 17:27:29 | 00,114,688 | ---- | M] () -- C:\WINDOWS\System32\pywintypes25.dll

 

========== LOP Check ==========

 

[2009/05/26 20:06:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2008/10/12 16:01:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/04/28 17:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi

[2009/04/23 20:57:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2009/04/18 21:06:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU

[2009/01/17 22:29:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeHotBabesScreensaver

[2009/04/12 19:47:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2009/02/20 17:50:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2009/05/26 20:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/05/10 23:15:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2009/05/20 01:03:21 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2008/10/14 19:33:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime

[2008/10/12 16:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2009/02/22 22:52:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/01/27 01:04:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2008/10/16 16:04:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar

[2008/10/12 16:30:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2008/10/12 03:21:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data

[2008/10/12 01:39:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft

[2009/05/26 20:07:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\hp\Application Data

[2008/11/10 16:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Adobe

[2009/04/28 17:34:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\agi

[2009/04/23 21:01:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Apple Computer

[2009/05/22 00:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Auslogics

[2009/02/26 23:34:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Copernic

[2009/04/20 21:54:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\dvdcss

[2009/01/17 22:29:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\FreeHotBabesScreensaver

[2008/10/15 18:27:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Globe7

[2009/02/20 23:20:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Google

[2008/10/15 18:07:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Help

[2008/10/12 01:47:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Identities

[2009/05/17 17:52:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\InstallShield

[2009/04/11 20:38:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\InternetCalls

[2008/10/14 19:46:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\InterTrust

[2009/02/22 21:13:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\LimeWire

[2008/10/13 01:43:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Macromedia

[2009/05/26 20:07:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Malwarebytes

[2009/05/19 15:33:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\hp\Application Data\Microsoft

[2009/04/25 23:15:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Mozilla

[2009/03/08 22:39:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\MSNInstaller

[2009/04/11 20:18:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\NetAppel

[2008/10/14 19:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Real

[2009/02/24 01:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Skype

[2009/04/12 01:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Smart PC Solutions

[2008/11/09 18:18:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Sun

[2008/10/18 21:31:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\teamspeak2

[2009/04/11 20:52:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\VoipBuster

[2009/05/20 01:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Windows Desktop Search

[2009/05/20 01:39:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hp\Application Data\Windows Search

[2008/10/12 01:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data

[2009/04/28 17:32:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\agi

[2009/02/24 20:31:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2008/10/12 01:45:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data

[2009/02/24 20:31:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2002/09/07 01:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/05/26 20:32:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009/05/26 17:00:42 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{4DF9536E-79E9-41D1-B7BA-D4BB961EFCBD}.job

[2009/05/26 20:32:50 | 00,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

 

========== Purity Check ==========

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

< End of report >

[Falkra]

Lol.

 

Explique moi comment une commande d'un rapport HijackThis (avec lien) aboutit au post d'un rapport OTL ?

Tu t'e trompé comment ? Autre forum, MP, etc ? Là, il y a un os quelque part, mais la bonne nouvelle, c'est que ce n'est pas la bestiole qui a fait ça.